Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access

US 8,850,568 B2
Filed: 03/07/2008
Issued: 09/30/2014
Est. Priority Date: 03/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method of detecting attacks on a computing device and securely communicating information about such attacks, comprising:

detecting an attack on the computing device;

determining a type of the attack;

forming a response key based on the type of the attack and an identity of the computing device;

receiving a request from a requesting entity, a portion of the request comprising a non-deterministic value;

combining the portion of the request comprising a non-deterministic value with a portion of the response key to form a transformed key; and

providing the transformed key to the requesting entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for detecting attacks against a computing device are described. Such attacks may be detected by the device and reported to a requesting entity in a manner that makes it difficult for an attacker to know that the attack has been detected. Several exemplary embodiments comprising different client/server and client/network type systems are presented.

Citations

32 Claims

1. A method of detecting attacks on a computing device and securely communicating information about such attacks, comprising:
- detecting an attack on the computing device;
  
  determining a type of the attack;
  
  forming a response key based on the type of the attack and an identity of the computing device;
  
  receiving a request from a requesting entity, a portion of the request comprising a non-deterministic value;
  
  combining the portion of the request comprising a non-deterministic value with a portion of the response key to form a transformed key; and
  
  providing the transformed key to the requesting entity.
- View Dependent Claims (2, 3, 4, 5, 6, 29, 32)
- - 2. The method of claim 1, wherein the response key is formed by selecting one of a plurality of programmed hardware keys.
  - 3. The method of claim 1, wherein the response key is formed by combining information about the attack with a programmed hardware key.
  - 4. The method of claim 1, the non-deterministic value is generated by an entropy source.
  - 5. The method of claim 1, wherein forming the transformed key comprises mathematically transforming a combination of the portion of the request and the portion of the response key.
  - 6. The method of claim 5, wherein the mathematical transformation comprises using a one-way hash function.
  - 29. The method of claim 1, wherein detecting an attack on the computing device is performed by the computing device.
  - 32. The method of claim 4, wherein the entropy source is at least one of a look-up table or a thermal noise generator.

7. A computing device configured to detect and securely report information concerning attacks against the computing device, comprising:
- a storage element configured to store a programmed hardware key;
  
  an attack detection circuit adapted to detect attacks against the computing device;
  
  a key formation circuit adapted to form a response key based on the programmed hardware key and an input from the attack detection circuit;
  
  an interface circuit adapted to receive a request from a requesting entity, a portion of the request comprising a non-deterministic value;
  
  a transformation circuit adapted to generate a transformed key from at least a portion of the response key and at least the portion of the request comprising a non-deterministic value received at the interface circuit; and
  
  a circuit adapted to provide the transformed key to the requesting entity.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The computing device of claim 7, wherein the storage element is a non-volatile storage element.
  - 9. The computing device of claim 7, wherein the storage element is a volatile storage element.
  - 10. The computing device of claim 7, wherein the key formation circuit selects one of a plurality of programmed hardware keys to form the response key.
  - 11. The computing device of claim 7, wherein the key formation circuit combines a portion of the input from the attack detection circuit with a programmed hardware key to form the response key.
  - 12. The computing device of claim 7, the non-deterministic value is generated by an entropy source.
  - 13. The computing device of claim 12, wherein the transformation circuit mathematically transforms a combination of the portion of the request comprising a non-deterministic value and a portion of the response key to form the transformed key.
  - 14. The computing device of claim 13, wherein the mathematical transformation comprises using a one-way hash function.
  - 15. The computing device of claim 7, wherein the computing device is configured as a wireless cellular phone.

16. A computing device configured to detect and securely report information concerning attacks against the computing device, comprising:
- storage means configured to store a programmed hardware key;
  
  attack detection means adapted to detect attacks against the computing device;
  
  a key formation means adapted to form a response key based on the programmed hardware key and an input from the attack detection means;
  
  an interface means adapted to receive a request from a requesting entity, a portion of the request comprising a non-deterministic value;
  
  a transformation means adapted to generate a transformed key from a portion of the response key and the portion of the request comprising a non-deterministic value received at the interface means; and
  
  a transmission means adapted to provide the transformed key to the requesting entity.

