Collecting anonymous and traceable telemetry

US 8,607,305 B2
Filed: 09/01/2008
Issued: 12/10/2013
Est. Priority Date: 09/01/2008
Status: Active Grant

First Claim

Patent Images

1. A method implemented at least in part by a computer, the method comprising:

establishing a trust relationship with an escrow certificate issuer operable to issue certificates for use in providing telemetry data, the telemetry data including attack detection data;

receiving a certificate from a telemetry source, the certificate including information usable to verify that the certificate is valid but not usable to determine an entity that controls the telemetry source without additional data not included in the certificate;

determining, by a processor, whether the certificate is valid; and

when the certificate is valid, determining whether the certificate is associated with low quality telemetry data or known false quality telemetry data and, when the certificate is associated with low quality telemetry data or known false quality telemetry data, causing the telemetry data to be rejected.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the subject matter described herein relate to collecting anonymous and traceable telemetry. In aspects, a telemetry source may obtain a certificate or other data from an escrow certificate issuer. The certificate includes information usable by a certificate collector to verify that the certificate is valid, but does not include information usable to identify the telemetry source to the telemetry collector.

Citations

20 Claims

1. A method implemented at least in part by a computer, the method comprising:
- establishing a trust relationship with an escrow certificate issuer operable to issue certificates for use in providing telemetry data, the telemetry data including attack detection data;
  
  receiving a certificate from a telemetry source, the certificate including information usable to verify that the certificate is valid but not usable to determine an entity that controls the telemetry source without additional data not included in the certificate;
  
  determining, by a processor, whether the certificate is valid; and
  
  when the certificate is valid, determining whether the certificate is associated with low quality telemetry data or known false quality telemetry data and, when the certificate is associated with low quality telemetry data or known false quality telemetry data, causing the telemetry data to be rejected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining whether the certificate is valid comprises determining whether the escrow certificate issuer issued the certificate.
  - 3. The method of claim 1, wherein determining whether the certificate is valid comprises determining whether the certificate has expired.
  - 4. The method of claim 1, wherein determining whether the certificate is valid comprises determining whether the certificate has been revoked.
  - 5. The method of claim 1, wherein establishing a trust relationship with the escrow certificate issuer comprises obtaining a public key that corresponds to private key with which the escrow certificate issuer signs the certificates.
  - 6. The method of claim 1, further comprising establishing a cost to issuing certificates to discourage entities that seek to automatically obtain multiple certificates.
  - 7. The method of claim 1, wherein the information includes a public key of the telemetry source, the public key corresponding to a private key used to sign the telemetry data.
  - 8. The method of claim 1, wherein the information includes a sequence of bytes that distinguishes the telemetry source from other telemetry sources to which the escrow certificate issuer has issued certificates.
  - 9. The method of claim 1, further comprising determining whether the telemetry source is reliable based at least in part on previous telemetry data sent with the certificate.

10. A computer storage medium, the computer storage medium not consisting of a signal per se, storing computer-executable instructions, which when executed perform actions, comprising:
- receiving first data from an escrow certificate issuer, the first data usable to verify that telemetry data sent to a telemetry receiver is sent by an entity that has access to the first data, the first data providing anonymity to the entity with respect to the telemetry receiver, the telemetry data including attack detection data; and
  
  in conjunction with sending telemetry data to the telemetry receiver from a telemetry source, using the first data to indicate that the telemetry data is sent by the entity that has access to the first data, and determining whether the first data is associated with low quality telemetry data or known false quality telemetry data and, when the first data is associated with low quality telemetry data or known false quality telemetry data, indicating the telemetry data sent to the telemetry receiver should be discarded or rejected.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer storage medium of claim 10, wherein the first data providing anonymity to the entity with respect to the telemetry receiver comprises the first data not including information usable to determine an identity of the entity without additional data that is not included in the first data.
  - 12. The computer storage medium of claim 10, wherein the first data comprises a certificate that includes an identifier that is different from any other identifier that the escrow certificate issuer provides in a certificate to any other entity.
  - 13. The computer storage medium of claim 12, wherein the identifier comprises a sequence of bits.
  - 14. The computer storage medium of claim 10, wherein the first data comprises an authentication code.
  - 15. The computer storage medium of claim 10, wherein the first data comprises a certificate that includes a public key usable to verify that the certificate was issued by the escrow certificate issuer.
  - 16. The computer storage medium of claim 10, further comprising signing the telemetry data using a private key that corresponds to a public key included in the first data.

17. In a computing environment, an apparatus, comprising:
- one or more hardware elements, the one or more hardware elements including a processor;
  
  a telemetry receiver operable with the processor to receive from a telemetry source telemetry data in conjunction with a certificate, the certificate including information usable to verify that the certificate is issued by an escrow certificate issuer but not usable to determine an identity of an entity that sent the telemetry data without additional data not included in the certificate, the telemetry data including attack detection data;
  
  a certificate validator operable to verify that the certificate was issued by the escrow certificate issuer;
  
  a ranking unit operable to generate a reliability rank of the telemetry source; and
  
  a transmitter configured to transmit the reliability rank of the telemetry source to a telemetry collector, the reliability rank indicating the telemetry source is associated with low quality telemetry data and the telemetry data should be discarded by the telemetry collector.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, further comprising a certificate identifier tracker operable to store information that identifies the certificate, the information usable to track reliability of telemetry data received in conjunction with the certificate.
  - 19. The apparatus of claim 17, further comprising a trust component operable to establish a trust relationship with the escrow certificate issuer, the trust relationship providing information usable to determine whether a certificate was issued by the escrow certificate issuer.
  - 20. The apparatus of claim 17, wherein the information usable to verify that the certificate is issued by the escrow certificate issuer comprises a signature of the escrow certificate issuer and a public key corresponding to a private key with which the escrow certificate issuer signs certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Neystadt, John, Friedman, Arie, Kohanim, Gregory Aaron, Shostack, Adam
Primary Examiner(s)
Gergiso, Techane

Application Number

US12/202,352
Publication Number

US 20100058454A1
Time in Patent Office

1,926 Days
Field of Search

726/10, 607/60, 455/404.1, 379/106.01
US Class Current

726/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/64   Protecting data integrity, ...

G06F 21/645   using a third party

G06F 2221/2135   Metering

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0428   wherein the data content is...

H04L 9/3268   using certificate validatio...

Collecting anonymous and traceable telemetry

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Collecting anonymous and traceable telemetry

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links