Manifest-based trusted agent management in a trusted operating system environment

US 7,257,707 B2
Filed: 08/18/2005
Issued: 08/14/2007
Est. Priority Date: 11/16/2001
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer storage media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:

receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;

obtain a first manifest identifier from a first manifest corresponding to the trusted application;

obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret;

compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and

reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application;

wherein the export certificate includes;

an identification of the first manifest;

an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and

a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Citations

12 Claims

1. One or more computer storage media having stored thereon a plurality of instructions to implement a trusted core of a computing device that, when executed by one or more processors of the computing device, causes the one or more processors to:
- receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
  
  obtain a first manifest identifier from a first manifest corresponding to the trusted application;
  
  obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret;
  
  compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and
  
  reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application;
  
  wherein the export certificate includes;
  
  an identification of the first manifest;
  
  an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and
  
  a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key.
- View Dependent Claims (2, 3, 4)
- - 2. One or more computer storage media as recited in claim 1, wherein the trusted application is an upgraded version of the previous trusted application.
  - 3. One or more computer storage media as recited in claim 1, wherein:
    - the second manifest includes a first public key of the first public-private key pair, an identifier of the party that generated the second manifest, and a version indicator of the second manifest; and
      
      the first manifest includes a second public key of a second public-private key pair of a party that generated the first manifest, an identifier of the party that generated the first manifest, and a version indicator of the first manifest.
  - 4. One or more computer storage media as recited in claim 3, wherein the instructions that cause the one or more processors to determine whether to reveal the secret to the trusted application cause the one or more processors to:
    - check whether the first public key is the same as the second public key and whether the identity of the party that generated the first manifest is the same as the identity of the party that generated the second manifest;
      
      check whether the version indicator of the first manifest is the same as one or more version indicators supplied by the previous trusted application when securely storing the secret; and
      
      refuse to reveal the secret to the trusted application if the checking indicates any one or more of the following;
      
      the first public key is not the same as the second public key, the identity of the party that generated the first manifest is not the same as the identity of the party that generated the second manifest, the version indicator of the first manifest is not the same as one or more version indicators supplied by the previous trusted application when securely storing the secret.

5. A method implemented by a trusted core of a computing device, the method comprising:
- receiving, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
  
  obtaining a first manifest identifier from a first manifest corresponding to the trusted application;
  
  obtaining a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret;
  
  comparing the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and
  
  revealing the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then revealing the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not revealing the secret to the trusted application;
  
  wherein the export certificate includes;
  
  an identification of the first manifest;
  
  an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and
  
  a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key.
- View Dependent Claims (6, 7, 8)
- - 6. A method as recited in claim 5, wherein the trusted application is an upgraded version of the previous trusted application.
  - 7. A method as recited in claim 5, wherein:
    - the second manifest includes a first public key of the first public-private key pair, an identifier of the party that generated the second manifest, and a version indicator of the second manifest; and
      
      the first manifest includes a second public key of a second public-private key pair of a party that generated the first manifest, an identifier of the party that generated the first manifest, and a version indicator of the first manifest.
  - 8. A method as recited in claim 7, wherein the determining whether to reveal the secret to the trusted application further comprises:
    - checking whether the first public key is the same as the second public key and whether the identity of the party that generated the first manifest is the same as the identity of the party that generated the second manifest;
      
      checking whether the version indicator of the first manifest is the same as one or more version indicators supplied by the previous trusted application when securely storing the secret; and
      
      refusing to reveal the secret to the trusted application if the checking indicates any one or more of the following;
      
      the first public key is not the same as the second public key, the identity of the party that generated the first manifest is not the same as the identity of the party that generated the second manifest, the version indicator of the first manifest is not the same as one or more version indicators supplied by the previous trusted application when securely storing the secret.

9. A computing device comprising:
- a processor; and
  
  one or more computer storage media having stored thereon instructions to implement a trusted core that, when executed by the processor, causes the processor to;
  
  receive, from a trusted application executing on the computing device, a request to retrieve a secret securely stored by a previous trusted application executing on the computing device;
  
  obtain a first manifest identifier from a first manifest corresponding to the trusted application;
  
  obtain a second manifest identifier identifying a second manifest corresponding to the previous trusted application, wherein the second manifest identifier is stored with the secret;
  
  compare the first manifest identifier of the trusted application to the second manifest identifier corresponding to the previous trusted application; and
  
  reveal the secret to the trusted application if the first manifest identifier and the second manifest identifier are the same, if the first manifest identifier and the second manifest identifier are not the same then reveal the secret to the trusted application if an export certificate corresponding to the previous trusted application identifies the first manifest having the first manifest identifier as being authorized to retrieve the secret, and otherwise not reveal the secret to the trusted application;
  
  wherein the export certificate includes;
  
  an identification of the first manifest;
  
  an identification of the second manifest, wherein the second manifest was digitally signed using a first private key of a first public-private key pair of a party that generated the second manifest; and
  
  a digital signature over the identification of the first manifest and the identification of the second manifest, wherein the digital signature is generated using the first private key.
- View Dependent Claims (10, 11, 12)
- - 10. A computing device as recited in claim 9, wherein the trusted application is an upgraded version of the previous trusted application.
  - 11. A computing device as recited in claim 9, wherein:
    - the second manifest includes a first public key of the first public-private key pair, an identifier of the party that generated the second manifest, and a version indicator of the second manifest; and
      
      the first manifest includes a second public key of a second public-private key pair of a party that generated the first manifest, an identifier of the party that generated the first manifest, and a version indicator of the first manifest.
  - 12. A computing device as recited in claim 11, wherein the instructions that cause the processor to determine whether to reveal the secret to the trusted application cause the processor to:
    - check whether the first public key is the same as the second public key and whether the identity of the party that generated the first manifest is the same as the identity of the party that generated the second manifest;
      
      check whether the version indicator of the first manifest is the same as one or more version indicators supplied by the previous trusted application when securely storing the secret; and
      
      refuse to reveal the secret to the trusted application if the checking indicates any one or more of the following;
      
      the first public key is not the same as the second public key, the identity of the party that generated the first manifest is not the same as the identity of the party that generated the second manifest, the version indicator of the first manifest is not the same as one or more version indicators supplied by the previous trusted application when securely storing the secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.
Primary Examiner(s)
Barroń, Jr.; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US11/206,579
Publication Number

US 20050278531A1
Time in Patent Office

726 Days
Field of Search

None
US Class Current

713/164
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links