Manifest-based trusted agent management in a trusted operating system environment

US 20050278531A1
Filed: 08/18/2005
Published: 12/15/2005
Est. Priority Date: 11/16/2001
Status: Active Grant

First Claim

Patent Images

1. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:

receive, from a trusted agent executing on the computing device, a request to securely store a secret, wherein the request includes, the secret, and an identifier of a manifest that should be allowed to retrieve the secret; and

have the secret encrypted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

109 Citations

View as Search Results

13 Claims

1. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive, from a trusted agent executing on the computing device, a request to securely store a secret, wherein the request includes, the secret, and an identifier of a manifest that should be allowed to retrieve the secret; and
  
  have the secret encrypted.
- View Dependent Claims (2)
- - 2. One or more computer readable media as recited in claim 1, wherein the identifier comprises:
    - a public key of a public-private key pair of a party that generated the manifest for the trusted agent;
      
      an identifier of the party; and
      
      a set of one or more versions of the manifest that should be allowed to retrieve the secret.

3. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
  
  compare a first manifest identifier of the trusted application to a second manifest identifier corresponding to the previous trusted application; and
  
  determine whether to reveal the secret to the trusted application based at least in part on whether the first manifest identifier and the second manifest identifier are the same.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. One or more computer readable media as recited in claim 3, wherein the trusted application is an upgraded version of the previous trusted application.
  - 5. One or more computer readable media as recited in claim 3, wherein:
    - the first manifest includes a first public key of a first public-private key pair of a party that generated the first manifest, an identifier of the party that generated the first manifest, and a version indicator of the first manifest; and
      
      the second manifest includes a second public key of a second public-private key pair of a party that generated the second manifest, an identifier of the party that generated the second manifest, and a version indicator of the second manifest.
  - 6. One or more computer readable media as recited in claim 5, wherein the instructions that cause the one or more processors to determine whether to reveal the secret to the trusted application cause the one or more processors to:
    - check whether the first public key is the same as the second public key and whether the identity of the party that generated the first manifest is the same as the identity of the party that generated the second manifest;
      
      check whether the version indicator of the first manifest is the same as one or more version indicators supplied by the previous trusted application when securely storing the secret; and
      
      refuse to reveal the secret to the trusted application if the checking indicates any one or more of the following;
      
      the first public key is not the same as the second public key, the identity of the party that generated the first manifest is not the same as the identity of the party that generated the second manifest, the version indicator of the first manifest is not the same as one or more version indicators supplied by the previous trusted application when securely storing the secret.
  - 7. One or more computer readable media as recited in claim 3, wherein the instructions that cause the one or more processors to determine whether to reveal the secret to the trusted application further cause the one or more processors to reveal the secret to the trusted application based at least in part on whether an export certificate corresponding to the previous trusted application identifies the first manifest as being authorized to retrieve the secret.
  - 8. One or more computer readable media as recited in claim 7, wherein the export certificate includes:
    - an identification of the first manifest;
      
      an identification of the second manifest, wherein the second manifest was digitally signed using a private key of a public-private key pair of a party that generated the second manifest; and
      
      a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the private key.

9. One or more computer readable media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive encrypted data;
  
  decrypt the data;
  
  identify a plurality of conditions in the data;
  
  check whether a manifest associated with a trusted application process satisfies all of the plurality of conditions; and
  
  allow the trusted application process to retrieve a secret in the encrypted data only if the manifest satisfies all of the plurality of conditions.
- View Dependent Claims (10, 11, 12, 13)
- - 10. One or more computer readable media as recited in claim 9, wherein:
    - the plurality of conditions include a public key of a public-private key pair of a party that needs to have digitally signed the manifest; and
      
      the instructions that cause the one or more processors to check whether the manifest associated with the trusted application process satisfies all of the plurality of conditions cause the one or more processors to check whether the manifest includes the public key.
  - 11. One or more computer readable media as recited in claim 9, wherein:
    - the plurality of conditions include an identifier of a party that needs to have generated the manifest; and
      
      the instructions that cause the one or more processors to check whether the maniest associated with the trusted application process satisfies all of the plurality of conditions cause the one or more processors to check whether the manifest was generated by the party.
  - 12. One or more computer readable media as recited in claim 9, wherein:
    - the plurality of conditions include one or more versions that the manifest needs to be; and
      
      the instructions that cause the one or more processors to check whether the manifest associated with the trusted application process satisfies all of the plurality of conditions cause the one or more processors to check whether the manifest is one of the one or more versions.
  - 13. One or more computer readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to:
    - check whether the data satisfies one or more of the plurality of conditions; and
      
      allow the trusted application process to retrieve the secret only if the data satisfies the one or more conditions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.

Granted Patent

US 7,257,707 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links