TAMPER RESISTANCE OF AGGREGATED DATA

US 20150067343A1
Filed: 08/30/2013
Published: 03/05/2015
Est. Priority Date: 08/30/2013
Status: Abandoned Application

First Claim

Patent Images

1-25. -25. (canceled)

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By processing aggregated data in a trusted environment, a system can reduce opportunities for tampering with aggregated data that is processed in a peer-to-peer chain. Each device may pass the predecessor aggregated data to a trusted environment in that device, which obtains local data for that device and aggregates it with the predecessor aggregated data, producing an output aggregated data. Optionally, the system can identify when a device has previously processed the aggregated data, reducing the possibility that the device can be used to aggregate data repeatedly. The aggregated data may be digitally signed or encrypted to enhance the tamper resistance of the data payload.

Citations

50 Claims

1-25. -25. (canceled)

26. A computer-readable medium, on which are stored instructions comprising instructions that, when executed, cause a programmable device to:
- receive a first collection of data from a predecessor programmable device;
  
  generate a second collection of data, corresponding to the first collection of data;
  
  aggregate the first collection of data with the second collection of data in a trusted environment of the programmable device, producing a third collection of data; and
  
  send the third collection of data to a successor programmable device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The computer-readable medium of claim 26, wherein the first collection of data comprises a digital signature, andwherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - authenticate the digital signature in the trusted environment; and
      
      digitally sign the third collection of data in the trusted environment.
  - 28. The computer-readable medium of claim 26, wherein the first collection of data is encrypted, andwherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - decrypt the first collection of data in the trusted environment; and
      
      encrypt the third collection of data in the trusted environment.
  - 29. The computer-readable medium of claim 26, wherein the instructions to receive the first collection of data comprise instructions that, when executed, cause the programmable device to:
    - receive the first collection of data by an untrusted environment of the programmable device; and
      
      forward the first collection of data from the untrusted environment to the trusted environment.
  - 30. The computer-readable medium of claim 26, wherein the instructions to send the third collection of data comprise instructions that, when executed, cause the programmable device to:
    - send the third collection of data from the trusted environment to an untrusted environment of the programmable device; and
      
      send the third collection of data from the untrusted environment to the successor programmable device.
  - 31. The computer-readable medium of claim 26, wherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - determine whether the trusted environment has processed the first collection of data previously.
  - 32. The computer-readable medium of claim 26, wherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - omit the aggregation of the second collection of data with the first collection of data if an error condition is detected.
  - 33. The computer-readable medium of claim 26, wherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - discard the first collection of data if an error condition is detected.
  - 34. The computer-readable medium of claim 26, wherein the instructions further comprise instructions that, when executed, cause the programmable device to:
    - initialize the first collection of data.

35. A programmable device, comprising:
- a processor,an operating system, comprising instructions that, when executed by the processor, controls the processor and provides an untrusted environment for software to execute on the processor;
  
  a secure hardware trusted environment separate from the untrusted environment;
  
  a memory, in which is stored instructions that when executed by secure hardware trusted environment cause the secure hardware trusted environment to;
  
  receive a first collection of data from a predecessor programmable device;
  
  generate a second collection of data, corresponding to the first collection of data;
  
  aggregate the first collection of data with the second collection of data in, producing a third collection of data; and
  
  send the third collection of data to a successor.
- View Dependent Claims (36, 37, 38, 39, 40, 41)
- - 36. The programmable device of claim 35, where the memory further stores instructions that when executed in the untrusted environment cause the processor to:
    - receive the first collection of data from the predecessor programmable device;
      
      forward the first collection of data from the untrusted environment to the trusted environment;
      
      receive the third collection of data from the trusted environment; and
      
      forward the third collection of data to the successor.
  - 37. The programmable device of claim 35, wherein the instructions further comprise instructions that, when executed by the secure hardware trusted environment, cause the secure hardware trusted environment to:
    - unseal the first collection of data; and
      
      seal the third collection of data.
  - 38. The programmable device of claim 35, wherein the instructions further comprise instructions that, when executed by the secure hardware trusted environment, cause the secure hardware trusted environment to:
    - determine whether the secure hardware trusted environment has previously processed the first collection of data.
  - 39. The programmable device of claim 38, wherein the instructions further comprise instructions that, when executed by the secure hardware trusted environment, cause the secure hardware trusted environment to:
    - signal an alert if the secure hardware trusted environment has previously processed the first collection of data.
  - 40. The programmable device of claim 35, wherein the instructions further comprise instructions that, when executed by the secure hardware trusted environment, cause the secure hardware trusted environment to:
    - discard the first collection of data if an error condition is detected.
  - 41. The programmable device of claim 35, wherein the instructions further comprise instructions that, when executed by the secure hardware trusted environment, cause the secure hardware trusted environment to:
    - initialize the first collection of data in the absence of a predecessor programmable device.

42. A method, comprising:
- receiving a first collection of data from a first programmable device;
  
  obtaining a second collection of data from an untrusted environment of a second programmable device;
  
  combining the first collection of data with the second collection of data in a trusted environment of the programmable device to produce a third collection of data; and
  
  sending the third collection of data to a third programmable device.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
- - 43. The method of claim 42, wherein combining the first collection of data with the second collection of data comprises:
    - unsealing the first collection of data;
      
      combining the first collection of data with the second collection of data to produce the third collection of data; and
      
      sealing the third collection of data.
  - 44. The method of claim 43,wherein unsealing the first collection of data comprises authenticating a digital signature of the first collection of data, andwherein sealing the third collection of data comprises digitally signing the third collection of data.
  - 45. The method of claim 42, wherein obtaining the second collection of data from an untrusted environment comprises:
    - evaluating in the untrusted environment a query contained in the first collection of data; and
      
      forwarding a query result to the trusted environment.
  - 46. The method of claim 42, wherein obtaining the second collection of data from an untrusted environment comprises:
    - evaluating in the trusted environment a query contained in the first collection of data; and
      
      requesting data corresponding to the query from the untrusted environment by the trusted environment.
  - 47. The method of claim 42,wherein receiving a first collection of data comprises:
    - receiving the first collection of data from the first programmable device in the untrusted environment of the second programmable device; and
      
      forwarding the first collection of data from the untrusted environment to the trusted environment, andwherein sending the third collection of data to a third programmable device comprises;
      
      sending the third collection of data from the trusted environment to the untrusted environment; and
      
      forwarding the third collection of data from the untrusted environment to the third programmable device.
  - 48. The method of claim 42, wherein combining the first collection of data with the second collection of data comprises:
    - determining whether the second programmable device has previously processed the first collection of data.
  - 49. The method of claim 42, wherein combining the first collection of data with the second collection of data further comprises:
    - discarding the first collection of data if an error condition is detected in the first collection of data.
  - 50. The method of claim 42, wherein combining the first collection of data with the second collection of data further comprises:
    - generating an alert if an error condition is detected in the first collection of data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Grobman, Steven L.

Application Number

US14/125,391
Publication Number

US 20150067343A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/604   Tools and structures for ma...

G06F 21/64   Protecting data integrity, ...

H04L 63/123   received data contents, e.g...

H04L 9/3247   involving digital signatures

TAMPER RESISTANCE OF AGGREGATED DATA

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

TAMPER RESISTANCE OF AGGREGATED DATA

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links