Providing geographic protection to a system

US 10,218,711 B2
Filed: 05/12/2016
Issued: 02/26/2019
Est. Priority Date: 06/22/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device with technology for implementing and authenticating geo-specific launch control policies, the computing device comprising:

a hardware processor;

a location sensor in communication with the hardware processor, the location sensor configured to provide geographic information identifying a current location of the computing device;

at least one secure storage in communication with the hardware processor;

multiple geo-specific public keys in the secure storage, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location;

a geographic launch control policy (LCP) manifest in the secure storage;

at least one geo-specific LCP record in the geographic LCP manifest, the geo-specific LCP record comprising;

a launch policy for a software agent of the computing device, wherein the launch policy provides for different results, depending on whether the current location of the computing device is an approved location for the software agent; and

a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent; and

a geo-policy code module that, when executed on the hardware processor, (i) automatically determines whether to launch a desired software agent, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of at least one geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launches a recovery agent in response to failure of one or more of the geo-policy conditions; and

wherein the geo-policy code module is configured to use at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.

Citations

20 Claims

1. A computing device with technology for implementing and authenticating geo-specific launch control policies, the computing device comprising:
- a hardware processor;
  
  a location sensor in communication with the hardware processor, the location sensor configured to provide geographic information identifying a current location of the computing device;
  
  at least one secure storage in communication with the hardware processor;
  
  multiple geo-specific public keys in the secure storage, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location;
  
  a geographic launch control policy (LCP) manifest in the secure storage;
  
  at least one geo-specific LCP record in the geographic LCP manifest, the geo-specific LCP record comprising;
  
  a launch policy for a software agent of the computing device, wherein the launch policy provides for different results, depending on whether the current location of the computing device is an approved location for the software agent; and
  
  a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent; and
  
  a geo-policy code module that, when executed on the hardware processor, (i) automatically determines whether to launch a desired software agent, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of at least one geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launches a recovery agent in response to failure of one or more of the geo-policy conditions; and
  
  wherein the geo-policy code module is configured to use at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1, wherein the operation of automatically determining whether to launch the desired software agent comprises:
    - automatically determining whether at least one geo-specific LCP record in the geographic LCP manifest corresponds to the current location of the computing device;
      
      automatically retrieving the geo-specific public key for the current location of the computing device from the secure storage; and
      
      automatically using the geo-specific public key for the current location of the computing device to determine whether said geo-specific LCP record was signed by the geo-specific private key that corresponds to the current location of the computing device.
  - 3. The computing device of claim 1, wherein the geo-policy code module automatically prevents the computing device from launching an unauthorized software agent in response to a determination that the geographic LCP manifest does not contain a trustworthy geo-specific LCP that identifies the unauthorized software agent as authorized to execute at the current location of the computing device.
  - 4. A computing device according to claim 1, wherein the geo-policy code module comprises an authenticated code module.
  - 5. A computing device according to claim 1, wherein:
    - the at least one secure storage comprises a first secure storage and a second secure storage;
      
      the computing device comprises (a) a manageability engine comprising the first secure storage and (b) a trusted platform module (TPM) comprising the second secure storage; and
      
      the geo-policy code module, when executed on the hardware processor, automatically retrieves the geographic information from the manageability engine, and automatically retrieves the geo-specific public key from the TPM.
  - 6. A computing device according to claim 5, wherein:
    - the geographic information comprises a digital signature; and
      
      the operation of automatically determining whether to launch the desired software agent further comprises;
      
      using the digital signature for the geographic information to authenticate the geographic information; and
      
      automatically determining not to launch the desired software agent in response to a determination that the geographic information is not trustworthy.
  - 7. A computing device according to claim 6, wherein the operation using the digital signature for the geographic information to authenticate the geographic information comprises:
    - using a public key from a manufacturer of the computing device to determine whether the digital signature for the geographic information was created using a corresponding private key from the manufacturer of the computing device.
  - 8. A computing device according to claim 1, further comprising:
    - a trusted platform module (TPM) containing at least one platform configuration register (PCR); and
      
      wherein the geo-policy code module, when executed on the hardware processor, automatically extends information about geo-policy authentication results into the PCR.

