Renewable and individualizable elements of a protected environment
First Claim
Patent Images
1. A method for providing a protected computing environment comprising:
- separating out a protected environment management component of a kernel from one or more other components of the kernel, wherein the protected environment management component of the kernel includes an obfuscated and encrypted version of a secure flag indicating whether the kernel is considered secure for the protected computing environment, and wherein the protected environment management component is configured to respond to one or more requests regarding a state of the secure flag;
providing identification information as a part of the protected environment management component; and
providing individualization information for an associated computing device as part of the protected environment management component, wherein the individualization information comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the XML object serves to bind the protected environment to the associated computing device to render the protected environment management component useless on a computing device other than the associated computing device, and wherein providing the individualization information comprises utilizing a template common to a plurality of computing devices to generate the individualization information for the associated computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing a protected computing environment comprising separating out a protected environment management component from a kernel of a computing device, providing identification information as a part of the protected environment management component, and providing individualization information as part of the protected environment management component.
-
Citations
15 Claims
-
1. A method for providing a protected computing environment comprising:
-
separating out a protected environment management component of a kernel from one or more other components of the kernel, wherein the protected environment management component of the kernel includes an obfuscated and encrypted version of a secure flag indicating whether the kernel is considered secure for the protected computing environment, and wherein the protected environment management component is configured to respond to one or more requests regarding a state of the secure flag; providing identification information as a part of the protected environment management component; and providing individualization information for an associated computing device as part of the protected environment management component, wherein the individualization information comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the XML object serves to bind the protected environment to the associated computing device to render the protected environment management component useless on a computing device other than the associated computing device, and wherein providing the individualization information comprises utilizing a template common to a plurality of computing devices to generate the individualization information for the associated computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of establishing a protected environment within a device, the method comprising:
-
validating a secure operating environment; indicating a security state of the secure operating environment by responding to one or more requests regarding a state of an obfuscated and encrypted secure flag maintained in a management component of a kernel of the device, the device comprising at least one processor and at least one system bus; establishing the protected environment; securely communicating between the secure operating environment and the protected environment at least in part by utilizing secret information, wherein access to the secret information is controlled by the management component of the kernel of the device, and wherein the management component is distinct from one or more other components of the kernel; and individualizing the management component at least in part by utilizing a device certificate template to generate a unique device certificate for the device, wherein the unique device certificate comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the unique device certificate serves to bind the management component to the device to render the management component useless on another device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing a secure computing environment, the system comprising:
-
a kernel of a device operating system of an associated device, the kernel comprising a protected environment management component, wherein the protected environment management component is distinct from other kernel components and is configured to track a security state of the kernel and the secure computing environment; identification information for the protected environment management component; and a device certificate template built into the associated device and comprising template information common to a plurality of computing devices; individualization information for the protected environment management component, wherein the individualization information is generated from the template information and is included in the protected environment management component of the kernel in the form of a unique device certificate that serves to bind the protected environment management component to the associated device, and wherein the unique device certificate comprises an XML object configured to gather and present device identification information, device capability information, and key information.
-
Specification