Manifest-based trusted agent management in a trusted operating system environment
First Claim
1. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive, from a trusted agent executing on the computing device, a request to securely store a secret, wherein the request includes, the secret, and an identifier of a manifest that should be allowed to retrieve the secret; and
have the secret encrypted.
1 Assignment
0 Petitions
Accused Products
Abstract
Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
109 Citations
13 Claims
-
1. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
-
receive, from a trusted agent executing on the computing device, a request to securely store a secret, wherein the request includes, the secret, and an identifier of a manifest that should be allowed to retrieve the secret; and
have the secret encrypted. - View Dependent Claims (2)
-
-
3. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
-
receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
compare a first manifest identifier of the trusted application to a second manifest identifier corresponding to the previous trusted application; and
determine whether to reveal the secret to the trusted application based at least in part on whether the first manifest identifier and the second manifest identifier are the same. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
-
receive encrypted data;
decrypt the data;
identify a plurality of conditions in the data;
check whether a manifest associated with a trusted application process satisfies all of the plurality of conditions; and
allow the trusted application process to retrieve a secret in the encrypted data only if the manifest satisfies all of the plurality of conditions. - View Dependent Claims (10, 11, 12, 13)
-
Specification