Devices, systems, and methods for monitoring and asserting trust level using persistent trust log

US 9,177,129 B2
Filed: 06/27/2012
Issued: 11/03/2015
Est. Priority Date: 06/27/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device having a trust level, the computing device comprising:

a memory having stored therein a persistent trust log, wherein the persistent trust log comprises data relating to historic events influencing the trust level of the computing device; and

a security controller configured to (i) detect events that influence the trust level of the computing device, (ii) write data relating to the events to the persistent trust log, (iii) receive a trust assessment request that includes a trust profile from an external service that resides on a server external to the computing device, (iv) analyze the data in the persistent trust log, at least in part, using one or more criteria included in the trust profile, (v) generate a trust assessment based on the data analysis, and (vi) transmit the trust assessment to the external service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods for monitoring and asserting a trust level of a computing device are disclosed. In one illustrative embodiment, a computing device may include a memory having stored therein a persistent trust log, the persistent trust log comprising data relating to historic events influencing a trust level of the computing device, and a security controller configured to detect an event that influences the trust level of the computing device and to write data relating to the event to the persistent trust log.

Citations

23 Claims

1. A computing device having a trust level, the computing device comprising:
- a memory having stored therein a persistent trust log, wherein the persistent trust log comprises data relating to historic events influencing the trust level of the computing device; and
  
  a security controller configured to (i) detect events that influence the trust level of the computing device, (ii) write data relating to the events to the persistent trust log, (iii) receive a trust assessment request that includes a trust profile from an external service that resides on a server external to the computing device, (iv) analyze the data in the persistent trust log, at least in part, using one or more criteria included in the trust profile, (v) generate a trust assessment based on the data analysis, and (vi) transmit the trust assessment to the external service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing device of claim 1, wherein the memory is a dedicated memory device accessible only to the security controller.
  - 3. The computing device of claim 1, wherein the security controller is further configured to digitally sign the data relating to the event using a private key when writing the data relating to the event to the persistent trust log.
  - 4. The computing device of claim 1, wherein the security controller is configured to analyze data stored in the persistent trust log, at least in part, by evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security controller.
  - 5. The computing device of claim 1, wherein the security controller is configured to analyze data stored in the persistent trust log, at least in part, by retrieving information from a database on the server external that indicates how one or more of the historic events influence the trust level of the computing device.
  - 6. The computing device of claim 1, wherein the security controller is further configured to determine whether to respond to the trust assessment request by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 7. The computing device of claim 1, wherein the security controller is further configured to determine whether to respond to the trust assessment request by evaluating an identity credential received with the trust assessment request.
  - 8. The computing device of claim 1, wherein the security controller is further configured to digitally sign the trust assessment with a timestamp prior to transmitting the trust assessment.
  - 9. The computing device of claim 1, wherein the security controller is further configured to digitally sign the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment.

10. A method for asserting a trust level of a computing device, the method comprising:
- receiving a trust assessment request including a trust profile from an external service residing on a server external to the computing device;
  
  analyzing, at a security engine of the computing device, data stored in a persistent trust log on the computing device based, at least in part, on one or more criteria included in the trust profile, wherein the data stored in the persistent trust log relates to historic events influencing the trust level of the computing device;
  
  generating, at the security engine, a trust assessment based on the data analysis; and
  
  transmitting, by the security engine, the trust assessment to the external service.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein analyzing the data stored in the persistent trust log comprises evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security engine.
  - 12. The method of claim 10, wherein analyzing the data stored in the persistent trust log comprises retrieving information from a database residing on the server external to the computing device that indicates how one or more of the historic events influence the trust level of the computing device.
  - 13. The method of claim 10, further comprising determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 14. The method of claim 10, further comprising determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating an identity credential received from the external service originating the trust assessment request.
  - 15. The method of claim 10, wherein generating the trust assessment using the security engine comprises digitally signing the trust assessment with a timestamp prior to transmitting the trust assessment to the external service originating the trust assessment request.
  - 16. The method of claim 10, wherein generating the trust assessment using the security engine comprises digitally signing the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment to the external service originating the trust assessment request.

17. One or more non-transitory, machine readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, result in a computing device:
- receiving a trust assessment request including a trust profile from an external service residing on a server external to the computing device;
  
  analyzing data stored in a persistent trust log on the computing device based on, at least in part, one or more criteria included in the trust profile, wherein the data stored in the persistent trust log relates to historic events influencing the trust level of the computing device;
  
  generating a trust assessment based on the data analysis using a security engine of the computing device; and
  
  transmitting the trust assessment to the external.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions result in the computing device analyzing the data stored in the persistent trust log, at least in part, by evaluating a digital signature to determine whether the data stored in the persistent trust log was written to the persistent trust log by the security engine.
  - 19. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions result in the computing device analyzing the data stored in the persistent trust log, at least in part, by retrieving information from a database residing on the server external to the computing device, wherein the information indicates how one or more of the historic events influence the trust level of the computing device.
  - 20. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions further result in the computing device determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating whether the trust assessment would reveal the historic events influencing the trust level of the computing device.
  - 21. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions further result in the computing device determining whether to respond to the trust assessment request, prior to transmitting the trust assessment to the external service originating the trust assessment request, by evaluating an identity credential received from the external service originating the trust assessment request.
  - 22. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions further result in the computing device digitally signing the trust assessment with a timestamp prior to transmitting the trust assessment to the external service originating the trust assessment request.
  - 23. The one or more non-transitory, machine readable storage media of claim 17, wherein the plurality of instructions further result in the computing device digitally signing the trust assessment with an anonymous attestation credential prior to transmitting the trust assessment to the external service originating the trust assessment request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Grobman, Steven L., Sengupta, Uttam K., Permeh, Ryan
Primary Examiner(s)
Vostal, O. C.

Application Number

US13/534,321
Publication Number

US 20140006789A1
Time in Patent Office

1,224 Days
Field of Search

713/176
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

Devices, systems, and methods for monitoring and asserting trust level using persistent trust log

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Devices, systems, and methods for monitoring and asserting trust level using persistent trust log

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links