DEVICES, SYSTEMS, AND METHODS FOR MONITORING AND ASSERTING TRUST LEVEL USING PERSISTENT TRUST LOG

US 20140006789A1
Filed: 06/27/2012
Published: 01/02/2014
Est. Priority Date: 06/27/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device having a trust level, the computing device comprising:

a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing the trust level of the computing device; and

a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods for monitoring and asserting a trust level of a computing device are disclosed. In one illustrative embodiment, a computing device may include a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing a trust level of the computing device, and a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.

70 Citations

View as Search Results

29 Claims

1. A computing device having a trust level, the computing device comprising:
- a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing the trust level of the computing device; and
  
  a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computing device of claim 1, wherein the memory is a dedicated memory device accessible only to the security controller.
  - 3. The computing device of claim 1, wherein the security controller is further configured to digitally sign the data relating to the event using a private key when writing the data relating to the event to the persistent trust log.
  - 4. The computing device of claim 1, wherein the security controller is further configured to analyze data stored in the persistent trust log to generate a trust assessment in response to receiving a trust assessment request.
  - 5. The computing device of claim 4, wherein the security controller is configured to analyze data stored in the persistent trust log, at least in part, by evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security controller.
  - 6. The computing device of claim 4, wherein the security controller is configured to analyze data stored in the persistent trust log, at least in part, by evaluating the data stored in the persistent trust log using one or more criteria included in a trust profile received with the trust assessment request.
  - 7. The computing device of claim 4, wherein the security controller is configured to analyze data stored in the persistent trust log, at least in part, by retrieving information from an external database regarding how one or more of the historic events influence the trust level of the computing device.
  - 8. The computing device of claim 4, wherein the security controller is further configured to determine whether to respond to the trust assessment request by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 9. The computing device of claim 4, wherein the security controller is further configured to determine whether to respond to the trust assessment request by evaluating an identity credential received with the trust assessment request.
  - 10. The computing device of claim 4, wherein the security controller is further configured to digitally sign the trust assessment with a timestamp prior to transmitting the trust assessment.
  - 11. The computing device of claim 4, wherein the security controller is further configured to digitally sign the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment.

12. A method for asserting a trust level of a computing device, the method comprising:
- receiving a trust assessment request originating from an external service;
  
  generating a trust assessment using a security engine of the computing device by analyzing data stored in a persistent trust log; and
  
  transmitting the trust assessment to the external service originating the trust assessment request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein analyzing the data stored in the persistent trust log comprises evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security engine.
  - 14. The method of claim 12, wherein analyzing the data stored in the persistent trust log comprises evaluating the data stored in the persistent trust log using one or more criteria included in a trust profile received from the external service originating the trust assessment request.
  - 15. The method of claim 12, wherein the data stored in the persistent trust log relates to historic events influencing the trust level of the computing device.
  - 16. The method of claim 15, wherein analyzing the data stored in the persistent trust log comprises retrieving information from an external database regarding how one or more of the historic events influence the trust level of the computing device.
  - 17. The method of claim 15, further comprising determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 18. The method of claim 12, further comprising determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating an identity credential received from the external service originating the trust assessment request.
  - 19. The method of claim 12, wherein generating the trust assessment using the security engine comprises digitally signing the trust assessment with a timestamp prior to transmitting the trust assessment to the external service originating the trust assessment request.
  - 20. The method of claim 12, wherein generating the trust assessment using the security engine comprises digitally signing the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment to the external service originating the trust assessment request.

21. One or more machine readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, result in a computing device:
- receiving a trust assessment request originating from an external service;
  
  generating a trust assessment using a security engine of the computing device by analyzing data stored in a persistent trust log; and
  
  transmitting the trust assessment to the external service originating the trust assessment request.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The one or more machine readable storage media of claim 21, wherein the plurality of instructions result in the computing device analyzing the data stored in the persistent trust log, at least in part, by evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security engine.
  - 23. The one or more machine readable storage media of claim 21, wherein the plurality of instructions result in the computing device analyzing the data stored in the persistent trust log, at least in part, by evaluating the data stored in the persistent trust log using one or more criteria included in a trust profile received from the external service originating the trust assessment request.
  - 24. The one or more machine readable storage media of claim 21, wherein the data stored in the persistent trust log relates to historic events influencing the trust level of the computing device.
  - 25. The one or more machine readable storage media of claim 24, wherein the plurality of instructions result in the computing device analyzing the data stored in the persistent trust log, at least in part, by retrieving information from an external database regarding how one or more of the historic events influence the trust level of the computing device.
  - 26. The one or more machine readable storage media of claim 24, wherein the plurality of instructions further result in the computing device determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 27. The one or more machine readable storage media of claim 21, wherein the plurality of instructions further result in the computing device determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating an identity credential received from the external service originating the trust assessment request.
  - 28. The one or more machine readable storage media of claim 21, wherein the plurality of instructions further result in the computing device digitally signing the trust assessment with a timestamp prior to transmitting the trust assessment to the external service originating the trust assessment request.
  - 29. The one or more machine readable storage media of claim 21, wherein the plurality of instructions further result in the computing device digitally signing the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment to the external service originating the trust assessment request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Grobman, Steven L., Sengupta, Uttam K., Permeh, Ryan

Granted Patent

US 9,177,129 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

DEVICES, SYSTEMS, AND METHODS FOR MONITORING AND ASSERTING TRUST LEVEL USING PERSISTENT TRUST LOG

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICES, SYSTEMS, AND METHODS FOR MONITORING AND ASSERTING TRUST LEVEL USING PERSISTENT TRUST LOG

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links