Trusted updates

US 10,409,989 B2
Filed: 12/11/2015
Issued: 09/10/2019
Est. Priority Date: 12/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus operable for use as an enterprise client device, comprising:

a database storage medium; and

one or more logic elements configured as a system management client engine operable for;

designating a first executable object as a trusted installer;

assigning an identification token to the trusted installer;

assigning the identification token to a second executable object, wherein the second executable object is a child of the first executable object; and

granting the second executable object trusted installer status configured to persist across an event that breaks a trust chain between the first executable object and the second executable object.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a system and method are described for providing trusted updaters and trusted processes. An updater may be subject to a whitelist of files that it, and any child processes, are allowed to modify. But trust inheritance may break across reboots and over interprocess communication. Thus, it is desirable to provide a system and method to maintain trust across such events. In the case of a trusted installer, inheritance may be maintained by cross referencing a digital certificate to a workflow grid. In the case of updater processes, trust may be maintained by using a combination of digital certificates that are part of a trust chain and a unique identifier for each trust chain workflow.

Citations

25 Claims

1. A computing apparatus operable for use as an enterprise client device, comprising:
- a database storage medium; and
  
  one or more logic elements configured as a system management client engine operable for;
  
  designating a first executable object as a trusted installer;
  
  assigning an identification token to the trusted installer;
  
  assigning the identification token to a second executable object, wherein the second executable object is a child of the first executable object; and
  
  granting the second executable object trusted installer status configured to persist across an event that breaks a trust chain between the first executable object and the second executable object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the event that breaks the trust chain is a reboot.
  - 3. The apparatus of claim 1, wherein the event that breaks the trust chain is interprocess communication.
  - 4. The apparatus of claim 1, wherein the identification token is a globally unique identifier (GUID).
  - 5. The apparatus of claim 1, wherein granting trusted installer status comprises permitting the trusted installer to modify any file appearing on an associated whitelist.
  - 6. The apparatus of claim 1, wherein granting trusted installer status comprises permitting the trusted installer to launch other executable objects.
  - 7. The apparatus of claim 1, wherein the system management client engine is further operable for:
    - determining that a trusted updater has added a new file; and
      
      adding the new file to a trusted file set associated with the trusted updater.
  - 8. The apparatus of claim 1, wherein the system management client engine is further operable for:
    - observing that a process is attempting to modify a system file;
      
      determining that the process has an identification token that matches an identification token for a trusted updater process;
      
      determining that the system file appears in a trusted file set associated with the trusted updater process; and
      
      permitting the process to modify the system file.
  - 9. The apparatus of claim 8, wherein permitting the process to modify the system file further comprises permitting the process to modify the system file only if the process has a digital certificate in common with the first executable object.
  - 10. The apparatus of claim 1, wherein the system management client engine is further operable for designating a hosted service as a trusted service.
  - 11. The apparatus of claim 10, wherein designating the hosted service as a trusted service comprises identifying the hosted service by name.
  - 12. The apparatus of claim 10, wherein designating the hosted service as a trusted service comprises monitoring a service controller database for tampering.

13. One or more non-transitory computer-readable mediums having stored thereon executable instructions for providing a system management client engine operable for:
- designating a first executable object as a trusted installer;
  
  assigning an identification token to the trusted installer;
  
  assigning the identification token to a second executable object, wherein the second executable object is a child of the first executable object; and
  
  granting the second executable object trusted installer status configured to persist across an event that breaks a trust chain between the first executable object and the second executable object.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The one or more non-transitory computer-readable mediums of claim 13, wherein the event that breaks the trust chain is a reboot.
  - 15. The one or more non-transitory computer-readable mediums of claim 13, wherein the event that breaks the trust chain is interprocess communication.
  - 16. The one or more non-transitory computer-readable mediums of claim 13, wherein the identification token is a globally unique identifier (GUID).
  - 17. The one or more non-transitory computer-readable mediums of any of claim 13, wherein granting trusted installer status comprises permitting the trusted installer to modify any file appearing on a whitelist.
  - 18. The one or more non-transitory computer-readable mediums of any of claim 13, wherein the system management client engine is further operable for:
    - determining that a trusted updater has added a new file; and
      
      adding the new file to a trusted file set associated with the trusted updater.
  - 19. The one or more non-transitory computer-readable mediums of any of claim 13, wherein the system management client engine is further operable for:
    - observing that a process is attempting to modify a system file;
      
      determining that the process has an identification token that matches an identification token for a trusted updater process;
      
      determining that the system file appears in a trusted file set associated with the trusted updater process; and
      
      permitting the process to modify the system file.
  - 20. The one or more non-transitory computer-readable mediums of claim 19, wherein permitting the process to modify the system file further comprises permitting the process to modify the system file only if the process has a digital certificate in common with the first executable object.
  - 21. The one or more non-transitory computer-readable mediums of any of claim 13, wherein designating the hosted service as a trusted service comprises monitoring a service controller database for tampering.

22. A method of providing a system management client engine, comprising:
- designating a first executable object as a trusted installer;
  
  assigning an identification token to the trusted installer;
  
  assigning the identification token to a second executable object, wherein the second executable object is a child of the first executable object; and
  
  granting the second executable object trusted installer status configured to persist across an event that breaks a trust chain between the first executable object and the second executable object.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, wherein the event that breaks the trust chain is a reboot.
  - 24. The method of claim 22, wherein the event that breaks the trust chain is interprocess communication.
  - 25. The method of claim 22, wherein the identification token is a globally unique identifier (GUID).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Mohinder, Preet, Pandey, Ratnesh, Khurana, Jaskaran Singh, Johri, Amritanshu
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/535,552
Publication Number

US 20170351862A1
Time in Patent Office

1,369 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/65   Updates security arrangemen...

Trusted updates

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted updates

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links