Trusted sensors

US 8,832,461 B2
Filed: 06/25/2010
Issued: 09/09/2014
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented sensor method executed by a processor comprising:

receiving sensor readings from sensors of a device, the device including a trust component that provides trust information which is applied to the sensor readings to create trustworthy readings for communication to a consuming application;

when the trust component includes a virtualization component that virtualizes the sensors and facilitates interaction with the sensors by the consuming application;

signing the sensor readings with the trust information via a virtual machine within the device; and

independent of software configuration of the device, when the trust component includes a central hardware trust module that comprises a secure counter;

obtaining a counter value from the secure counter;

signing the sensor readings and the obtained counter value at the sensors using the trust information; and

registering the device and the sensors with a remote service to associate the sensors with the device after signing the sensor readings and the obtained counter value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols.

124 Citations

20 Claims

1. A computer-implemented sensor method executed by a processor comprising:
- receiving sensor readings from sensors of a device, the device including a trust component that provides trust information which is applied to the sensor readings to create trustworthy readings for communication to a consuming application;
  
  when the trust component includes a virtualization component that virtualizes the sensors and facilitates interaction with the sensors by the consuming application;
  
  signing the sensor readings with the trust information via a virtual machine within the device; and
  
  independent of software configuration of the device, when the trust component includes a central hardware trust module that comprises a secure counter;
  
  obtaining a counter value from the secure counter;
  
  signing the sensor readings and the obtained counter value at the sensors using the trust information; and
  
  registering the device and the sensors with a remote service to associate the sensors with the device after signing the sensor readings and the obtained counter value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising tagging the sensor readings with time information and signing the sensor readings and the time information using the trust information.
  - 3. The method of claim 1, wherein the sensor readings are raw sensor readings.
  - 4. The method of claim 1, further comprising incrementing the secure counter before obtaining a counter value from the secure counter.
  - 5. The method of claim 1, wherein the trust information is provided according to a trustworthy computing technology.
  - 6. The method of claim 1, further comprising preventing transferability of the sensor readings by employing a knowledge protocol that reveals the sensor readings of the signed sensor readings without revealing signatures used to sign the sensor readings.
  - 7. The method of claim 1, wherein signing the sensor readings comprises signing the sensor readings using an attestation key that facilitates attestation anonymity.

8. A device comprising:
- a processor; and
  
  executable instructions operable by the processor, the executable instructions comprising a sensor method, the sensor method comprising;
  
  receiving sensor readings from sensors of the device, the device including a trust component that provides trust information which is applied to the sensor readings to create trustworthy readings for communication to a consuming application;
  
  when the trust component includes a virtualization component that virtualizes the sensors and facilitates interaction with the sensors by the consuming application;
  
  signing the sensor readings with the trust information via a virtual machine within the device; and
  
  independent of software configuration of the device, when the trust component includes a hardware trust module that comprises a secure counter;
  
  obtaining a counter value from the secure counter;
  
  signing the sensor readings and the obtained counter value at the sensors using the trust information; and
  
  registering the device and the sensors with a remote service to associate the sensors with the device after signing the sensor readings and the obtained counter value.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, wherein the sensor readings are raw sensor readings.
  - 10. The device of claim 8, wherein the sensor method further comprises tagging the sensor readings with time information.
  - 11. The device of claim 10, wherein the sensor method further comprises signing the tagged sensor readings and the time information using the trust information.
  - 12. The device of claim 8, wherein the sensor method further comprises incrementing the secure counter before obtaining a counter value from the secure counter.
  - 13. The device of claim 8, wherein the sensor method further comprises preventing transferability of the sensor readings by employing a knowledge protocol that reveals the sensor readings of the signed sensor readings without revealing signatures used to sign the sensor readings.
  - 14. The device of claim 8, wherein signing the sensor readings comprises signing the sensor readings using an attestation key that facilitates attestation anonymity.

15. A storage device for storing computer readable instructions, the computer readable instructions when executed by a processing device performs a sensor method, the sensor method comprising:
- receiving sensor readings from sensors of a mobile device, the mobile device including a trust component that provides trust information which is applied to the sensor readings to create trustworthy readings for communication to a consuming application;
  
  when the trust component includes a virtualization component that virtualizes the sensors and facilitates interaction with the sensors by the consuming application;
  
  signing the sensor readings with the trust information via a virtual machine within the mobile device; and
  
  independent of software configuration of the mobile device, when the trust component includes a central hardware trust module that comprises a secure counter;
  
  obtaining a counter value from the secure counter;
  
  signing the sensor readings and the obtained counter value at the sensors using the trust information; and
  
  registering the mobile device and the sensors with a remote service to associate the sensors with the mobile device after signing the sensor readings and the obtained counter value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The storage device of claim 15, wherein the sensor readings are raw sensor readings.
  - 17. The storage device of claim 15, wherein the sensor method further comprises tagging the sensor readings with time information and signing the sensor readings and the time information using the trust information.
  - 18. The storage device of claim 15, wherein the sensor method further comprises incrementing the secure counter before obtaining a counter value from the secure counter.
  - 19. The storage device of claim 15, wherein the sensor method further comprises preventing transferability of the sensor readings by employing a knowledge protocol that reveals the sensor readings of the signed sensor readings without revealing signatures used to sign the sensor readings.
  - 20. The storage device of claim 15, wherein signing the sensor readings comprises signing the sensor readings using an attestation key that facilitates attestation anonymity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Saroiu, Stefan, Wolman, Alastair
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US12/823,150
Publication Number

US 20110320823A1
Time in Patent Office

1,537 Days
Field of Search

726/3, 726/5, 713/189, 455/456.3
US Class Current

713/189
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3247   involving digital signatures

Trusted sensors

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Trusted sensors

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others