Manifest-based trusted agent management in a trusted operating system environment
First Claim
Patent Images
1. A computer readable storage medium having stored thereon instructions that, when executed by a computing device, cause the computing device to:
- obtain a source manifest associated with a trusted application of the computing device that relates to a secret associated with the trusted application to be exported to a destination application of the computing device, the source manifest comprising;
data sufficient to associate the source manifest with the secret; and
an export statement list having;
a first portion including an identifier of the source manifest associated with the trusted application;
a second portion including an identifier of a destination manifest associated with the destination application;
a third portion derived from the identifiers in both the first portion and the second portion by generating a digital signature over the first and second portions; and
use the source manifest at the computing device to enable export of the secret to the destination application.
1 Assignment
0 Petitions
Accused Products
Abstract
Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
146 Citations
15 Claims
-
1. A computer readable storage medium having stored thereon instructions that, when executed by a computing device, cause the computing device to:
-
obtain a source manifest associated with a trusted application of the computing device that relates to a secret associated with the trusted application to be exported to a destination application of the computing device, the source manifest comprising; data sufficient to associate the source manifest with the secret; and an export statement list having; a first portion including an identifier of the source manifest associated with the trusted application; a second portion including an identifier of a destination manifest associated with the destination application; a third portion derived from the identifiers in both the first portion and the second portion by generating a digital signature over the first and second portions; and use the source manifest at the computing device to enable export of the secret to the destination application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
using a computing device to export one or more secrets associated with a trusted application from the trusted application to a destination application by; storing the one or more secrets in memory associated with the computing device; exposing a source manifest associated with the trusted application that relates to the one or more secrets, the source manifest including; data sufficient to associate the source manifest with the one or more secrets stored in the memory; and an identifier corresponding to a destination manifest associated with the destination application to enable the destination application to retrieve the one or more secrets from the memory; when the destination application attempts to retrieve the one or more secrets, examining the source manifest to detect the identifier associated with the destination manifest; and enabling the destination application to retrieve the one or more secrets when the identifier is detected in the source manifest. - View Dependent Claims (11, 12, 13, 14, 15)
Specification