OPERATING SYSTEM-INDEPENDENT INTEGRITY VERIFICATION

US 20140325644A1
Filed: 04/29/2013
Published: 10/30/2014
Est. Priority Date: 04/29/2013
Status: Active Grant

First Claim

Patent Images

1. An operating system-independent integrity verification subsystem for a computing device, embodied in one or more machine-accessible storage media, the integrity verification subsystem configured to verify the integrity of a current version of a software module on the computing device by, in response to a load-time or run-time event triggering integrity verification of the current version of the software module:

computing, in an execution environment that exists independently of any operating systems running on the computing device, a current hash value for a block of the current version of the software module as the block is loaded from a persistent storage into volatile memory on the computing device, the block comprising a portion of the current version of the software module stored in the persistent storage;

accessing a trusted hash value, the trusted hash value being computed from a block of a trusted version of the software module that corresponds to the block of the current version of the software module;

comparing the current hash value to the trusted hash value; and

evaluating the integrity of the current version of the software module based on the comparison of the current hash value to the trusted hash value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrity verification subsystem can verify the integrity of software and firmware modules on a computing device at load time and/or at run time, independently of any operating systems that may be installed on the computing device. Some versions of the integrity verification subsystem can operate in physical and/or virtualized system environments, including virtualized mobile device architectures.

97 Citations

View as Search Results

20 Claims

1. An operating system-independent integrity verification subsystem for a computing device, embodied in one or more machine-accessible storage media, the integrity verification subsystem configured to verify the integrity of a current version of a software module on the computing device by, in response to a load-time or run-time event triggering integrity verification of the current version of the software module:
- computing, in an execution environment that exists independently of any operating systems running on the computing device, a current hash value for a block of the current version of the software module as the block is loaded from a persistent storage into volatile memory on the computing device, the block comprising a portion of the current version of the software module stored in the persistent storage;
  
  accessing a trusted hash value, the trusted hash value being computed from a block of a trusted version of the software module that corresponds to the block of the current version of the software module;
  
  comparing the current hash value to the trusted hash value; and
  
  evaluating the integrity of the current version of the software module based on the comparison of the current hash value to the trusted hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The integrity verification subsystem of claim 1, configured to compute the current hash value by executing a secure hash algorithm on the block of the current version of the software module.
  - 3. The integrity verification subsystem of claim 2, configured to verify the trusted hash value by verifying a digital signature associated with the trusted hash value.
  - 4. The integrity verification subsystem of claim 3, configured to obtain a security key from a data storage location that is accessible by the execution environment but not accessible by any operating systems on the computing device, and use the security key to verify the digital signature.
  - 5. The integrity verification subsystem of claim 1, configured to, in response to determining that the integrity evaluation is successful, execute the current version of the software module.
  - 6. The integrity verification subsystem of claim 1, configured to, in response to determining that the integrity evaluation is not successful, determine whether to execute the current version of the software module based on a security policy associated with the computing device.
  - 7. The integrity verification subsystem of claim 1, configured to send data relating to the integrity evaluation to a software module management service.
  - 8. The integrity verification subsystem of claim 7, configured to initiate execution of the current version of the software module in response to approval of the integrity evaluation by the software module management service.
  - 9. The integrity verification subsystem of claim 1, wherein the computing device is a virtualized mobile computing device, the execution environment is created by a virtualization service on the mobile computing device, and the integrity verification subsystem is configured to communicate with the virtualization service to determine whether the event triggering integrity verification of the current version of the software module has occurred.

10. A method for verifying the integrity of a current version of a software module on a virtualized mobile computing device independently of any operating systems on the mobile computing device, the method comprising, with the mobile computing device:
- with a virtualization service running on the mobile computing device, detecting a load-time or run-time event triggering an integrity check of the current version of the software module;
  
  in response to the load-time or run-time triggering event, comparing a current integrity parameter associated with the current version of the software module to a trusted integrity parameter associated with a trusted version of the software module, the current integrity parameter being derived from a block of the current version of the software module, the block comprising a portion of the current version of the software module stored in a data storage, the trusted integrity parameter being derived from the trusted version of the software module, the trusted integrity parameter being accessible by the virtualization service on the mobile computing device but not accessible by any operating systems on the mobile computing device; and
  
  evaluating the integrity of the current version of the software module based on the comparison of the current integrity parameter to the trusted integrity parameter.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, comprising, during a pre-load phase of the operation of the mobile computing device, performing integrity verification on the virtualization service.
  - 12. The method of claim 11, comprising obtaining the trusted integrity parameter through communication with the integrity-verified virtualization service.
  - 13. The method of claim 12, comprising obtaining the current integrity parameter through communication with the integrity-verified virtualization service.
  - 14. The method of claim 10, comprising accessing a security key on the mobile computing device and using the security key to verify the trusted integrity parameter.
  - 15. The method of claim 14, comprising verifying the trusted integrity parameter by verifying a digital signature associated with the trusted integrity parameter using the security key.
  - 16. The method of claim 10, wherein the software module is an operating system and the method comprises, in response to determining that the integrity evaluation is successful, loading the current version of the operating system.
  - 17. The method of claim 10, comprising, in response to the integrity evaluation, communicating with a mobile device management service to determine whether to execute the current version of the software module.

18. A mobile computing device, comprising:
- a processor; and
  
  machine accessible storage media having embodied therein an operating system-independent virtualization service and an integrity verification subsystem executable by the virtualization service, the integrity verification subsystem configured to, in an automated fashion, selectively perform block-based hash verification to verify the integrity of a plurality of different software modules on the mobile computing device either at load time or in response to a run-time triggering event.
- View Dependent Claims (19, 20)
- - 19. The mobile computing device of claim 18, wherein the integrity verification subsystem is configured to selectively perform block-based hash verification to verify the integrity of a plurality of different operating systems on the mobile computing device, at load time, in response to loading of the operating systems from persistent storage into volatile memory on the mobile computing device.
  - 20. The mobile computing device of claim 19, wherein the integrity verification subsystem is configured to verify the integrity of one or more of the operating systems in response to a communication from a mobile device management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Lockett, Christopher S., Saidi, Hassen, Casper, Jeffrey E., Oberg, Scott, Forsberg, Sean

Granted Patent

US 10,073,966 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/57 Certifying or maintaining t...

OPERATING SYSTEM-INDEPENDENT INTEGRITY VERIFICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OPERATING SYSTEM-INDEPENDENT INTEGRITY VERIFICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links