SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE
First Claim
1. One or more computer-readable storage media that store executable instructions to perform a method of interacting with a machine, the method comprising:
- receiving, from said machine, a request that, when carried out, causes a device on which said instructions execute to perform an action;
verifying said machine'"'"'s identity;
querying said machine as to said machine'"'"'s execution state, wherein a component of said machine reports said machine'"'"'s state based on one or more values that are stored in registers that (a) are reset whenever said machine is booted, and (b) are resistant to being set to arbitrarily-specified values during operation of said machine;
determining that said machine'"'"'s state, as reported by said component, satisfies one or more criteria; and
based on said determining, performing said action.
2 Assignments
0 Petitions
Accused Products
Abstract
A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform'"'"'s Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM'"'"'s services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform'"'"'s identity through the exchanged keys, or platform state measurements reported by the TPM.
76 Citations
20 Claims
-
1. One or more computer-readable storage media that store executable instructions to perform a method of interacting with a machine, the method comprising:
-
receiving, from said machine, a request that, when carried out, causes a device on which said instructions execute to perform an action; verifying said machine'"'"'s identity; querying said machine as to said machine'"'"'s execution state, wherein a component of said machine reports said machine'"'"'s state based on one or more values that are stored in registers that (a) are reset whenever said machine is booted, and (b) are resistant to being set to arbitrarily-specified values during operation of said machine; determining that said machine'"'"'s state, as reported by said component, satisfies one or more criteria; and based on said determining, performing said action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to perform an operation, the system comprising:
a device that comprises; a communication interface through which said device is communicatively connectable to a machine that comprises a first component that maintains a first key that said first component does not divulge to any execution environment on said machine that is outside of said first component, data transmitted between said device and said machine through said communication interface being observable from outside of said first component; a first data remembrance component in which is stored (a) a representation of said first key, and (b) first software that is configured to perform the operation to generate first data and that is further configured to obtain, from said first component, an indication of said machine'"'"'s execution state and to provide, or not to provide, said first data to said machine depending on one or more factors that include whether said machine'"'"'s execution state satisfies one or more criteria; and a processor that is connected to said first data remembrance component and that executes said first software. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. One or more computer-readable storage media that store executable instructions to perform a method, the method comprising:
-
verifying that a device, which is communicatively connected to a machine on which said instructions execute, holds a first key; receiving, from a caller that executes within an execution environment at said machine, a command to be carried out on said device; encrypting said command using a second key that is known to the device and is usable within a boundary within which said instructions execute but that is not usable on said machine outside of said boundary; receiving a response from said device in an encrypted form; decrypting said response to produce a decrypted response; and either providing said decrypted response to said caller or issuing an instruction to a hardware component of said machine that holds a third key that said hardware component does not divulge to any portion of said machine outside of said hardware component. - View Dependent Claims (18, 19, 20)
-
Specification