Manifest-based trusted agent management in a trusted operating system environment
First Claim
Patent Images
1. One or more computer storage media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
obtain a first manifest identifier from a first manifest corresponding to the trusted application;
obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret;
compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and
reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application;
wherein the export certificate includes;
an identification of the first manifest;
an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and
a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key.
1 Assignment
0 Petitions
Accused Products
Abstract
Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
-
Citations
12 Claims
-
1. One or more computer storage media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
-
receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device; obtain a first manifest identifier from a first manifest corresponding to the trusted application; obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret; compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application; wherein the export certificate includes; an identification of the first manifest; an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key. - View Dependent Claims (2, 3, 4)
-
-
5. A method implemented by a trusted core of a computing device, the method comprising:
-
receiving, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device; obtaining a first manifest identifier from a first manifest corresponding to the trusted application; obtaining a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret; comparing the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and revealing the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then revealing the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not revealing the secret to the trusted application; wherein the export certificate includes; an identification of the first manifest; an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key. - View Dependent Claims (6, 7, 8)
-
-
9. A computing device comprising:
-
a processor; and one or more computer storage media having stored thereon instructions to implement a trusted core that, when executed by the processor, causes the processor to; receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device; obtain a first manifest identifier from a first manifest corresponding to the trusted application; obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret; compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application; wherein the export certificate includes; an identification of the first manifest; an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key. - View Dependent Claims (10, 11, 12)
-
Specification