9. A method for implementing and authenticating geo-specific launch control policies, the method comprising:
- in a computing device comprising a geo-policy code module and secure storage containing (a) multiple geo-specific public keys, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location, (b) a geographic launch control policy (LCP) manifest, and (c) at least one geo-specific LCP record in the geographic LCP manifest, wherein the geo-specific LCP record comprises a launch policy for a software agent of the computing device, wherein the launch policy provides for different results depending on whether a current location of the computing device is an approved location for the software agent, and wherein the geo-specific LCP record further comprises a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent automatically using the geo-policy code module and the geographic LCP manifest to determine whether to launch a desired software agent on the computing device, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of a geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record; and
  
  automatically launching a recovery agent in response to failure of one or more of the geo-policy conditions; and
  
  wherein the operation of determining whether to launch the desired software agent comprises using at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the operation of determining whether to launch the desired software agent comprises:
    - automatically determining whether at least one geo-specific LCP record in the geographic LCP manifest corresponds to the current location of the computing device;
      
      automatically retrieving the geo-specific public key for the current location of the computing device from the secure storage; and
      
      automatically using the geo-specific public key for the current location of the computing device to determine whether said geo-specific LCP record was signed by the geo-specific private key that corresponds to the current location of the computing device.
  - 11. The method of claim 9, further comprising:
    - automatically preventing the computing device from launching an unauthorized software agent in response to a determination that the geographic LCP manifest does not contain a trustworthy geo-specific LCP that identifies the unauthorized software agent as authorized to execute at the current location of the computing device.
  - 12. The method of claim 9, wherein:
    - the at least one secure storage comprises a first secure storage and a second secure storage;
      
      the computing device comprises (a) a manageability engine comprising the first secure storage and (b) a trusted platform module (TPM) comprising the second secure storage; and
      
      the geo-policy code module, when executed on the hardware processor, automatically retrieves geographic information identifying the current location of the computing device from the manageability engine, and automatically retrieves the geo-specific public key from the TPM.
  - 13. The method of claim 12, wherein:
    - the geographic information comprises a digital signature; and
      
      the operation of automatically determining whether to launch the desired software agent further comprises;
      
      using the digital signature for the geographic information to authenticate the geographic information; and
      
      automatically determining not to launch the desired software agent in response to a determination that the geographic information is not trustworthy.
  - 14. The method of claim 13, wherein the operation using the digital signature for the geographic information to authenticate the geographic information comprises:
    - using a public key from a manufacturer of the computing device to determine whether the digital signature for the geographic information was created using a corresponding private key from the manufacturer of the computing device.

15. An apparatus for implementing and authenticating geo-specific launch control policies, the apparatus comprising:
- at least one non-transitory machine-readable storage medium; and
  
  instructions in the storage medium that, when executed by a computing device, implement a geo-policy code module which causes the computing device to (i) automatically use a geographic launch control policy (LCP) manifest from secure storage of the computing device to determine whether to launch a desired software agent on the computing device, based on geo-policy conditions comprising (a) a current location of the computing device, (b) existence in the geographic LCP manifest of a geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launch a recovery agent in response to failure of one or more of the geo-policy conditions; and
  
  wherein the operation of determining whether to launch the desired software agent comprises;
  
  retrieving, from the secure storage, a geo-specific public key that is associated with the current location of the computing device; and
  
  using said geo-specific public key to determine whether said geo-specific LCP record comprises a digital signature that was signed using a private key that is also associated with the current location of the computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. An apparatus according to claim 15, wherein the operation of determining whether to launch the desired software agent further comprises automatically determining whether at least one geo-specific LCP record in the geographic LCP manifest corresponds to the current location of the computing device.
  - 17. An apparatus according to claim 15, wherein:
    - the secure storage comprises a first secure storage and a second secure storage;
      
      the computing device comprises (a) a manageability engine comprising the first secure storage and (b) a trusted platform module (TPM) comprising the second secure storage; and
      
      the geo-policy code module, when executed, automatically retrieves geographic information identifying the current location of the computing device from the manageability engine, and automatically retrieves the geo-specific public key from the TPM.
  - 18. An apparatus according to claim 17, wherein:
    - the geographic information comprises a digital signature; and
      
      the operation of automatically determining whether to launch the desired software agent further comprises;
      
      using the digital signature for the geographic information to authenticate the geographic information; and
      
      automatically determining not to launch the desired software agent in response to a determination that the geographic information is not trustworthy.
  - 19. An apparatus according to claim 18, wherein the operation using the digital signature for the geographic information to authenticate the geographic information comprises:
    - using a public key from a manufacturer of the computing device to determine whether the digital signature for the geographic information was created using a corresponding private key from the manufacturer of the computing device.
  - 20. An apparatus according to claim 15, wherein the geo-policy code module, when executed by the computing device, automatically prevents the computing device from launching an unauthorized software agent in response to a determination that the geographic LCP manifest does not contain a trustworthy geo-specific LCP that identifies the unauthorized software agent as authorized to execute at the current location of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Ned M., Johnson, Simon P., Orrin, Steve, Wiseman, Willard M.
Primary Examiner(s)
Tsang, Henry

Application Number

US15/152,755
Publication Number

US 20160255097A1
Time in Patent Office

1,020 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/021   Services related to particu...

Providing geographic protection to a system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing geographic protection to a system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links