Renewable and individualizable elements of a protected environment

US 8,074,287 B2
Filed: 07/28/2005
Issued: 12/06/2011
Est. Priority Date: 04/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing a protected computing environment comprising:

separating out a protected environment management component of a kernel from one or more other components of the kernel, wherein the protected environment management component of the kernel includes an obfuscated and encrypted version of a secure flag indicating whether the kernel is considered secure for the protected computing environment, and wherein the protected environment management component is configured to respond to one or more requests regarding a state of the secure flag;

providing identification information as a part of the protected environment management component; and

providing individualization information for an associated computing device as part of the protected environment management component, wherein the individualization information comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the XML object serves to bind the protected environment to the associated computing device to render the protected environment management component useless on a computing device other than the associated computing device, and wherein providing the individualization information comprises utilizing a template common to a plurality of computing devices to generate the individualization information for the associated computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing a protected computing environment comprising separating out a protected environment management component from a kernel of a computing device, providing identification information as a part of the protected environment management component, and providing individualization information as part of the protected environment management component.

Citations

15 Claims

1. A method for providing a protected computing environment comprising:
- separating out a protected environment management component of a kernel from one or more other components of the kernel, wherein the protected environment management component of the kernel includes an obfuscated and encrypted version of a secure flag indicating whether the kernel is considered secure for the protected computing environment, and wherein the protected environment management component is configured to respond to one or more requests regarding a state of the secure flag;
  
  providing identification information as a part of the protected environment management component; and
  
  providing individualization information for an associated computing device as part of the protected environment management component, wherein the individualization information comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the XML object serves to bind the protected environment to the associated computing device to render the protected environment management component useless on a computing device other than the associated computing device, and wherein providing the individualization information comprises utilizing a template common to a plurality of computing devices to generate the individualization information for the associated computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method for providing a protected computing environment of claim 1, further comprising comparing the identification information against a revocation list.
  - 3. The method for providing a protected computing environment of claim 1, in which the protected environment management component comprises secret information.
  - 4. The method for providing a protected computing environment of claim 1, in which the protected environment management component'"'"'s structure is obfuscated.
  - 5. The method for providing a protected computing environment of claim 1, in which code embodying the protected environment management component is obfuscated.
  - 6. The method for providing a protected computing environment of claim 1, in which the protected environment management component interacts with the kernel of the associated computing device at least in part via secure communications.
  - 7. The method for providing a protected computing environment of claim 1, wherein the template is built into the associated computing device.

8. A method of establishing a protected environment within a device, the method comprising:
- validating a secure operating environment;
  
  indicating a security state of the secure operating environment by responding to one or more requests regarding a state of an obfuscated and encrypted secure flag maintained in a management component of a kernel of the device, the device comprising at least one processor and at least one system bus;
  
  establishing the protected environment;
  
  securely communicating between the secure operating environment and the protected environment at least in part by utilizing secret information, wherein access to the secret information is controlled by the management component of the kernel of the device, and wherein the management component is distinct from one or more other components of the kernel; and
  
  individualizing the management component at least in part by utilizing a device certificate template to generate a unique device certificate for the device, wherein the unique device certificate comprises an XML object configured to gather and present device identification information, device capability information, and key information, and wherein the unique device certificate serves to bind the management component to the device to render the management component useless on another device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising disabling functionality of the management component.
  - 10. The method of claim 9, further comprising renewing the functionality of the management component.
  - 11. The method of claim 8, further comprising periodically checking the security state of the secure operating environment.
  - 12. The method of claim 8, wherein validating the secure operating environment provides an indication of the security state of the secure operating environment.
  - 13. The method of claim 8, further comprising obfuscating code associated with the management component or the management component'"'"'s structure.
  - 14. The method of claim 8, wherein establishing the protected environment includes utilizing the identification information.

15. A system for providing a secure computing environment, the system comprising:
- a kernel of a device operating system of an associated device, the kernel comprising a protected environment management component, wherein the protected environment management component is distinct from other kernel components and is configured to track a security state of the kernel and the secure computing environment;
  
  identification information for the protected environment management component; and
  
  a device certificate template built into the associated device and comprising template information common to a plurality of computing devices;
  
  individualization information for the protected environment management component, wherein the individualization information is generated from the template information and is included in the protected environment management component of the kernel in the form of a unique device certificate that serves to bind the protected environment management component to the associated device, and wherein the unique device certificate comprises an XML object configured to gather and present device identification information, device capability information, and key information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Barde, Sumedh N., Weiss, Rebecca Claire, Grigorovitch, Alexandre V., Upadhyay, Chaitanya Dutt, Kuhn, Reid Joseph
Primary Examiner(s)
Popham, Jeffrey D

Application Number

US11/191,448
Publication Number

US 20050268115A1
Time in Patent Office

2,322 Days
Field of Search

726/29
US Class Current

726/29
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/68   Special signature format, e...

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

Renewable and individualizable elements of a protected environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Renewable and individualizable elements of a protected environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links