Security state watcher

US 20060075264A1
Filed: 09/30/2004
Published: 04/06/2006
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A security device for use with a computer system, said computer system comprising a secure functionality, said device comprising:

a querier requesting a status from said secure functionality of said computer system, operably connected to said computer system; and

a user alerter operably connected to said querier, said user alerter signaling if an unsatisfactory state of said secure functionality is determined, said user alerter further signaling if said querier fails to retrieve said status.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret. Where there is more than one element of secure functionality in the computer system, the security device may separately watch and report on more than one element of secure functionality. The security device may also display status information regarding the computer system. Some or all of the security device may be distributed via a trusted distribution infrastructure.

23 Citations

View as Search Results

57 Claims

1. A security device for use with a computer system, said computer system comprising a secure functionality, said device comprising:
- a querier requesting a status from said secure functionality of said computer system, operably connected to said computer system; and
  
  a user alerter operably connected to said querier, said user alerter signaling if an unsatisfactory state of said secure functionality is determined, said user alerter further signaling if said querier fails to retrieve said status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 14, 15, 16, 17, 18, 19, 21, 22, 24, 25, 28, 29, 31, 32, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57)
- - 2. The security device of claim 1, further comprising:
    - a first power supply powering said user alerter.
  - 3. The security device of claim 2, where said user alerter signals if said first power supply is low on power.
  - 4. The security device of claim 2, further comprising:
    - a backup power supply powering said user alerter.
  - 5. The security device of claim 4, where said user alerter signals if said first power supply is disconnected.
  - 6. The security device of claim 1, further comprising an independent clock.
  - 7. The security device of claim 1, where said security device is embedded in the same physical case as an element of said computer system.
  - 8. The security device of claim 7, where said element comprises at least one selected from among the following:
    - a keyboard;
      
      a monitor;
      
      a casing;
      
      a mouse, or a hub.
  - 9. The security device of claim 1, where said querier comprises:
    - a challenger for presenting a challenge to said secure functionality;
      
      a receiver for receiving a response, if any, from said secure functionality; and
      
      an evaluator for evaluating said response to determine whether said response, if any, is unsatisfactory.
  - 10. The security device of claim 1 in which the evaluator queries a judgment service to determine whether the secure functionality is satisfactory.
  - 13. The security device of claim 10 in which the evaluator queries information from the secure component of interest, and passes this to a judgment service for evaluation.
  - 14. The security device of claim 10 in which the evaluator instructs the secure component of interest to obtain a crypto provable from the service, and return said crypto provable judgment to the evaluator.
  - 15. The security device of claim 10 in which the evaluator queries information from the secure component of interest, and passes the information to a judgment service for evaluation.
  - 16. The security device of claim 10 in which the evaluator instructs the secure component of interest to obtain a crypto provable judgment from the judgment service, and return said crypto provable judgment to the evaluator.
  - 17. The security device of claim 1, where said operable connection to said computer system comprises a connection of at least one type selected from among the following:
    - a USB connection;
      
      a serial port connection, a 1394 connection, a SCSI connection, or an Ethernet connection.
  - 18. The security device of claim 1, where said signaling by said user alerter comprises one or more of the following:
    - a visual signal;
      
      a flashing visual display;
      
      an auditory signal;
      
      one or more tones;
      
      a tactile signal; and
      
      a vibration.
  - 19. The security device of claim 1, where the alert comprises disabling at least some human input devices attached to the computer by disabling a hub to which they are attached.
  - 21. The security device of claim 1, where the alert includes sending a message to a central monitoring service.
  - 22. The security device of claim 1, where said user alerter further comprises:
    - a status indicator for indicating the status of said secure functionality.
  - 24. The device of claim 21, wherein the device uses a display to indicate to the user which of several security components are failing initial evaluation, failing to respond to ongoing evaluation, have lost focus, and/or have shut down.
  - 25. The security device of claim 21, where said status indicator indicates that a change has occurred in which of said first execution environment or said second execution environment is active.
  - 28. The security device of claim 1, where said security device further comprises:
    - an options interface for receiving user commands for changing the operation of said security device.
  - 29. The security device of claim 1, where, if an unsatisfactory state of said secure functionality is not determined, said options interface receives said user commands via said computer system.
  - 31. The method of claim 28, wherein signaling the user if an unsatisfactory response or no response is received is performed using a second signal.
  - 32. The method of claim 28, where said querying said computer system comprises:
    - challenging said secure functionality with a cryptographic challenge.
  - 34. The method of claim 28, where said steps of querying said computer system for a status, signaling said user if no response is received, and signaling said user if an unsatisfactory response is received occur with at least a predetermined periodicity.
  - 35. The method of claim 28, where said periodicity is once per second.
  - 36. The method of claim 28, further comprising:
    - signaling said user if a power source is low on power.
  - 37. The method of claim 28, where said first signal and said second signal each comprise at least one or more of the following:
    - a visual signal;
      
      a flashing visual display;
      
      an auditory signal;
      
      one or more tones;
      
      a tactile signal;
      
      a vibration;
      
