System and method for policy based adaptive application capability management and device attestation

US 10,341,321 B2
Filed: 12/27/2016
Issued: 07/02/2019
Est. Priority Date: 10/17/2016
Status: Active Grant

First Claim

Patent Images

1. A method of providing policy based adaptive application capability management during application programming interface invocations by an application executing on a device, the method comprising:

sending, by a remote policy management service, the device policy to a local attestation agent on the device;

registering a security descriptor with the trusted services platform module, wherein the security descriptor includes at least authentication and authorization attributes;

negotiating protocol-based capabilities with a remote service to establish a session for secure communications;

sending an operation request through an application programming interface (“

API”

) to the trusted services platform module;

querying the interface access management module for action directives;

processing, by the interface handler, the received action directives to issue a function request to a security module to execute a trusted function in a trusted execution environment;

generating an operation response to the application, wherein the operation response indicates a denial or completion of the operation request; and

processing the operation response to determine whether to generate an alternative operation request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method provides policy based adaptive application capability management and device attestation for dynamic control of remote device operations. The method includes instrumenting applications installed on a remote device to examine their runtime application programming interface (API) invocations to trusted functions abstracted by a trusted services platform anchored to an underlying firmware, software or hardware root of trust, and managing the application security operations based on the execution context and dynamic privilege controls to restrict their capabilities. The invention also provides a local attestation agent to perform state measurements for platform trust, configuration and operational metrics, and generates device policy based platform and application level alerts. These alerts allow operations technology (OT) administrators to dynamically control the operational capabilities of applications, to deal with discovered vulnerabilities and exploits, before requiring distribution of application software upgrades or patches onto a large number of distributed remote devices.

32 Citations

View as Search Results

19 Claims

1. A method of providing policy based adaptive application capability management during application programming interface invocations by an application executing on a device, the method comprising:
- sending, by a remote policy management service, the device policy to a local attestation agent on the device;
  
  registering a security descriptor with the trusted services platform module, wherein the security descriptor includes at least authentication and authorization attributes;
  
  negotiating protocol-based capabilities with a remote service to establish a session for secure communications;
  
  sending an operation request through an application programming interface (“
  
  API”
  
  ) to the trusted services platform module;
  
  querying the interface access management module for action directives;
  
  processing, by the interface handler, the received action directives to issue a function request to a security module to execute a trusted function in a trusted execution environment;
  
  generating an operation response to the application, wherein the operation response indicates a denial or completion of the operation request; and
  
  processing the operation response to determine whether to generate an alternative operation request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the security module is chained to a firmware, software or hardware based root of trust and a set of trusted functions that execute in a trusted execution environment of the central processing unit or a co-processor on the device.
  - 3. The method of claim 1, wherein the authentication attributes of the security descriptor may include proof of possession of credentials to ascertain ownership of the security module, user or service account identification, and a process identifier to verify digital code signing of the application image.
  - 4. The method of claim 1, wherein the authorization attributes of the security descriptor may include one or more of a user account, a service account, member privileges, and a digital code signing certificate.
  - 5. The method of claim 1, wherein the device policy may include action directives to restrict, warn, or permit with a precedence order an operation based on attributes, and further wherein an attribute may include one or more of a cipher algorithm, a key size, a key type, a hash type, a certificate type, a location, a geo-location, a certificate authority, a code signature verification, a downgrade, trusted domains, a security module preference, a seal, and a device identification preference.
  - 6. The method of claim 1, wherein the trusted services platform may be integrated with a security module on the local device or be configured as a forwarding proxy to a trusted services platform service and security module hosted on a remote device.
  - 7. The method of claim 1, wherein the interface handler determines a security module amongst a plurality of security modules, to execute a trusted function required to process the function request and further wherein the security module may be local or remote.
  - 8. The method of claim 1, wherein the local attestation agent service queries the remote policy management service for the device policy at startup, continuously based on a configurable schedule, or on-demand, and further wherein the local attestation agent service subscribes for device policy update notifications and the said updates are published by the remote policy management service to the subscriber.

9. A method of providing policy-based local attestation and event reporting on a device the method comprising:
- sending the device policy to the local attestation agent on the device;
  
  performing state measurements to generate platform trust, configuration and operational metrics;
  
  generating synchronous platform alerts based on the state measurements and the device policy;
  
  sending asynchronous application alerts based on the operation requests by the application and the received action directives based on the device policy;
  
  receiving, by the local attestation agent service, indicators generated by local third party applications executing on the device of safety threats, behavior patterns, anomalies and machine learning, wherein the indicators are transmitted via a provider application programming interface of the local attestation agent;
  
  processing, by the policy engine of the local attestation agent, the received alerts and indicators to generate event log messages based on the device policy, wherein the event log message may be encrypted and signed using content encryption and signing keys respectively;
  
  signing the generated event log message; and
  
  sending the signed event log message to a remote device management service for device analytics.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein the security module is chained to a firmware, software or hardware based root of trust and a set of trusted functions that execute in a trusted execution environment of the central processing unit or a co-processor on the device.
  - 11. The method of claim 9, wherein the local third party application monitors the device for safety threats, pattern recognition, anomaly detection and machine learning, and generates indicators for remote device analytics.
  - 12. The method of claim 9, wherein the platform trust metrics include measurements for trusted boot verification by a security module.
  - 13. The method of claim 9, wherein the event log message is digitally signed for integrity verification by the trusted services platform module via a trusted function of a security module.
  - 14. The method of claim 9, wherein the trust metrics for state measurements may include cipher algorithms, key types, key sizes, hash types, certificate status, platform configuration registers, and trusted device identifier, and further wherein the certificate status includes one of the revocation, expiry and falsification of a certificate.
  - 15. The method of claim 9, wherein the configuration metrics for state measurements includes one of firmware configuration, boot configuration, package signatures, non-secure interfaces, certificate types, certificate chain validation, and geo-location.
  - 16. The method of claim 9, wherein the configuration metrics for state measurements includes one of processor utilization, memory utilization, upgrade attempts, administrative access attempts, non-secure communications, system restarts and rollback operations of firmware and application packages.
  - 17. The method of claim 9, wherein the trusted services platform sends a certificate signing request for the signing key with the attested device identity as one of the request attributes to a remote enrollment service, and receives a certificate issued by a certificate authority, without requiring human interaction.
  - 18. The method of claim 9, wherein a network firewall, security gateway or web proxy service deployed in the network flow path between the device and the remote device management service, verifies the event log message signature and upon successful signature verification forwards the signed event log message to the remote device management service.
  - 19. The method of claim 18, wherein a network firewall, security gateway or web proxy service deployed in the network flow path between the device and the remote device management service, inspects the application protocol traffic for security threats and signs the signed event log messages that are forwarded to the remote device management service thereby preserving the end-to-end trust chain to the root of trust on the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
Mocana Corporation (DigiCert Incorporated)
Inventors
Kumar, Srinivas, Tanguay, Celena, Burnett, Steven Darrel
Primary Examiner(s)
Song, Hosuk

Application Number

US15/390,874
Publication Number

US 20180109538A1
Time in Patent Office

917 Days
Field of Search

726 1- 6, 726 27- 30, 713168, 713173
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

System and method for policy based adaptive application capability management and device attestation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for policy based adaptive application capability management and device attestation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links