External Reference Monitor

US 20130111211A1
Filed: 10/31/2012
Published: 05/02/2013
Est. Priority Date: 10/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for increasing security of an untrusted device, the method comprising:

sending a request to the untrusted device, the request indicating one or more challenges to be performed by a secure application executing on the untrusted device;

determining an expected response to the one or more challenges, wherein the expected response is determined at a secure hardware component based on an expected configuration of the untrusted device;

receiving a response to the request from the untrusted device;

determining a security status of the untrusted device based on the expected response and the received response; and

allowing the untrusted device to perform one or more functions based on determining that the security status of the untrusted device is a secure status.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for increasing the security or trust associated with an untrusted device are provided. For example, a trusted hardware component may send a request to the untrusted device. The request may indicate one or more challenges to be performed by a secure application executing on the untrusted device. The trusted hardware component may determine an expected response to the one or more challenges. The expected response may be determined at the secure hardware component based on an expected configuration of the untrusted device. The trusted hardware component may receive a response to the request from the untrusted device. The trusted hardware component may determine a security status of the untrusted device based on the expected response and the received response

Citations

21 Claims

1. A method for increasing security of an untrusted device, the method comprising:
- sending a request to the untrusted device, the request indicating one or more challenges to be performed by a secure application executing on the untrusted device;
  
  determining an expected response to the one or more challenges, wherein the expected response is determined at a secure hardware component based on an expected configuration of the untrusted device;
  
  receiving a response to the request from the untrusted device;
  
  determining a security status of the untrusted device based on the expected response and the received response; and
  
  allowing the untrusted device to perform one or more functions based on determining that the security status of the untrusted device is a secure status.
- View Dependent Claims (2, 3, 4)
- - 2. The method as in claim 1, wherein determining the security status of the untrusted device based on the expected response and the received response comprises:
    - comparing the expected response to the received response to determine if the expected response is equivalent to the received response;
      
      determining that the untrusted device has been compromised on condition that the expected response is not equivalent to the received response; and
      
      determining that the untrusted device has not been compromised on condition that the expected response is equivalent to the received response.
  - 3. The method as in claim 2, wherein the request comprises a random number seed, and the one or more challenges comprises a request to hash the random number with data included in a specified memory region.
  - 4. The method as in claim 1, wherein the one or more challenges are associated with a time limit for receiving the response from the untrusted device, and the method further comprises determining that the untrusted device has been compromised on condition that the received response is not received within the time limit.

5. A trusted hardware module for providing security for an untrusted device, the trusted hardware module comprising:
- a communication interface configured to communicate with the untrusted device using a local communication protocol; and
  
  a processor configured to;
  
  determine one or more challenges to be performed by the untrusted device, wherein the one or more challenges comprise an input parameter generated by the trusted hardware module,determine an expected response to the one or more challenges, wherein the expected response is determined based on an expected configuration of the untrusted device and the input parameter, anddetermine a security status of the untrusted device based on the expected response and a response received from the untrusted device.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The trusted hardware module as in claim 5, wherein the input parameter is a seed to a hashing function challenge.
  - 7. The trusted hardware module as in claim 5, wherein the processor is further configured to authenticate one or more of the untrusted device or a user of the untrusted device.
  - 8. The trusted hardware module as in claim 7, wherein the processor is further configured to authenticate a communication peer on behalf of one or more of the untrusted device or the user of the untrusted device.
  - 9. The trusted hardware module as in claim 8, wherein the processor is further configured to:
    - receive data to be encrypted from the untrusted device;
      
      encrypt the data to form encrypted data; and
      
      send the encrypted data to the communication peer.
  - 10. The trusted hardware module as in claim 9, wherein the processor is configured to send the encrypted data to the communication peer via the untrusted device.
  - 11. The trusted hardware module as in claim 9, wherein the processor is further configured to:
    - receive second encrypted data from the communication peer;
      
      decrypt the second encrypted data to form decrypted data; and
      
      send the decrypted data to the untrusted device.

12. A method for a communication device to perform a secure call using untrusted hardware, the method comprising:
- receiving a request to perform a secure call;
  
  authenticating with a trusted hardware component;
  
  sending an indication of the contents of a memory region corresponding to at least a portion of an unsuspended process executing on the communication device to the trusted hardware component; and
  
  cryptographically communicating with a communication peer using the trusted hardware component.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method as in claim 12, further comprising suspending one or more applications being executed on the communication device during the secure call, wherein suspending one or more applications being executed on the communication device during the secure call comprises suspending execution of an operating system of the communication device above a kernel level.
  - 14. The method as in claim 12, wherein the unsuspended process executing on the communication device corresponds to a kernel, the kernel providing an interface between hardware components of the communication device and software components of the communication device.
  - 15. The method as in claim 12, wherein cryptographically communicating with a communication peer using the trusted hardware component comprises:
    - receiving a session key from the trusted hardware component after authenticating with the trusted hardware component; and
      
      performing one or more of encryption or decryption using the session key.
  - 16. The method as in claim 12, further comprising:
    - receiving a challenge from the trusted hardware module, the challenge comprising a random number and an indication of a memory region;
      
      hashing the random number with data corresponding to the memory region;
      
      sending an indication of the result of the hash of the random number and the data corresponding to the memory region to the trusted hardware module within a predetermined or specified time period.
  - 17. The method as in claim 12, wherein the secure call is established with a legacy Type 1 device using Secure Communications Interoperability Protocol (SCIP).

18. A secure hardware component comprising:
- a secure input configured to receive an input;
  
  a processor configured to;
  
  determine that the input was received from a trusted source based on authenticating the source of the input using the input,perform one or more security tests on an untrusted device that is associated with the source of the input, anddetermine the security status of the untrusted device based on a response received from the untrusted device during the one or more security tests; and
  
  a secure output configured to display an indication of the security status.
- View Dependent Claims (19, 20, 21)
- - 19. The secure hardware component as in claim 18, wherein the one or more security tests comprise one or more of authentication, encryption, decryption, key storage, key management, or firewall maintenance.
  - 20. The secure hardware component as in claim 19, wherein the processor is configured to perform the one or more security functions on condition that it is determined that the untrusted device is operating in accordance with an expected configuration.
  - 21. The secure hardware component as in claim 18, wherein the input is a password and authenticating the source of the input comprises determining that the password is the correct password for the source of the input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lionra Technologies Limited (Atlantic IP Services Limited)
Original Assignee
L-3 Communications Corporation (L3Harris Technologies, Inc.)
Inventors
Winslow, Richard Norman, Hutchison, Jerry, Coia, Robert Louis Jr.

Granted Patent

US 8,909,930 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2103   Challenge-response

H04L 63/0853   using an additional device,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

External Reference Monitor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

External Reference Monitor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links