17. A method of securely receiving information about attacks on computing device at a requesting entity, comprising:
- forming a request at the requesting entity, a portion of the request comprising a non-deterministic value;
  
  providing the request to the computing device;
  
  receiving a transformed key from the computing device based on the portion of the request comprising a non-deterministic value, an identity of the computing device and a type of an attack detected; and
  
  determining the identity of the computing device and the type of the attack detected based on a comparison of the transformed key to a plurality of possible transformed keys.
- View Dependent Claims (18, 19, 28)
- - 18. The method of claim 17, wherein the non-deterministic value is generated by an entropy source.
  - 19. The method of claim 17, further comprising taking action if the requesting entity determines that the computing device has been attacked.
  - 28. The method of claim 19, wherein the action is selected from the group consisting of denying the computing device access to a network, disabling a feature of the computing device, disabling a software program of the computing device, logging location information of the computing device and logging information about a type of the computing device.

20. A requesting entity adapted to securely receive information about attacks on a computing device, comprising:
- a request formation circuit adapted to form a request, a portion of the request comprising a non-deterministic value;
  
  a circuit adapted to provide the request to the computing device;
  
  a receiver circuit adapted to receive from the computing device a transformed key based on the portion of the request comprising a non-deterministic value, an identity of the computing device and a type of an attack detected; and
  
  a comparison circuit adapted to compare the transformed key received from the computing device to a plurality of possible transformed keys and determine the identity of the computing device and the type of the attack detected based on the comparison of the transformed key to the plurality of possible transformed keys.
- View Dependent Claims (21, 22)
- - 21. The requesting entity of claim 20, wherein the non-deterministic value is generated by an entropy source.
  - 22. The requesting entity of claim 20, wherein the requesting entity is configured as a wireless cellular network.

23. A requesting entity adapted to securely receive information about attacks on a computing device, comprising:
- means for forming a request, a portion of the request comprising a non-deterministic value;
  
  means for providing the request to the computing device;
  
  means for receiving from the computing device a transformed key based on the portion of the request comprising a non-deterministic value, the identity of the computing device and a type of an attack detected; and
  
  means for comparing the transformed key from the computing device to a plurality of possible transformed keys and determining the identity of the computing device and the type of the attack detected based on the comparison of the transformed key to the plurality of possible transformed keys.
- View Dependent Claims (24, 25)
- - 24. The requesting entity of claim 23, wherein the means for forming a request is a software program contained in a computer-readable medium.
  - 25. The requesting entity of claim 23, wherein the requesting entity is configured as a wireless cellular network.

26. A computing device configured to detect and securely report information concerning attacks against the computing device, wherein the computing device is configured to:
- detect an attack against the computing device;
  
  determine a type of the attack;
  
  form a response key based on the type of the attack and an identity of the computing device;
  
  receive a request from a requesting entity, a portion of the request comprising a non-deterministic value;
  
  combine the portion of the request comprising a non-deterministic value with a portion of the response key to form a transformed key; and
  
  provide the transformed key to the requesting entity.

27. A requesting entity configured to securely receive information about attacks on a computing device, the requesting entity configured to:
- form a request, a portion of the request comprising a non-deterministic value;
  
  provide the request to the computing device;
  
  receive from the computing device a transformed key based on the portion of the request comprising a non-deterministic value, an identity of the computing device and a type of an attack detected by the computing device;
  
  compare the transformed key to a plurality of possible transformed keys to determine the identity of the computing device and the type of the attack detected by the computing device based on the comparison of the transformed key to the plurality of possible transformed keys.

30. An apparatus comprising a non-transitory computer-readable medium comprising code that, when executed by a processor causes the processor to:
- detect an attack on a computing device;
  
  determine a type of the attack;
  
  form a response key based on the type of the attack and an identity of the computing device;
  
  receive a request from a requesting entity, a portion of the request comprising a non-deterministic value;
  
  combine the portion of the request comprising a non-deterministic value with a portion of the response key to form a transformed key; and
  
  provide the transformed key to the requesting entity.

31. An apparatus comprising a non-transitory computer-readable medium comprising code that, when executed by a processor causes the processor to:
- form a request at a requesting entity, a portion of the request comprising a non-deterministic value;
  
  provide the request to a computing device;
  
  receive a transformed key from the computing device based on the portion of the request comprising a non-deterministic value, an identity of the computing device and a type of an attack detected; and
  
  determine the identity of the computing device and the type of the attack detected based on a comparison of the transformed key to a plurality of possible transformed keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Shirlen, Martyn Ryan, Hofmann, Richard Gerard
Primary Examiner(s)
Hailu, Teshome
Assistant Examiner(s)
Getachew, Abiy

Application Number

US12/044,409
Publication Number

US 20090228698A1
Time in Patent Office

2,398 Days
Field of Search

709/217, 709/224, 709/227, 726/23, 713/23, 713/150
US Class Current

726/22
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 2221/2115   Third party

H04L 63/1416   Event detection, e.g. attac...

Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links