Protected computing environment

US 20060242406A1
Filed: 04/27/2005
Published: 10/26/2006
Est. Priority Date: 04/22/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of establishing a protected environment within a computing device comprising:

validating a kernel component loaded into a kernel of the computing device;

establishing a security state for the kernel based on the validation;

creating a secure process and loading a software component into the secure process;

periodically checking the security state of the kernel; and

notifying the secure process when the security state of the kernel has changed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.

141 Citations

View as Search Results

20 Claims

1. A method of establishing a protected environment within a computing device comprising:
- validating a kernel component loaded into a kernel of the computing device;
  
  establishing a security state for the kernel based on the validation;
  
  creating a secure process and loading a software component into the secure process;
  
  periodically checking the security state of the kernel; and
  
  notifying the secure process when the security state of the kernel has changed.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of establishing a protected environment within a computing device of claim 1, in which validating a kernel component loaded into a kernel of the computing device further comprises setting a kernel secure flag.
  - 3. The method of establishing a protected environment within a computing device of claim 2 in which periodically checking the security state of the kernel further comprises checking the kernel secure flag.
  - 4. The method of establishing a protected environment within a computing device of claim 1, in which the kernel component includes a loader.
  - 5. The method of establishing a protected environment within a computing device of claim 1, in which the software component is a trusted media component.

6. A method of loading kernel components to create a secure computing environment comprising:
- setting a kernel secure flag to a true state;
  
  checking to determine if a debugger is present in an operating system; and
  
  checking to see if a debug credential associated with the debugger is present.
- View Dependent Claims (7, 8, 9)
- - 7. The method of loading kernel components to create a secure computing environment of claim 6, further comprising, setting the kernel secure flag to a false state if a debug credential is not present.
  - 8. The method of loading kernel components to create a secure computing environment of claim 6, further comprising:
    - determining that there is another component to load;
      
      validating a signature of the component;
      
      verifying that a certificate is valid;
      
      determining if the signature is on a revocation list; and
      
      determining if the certificate in on the revocation list.
  - 9. The method of loading kernel components to create a secure computing environment of claim 8, further comprising:
    - determining if the signature is acceptable for use;
      
      determining if the is acceptable for use; and
      
      loading the component into the kernel.

10. A method of creating a protected environment comprising:
- creating a protected environment for loading a component;
  
  checking the validity of a signature;
  
  checking the validity of a certificate;
  
  checking to see if the signature is in a revocation list;
  
  checking to see if the certificate is in the revocation list;
  
  checking to see that the signature is acceptable for use checking to see that a certificate is acceptable for use;
  
  setting a kernel secure flag; and
  
  loading the component into the protected environment.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of creating a protected environment for loading a component of claim 10, in which the kernel secure flag is set to a false state if checking the validity of the signature fails.
  - 12. The method of creating a protected environment for loading a component of claim 10, in which the kernel secure flag is set to a false state if checking the validity of a certificate fails.
  - 13. The method of creating a protected environment for loading a component of claim 10, in which the kernel secure flag is set to a false state if checking to see if the certificate is in the revocation list fails.
  - 14. The method of creating a protected environment for loading a component of claim 10, in which the kernel secure flag is set to a false state if checking to see that the signature is acceptable for use fails.
  - 15. The method of creating a protected environment for loading a component of claim 10, in which the kernel secure flag is set to a false state if checking to see that the certificate is acceptable for use fails.
  - 16. The method of creating a protected environment for loading a component of claim 10, in which the component is a portion of a media application.
  - 17. The method of creating a protected environment for loading a component of claim 10, further comprising periodically checking a security state of the protected environment.
  - 18. The method of creating a protected environment for loading a component of claim 17, in which periodically checking the security state of the protected environment further comprises checking the kernel secure flag.
  - 19. The method of creating a protected environment for loading a component of claim 18, in which periodically checking the security state of the protected environment further comprises submitting a call of a calling process to a kernel.
  - 20. The method of creating a protected environment for loading a component of claim 19, in which the calling process to the kernel is checked to determine if it is secure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kuhn, Reid Joseph, Kishan, Arun Upadhyaya, Dunbar, Geoffrey T., Alkove, James M., Debique, Kirt A., Ma, Ming, Knowlton, Chadd B., Barde, Sumedh N., Schwartz, Jonathan D., Sherwani, Adil Ahmed, Upadhyay, Chaitanya D., Grigorovitch, Alexandre Vicktorovich, Grier, Michael J.

Application Number

US11/116,598
Publication Number

US 20060242406A1
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/1064   Restricting content process...

G06F 21/57   Certifying or maintaining t...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Protected computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protected computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links