      disabling of human input; and
      
      sending a message to a monitoring service.
  - 38. The method of claim 28, further comprising:
    - indicating said status of said first secure functionality.
  - 39. The method of claim 36, where said computer system comprises a first execution environment and a second execution environment, where either said first execution environment or said second execution environment is active at any one point, and where said first secure functionality is provided by said second execution environment, where said indicating of said secure functionality comprises:
    - indicating whether said first execution environment or said second execution environment is active.
  - 40. The method of claim 37, where said indicating said status of said first secure functionality comprises:
    - indicating that a change has occurred in which of said first execution environment or said second execution environment is active.
  - 41. The method of claim 36, where indication said status of said first secure functionality comprises:
    - indicating that said first secure functionality is being shut down.
  - 42. The method of claim 36, where said first secure functionality can display a secret, and where said status of said secure functionality comprises:
    - displaying said secret.
  - 43. The method of claim 28, where said computer system further comprises a second secure functionality, said method further comprising:
    - querying said computer system for a status for said second secure functionality;
      
      signaling said user with a third signal if no response is received to said query for a status for said second secure functionality; and
      
      signaling said user with a fourth signal if an unsatisfactory response is received from said computer system to said query for a status for said second secure functionality.
  - 44. The method of claim 41, where said second secure functionality secures visual output on a visual display.
  - 46. The computer-readable medium of claim 43, where said acts occur with at least a predetermined periodicity.
  - 47. The computer-readable medium of claim 44, wherein said predetermined periodicity is measured with a clock that is independent of said computer system.
  - 48. The computer-readable medium of claim 43, wherein said act of signaling comprises disabling one or more human input devices.
  - 49. The computer-readable medium of claim 43, wherein the response is determined to be satisfactory or unsatisfactory based on a communication with a judgment service.
  - 50. The computer-readable medium of claim 43, where said computer system further comprises a second secure functionality, said acts further comprising:
    - querying said computer system for a status for said second secure functionality;
      
      determining whether a response is received to said query for a status for said second secure functionality;
      
      signaling said user if no response, or an unsatisfactory response, is received to said query for a status for said second secure functionality.
  - 52. The method of claim 49, where said distribution of at least a first part of a security device comprises physical distribution of a physical element of said security device.
  - 53. The method of claim 50, wherein said physical element comprises an independent clock.
  - 54. The method of claim 50, where said physical element comprises an anti-tampering device.
  - 55. The method of claim 50, where said anti-tampering device comprises a visual indication of trustworthiness.
  - 56. The method of claim 49, where said distribution of at least a first part of a security device comprises distribution of software code for said security device.
  - 57. The method of claim 54, where trustworthiness of said software code is verifiable through cryptography.

11. The device of 10 which caches answers from the query to the judgment service.

12. The device of 10 which allows the user to specify a judgment service to consult, and a level of paranoia to be used in interpreting an answer provided by the judgment service.

20. The security device of 17 which disables one of the human input devices by directly signaling said one of the human input devices.
- View Dependent Claims (23, 26, 27)
- - 23. The security device of claim 20, where said computer system comprises a first execution environment and a second execution environment, and where said secure functionality is provided by said second execution environment, where said status indicator indicates whether said first execution environment or said second execution environment is active.
  - 26. The security device of claim 20, where said status indicator provides an indication when said secure functionality is being shut down.
  - 27. The security device of claim 20, where said secure functionality can display a secret, and where said status display displays said secret.

30. A method for signaling information to a user regarding the state of a computer system comprising a first secure functionality, said method comprising:
- querying said computer system for a status for said first secure functionality;
  
  signaling said user with a first signal if no response is received to said query; and
  
  signaling said user if an unsatisfactory response, or no response, is received from said computer system.
- View Dependent Claims (33)
- - 33. The method of claim 30, where said signaling said user if an unsatisfactory response is received comprises:
    - evaluating said response to determine whether said cryptographic challenge has been appropriately answered; and
      
      if said cryptographic challenge has not been appropriately answered, signaling said user that an unsatisfactory response was received.

45. A computer-readable medium containing computer executable instructions to signal information to a user regarding the state of a computer system comprising a first secure functionality, said computer-executable instructions to perform acts comprising:
- querying said computer system for a status for said first secure functionality;
  
  determining whether a response is received to said query;
  
  signaling said user if no response is received to said query, or if an unsatisfactory response is received from said computer system.

51. A method for providing for the security of a computer system comprising secure functionality, said method comprising:
- establishing a trusted distribution infrastructure; and
  
  distributing at least a first part of a security device via said trusted distribution infrastructure, where said security device comprises a querier requesting a status from said secure functionality of said computer system, operably connected to said computer system, and a user alerter operably connected to said querier, said user alerter signaling if an unsatisfactory state of said secure functionality is determined, said user alerter further signaling if said querier fails to retrieve said status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chew, Christine M., Paff, John E., Wooten, David Rudolph, Willman, Bryan Mark, Roberts, Paul C.

Granted Patent

US 7,574,610 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Y10S 257/922 with means to prevent inspe...

Security state watcher

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Security state watcher

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links