DEVICE COMPONENT ROLL BACK PROTECTION SCHEME

US 20090119744A1
Filed: 01/18/2008
Published: 05/07/2009
Est. Priority Date: 11/01/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computer readable storage medium including computer readable instructions for enforcing a policy, the computer readable instructions comprising:

instructions for determining whether a subcomponent currently attached to a device is listed in a subcomponent list, wherein the subcomponent list includes identification information for a subcomponent attached to the device during a manufacturing process; and

instructions for performing an action in accordance with a security policy in response to the determination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the present disclosure describe techniques for enforcing a subcomponent related security policy for closed computing systems. A closed computing system can include a list of subcomponents that identify the subcomponents it was manufactured with. The list can be used to determine if any currently attached subcomponents are different than the original ones. If a new subcomponent is detected, the device can perform a predetermined action in accordance with a security policy.

26 Citations

View as Search Results

20 Claims

1. A computer readable storage medium including computer readable instructions for enforcing a policy, the computer readable instructions comprising:
- instructions for determining whether a subcomponent currently attached to a device is listed in a subcomponent list, wherein the subcomponent list includes identification information for a subcomponent attached to the device during a manufacturing process; and
  
  instructions for performing an action in accordance with a security policy in response to the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable instruction of claim 1, wherein the subcomponent list includes an encrypted hash of the information in the subcomponent list.
  - 3. The computer readable instructions of claim 2, wherein the subcomponent list is stored in a protected memory location, the protected memory location encrypted with a key stored in a processor of the device.
  - 4. The computer readable instruction of claim 1, wherein the subcomponent list is encrypted and is configured to be decrypted with a public decryption key stored in the device.
  - 5. The computer readable instructions of claim 1, wherein the identification information includes information selected from a group consisting of a model number of the subcomponent, a version number of hardware in the subcomponent, a version number of firmware in the subcomponent, a serial number of the subcomponent, and a name of the manufacturer of the subcomponent.
  - 6. The computer readable instructions of claim 1, wherein instructions for performing an action in accordance with a security policy further comprise:
    - instruction for disabling the device when the currently attached subcomponent is different than the subcomponent listed in the subcomponent list.
  - 7. The computer readable instructions of claim 1, wherein instructions for performing an action in accordance with a security policy further comprise:
    - instructions for disabling the device when the currently attached subcomponent is included in a list of unallowable subcomponents.
  - 8. The computer readable instructions of claim 1, further comprising:
    - instructions for determining whether the subcomponent currently attached to the device is listed in a subcomponent list during a pre-boot sequence.
  - 9. The computer readable instructions of claim 1, further comprising:
    - instructions for determining whether the subcomponent currently attached to the device is listed in a subcomponent list when the currently attached subcomponent is used.
  - 10. The computer readable instructions of claim 1, further comprising:
    - instructions for determining whether the subcomponent currently attached to the device is listed in a subcomponent list when the device connects to a remote device.

11. A closed computing device comprising:
- at least one subcomponent operatively coupled to a main board of the device; and
  
  a protected memory location integrated with the main board that includes a subcomponent list and an encrypted hash of information in the subcomponent list, wherein the information in the subcomponent list includes identification information for a subcomponent attached to the main board during a manufacturing process.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The closed computing device of claim 11, wherein the subcomponent list was previously transmitted to the device by a service provider.
  - 13. The closed computing device of claim 11, wherein the subcomponent list was previously transmitted to the device by a manufacturer of the device.
  - 14. The closed computing device of claim 11, wherein the information in the subcomponent list includes a device specific number associated with the device.
  - 15. The closed computing device of claim 11, wherein the protected memory location is encrypted.
  - 16. The closed computing device of claim 11, further comprising:
    - a processor operable to determine whether identification information for a subcomponent currently attached to the main board matches the identification information for the subcomponent attached to the main board during the manufacturing process.

17. A method for enabling the enforcement of a hardware based policy, the method comprising:
- receiving, from a device, information related to a plurality of subcomponents in the device;
  
  generating a hash of the information related to the plurality of subcomponents in the device and a device identifier associated with the device;
  
  encrypting the hash using a private encryption key; and
  
  transmitting, to the device, the encrypted hash.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the information related to a plurality of subcomponents includes information selected from a group consisting of model numbers of the plurality of subcomponents, version numbers of hardware in the plurality of subcomponents, version numbers of firmware in the plurality of subcomponents, serial numbers of the plurality of subcomponents, and names of the manufacturers of the plurality of subcomponents.
  - 19. The method of claim 17, further comprising:
    - transmitting, to a service provider, the information related to the plurality of subcomponents in the device and the device identifier associated with the device.
  - 20. The method of claim 17, further comprising:
    - transmitting, to the device, a decryption key operable to decrypt the hash.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Tan, Victor, Lange, Sebastian, Poulos, Adam G.

Application Number

US12/016,940
Publication Number

US 20090119744A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/70   Protecting specific interna...

G06F 2221/2129   Authenticate client device ...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

DEVICE COMPONENT ROLL BACK PROTECTION SCHEME

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE COMPONENT ROLL BACK PROTECTION SCHEME

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links