Methods of dynamically securing electronic devices and other communications through environmental and system measurements leveraging tailored trustworthy spaces
First Claim
1. A method for securely and automatically performing functions on an authenticated device comprising a sensor and memory containing third instructions to implement at least one tailored trustworthy space rule (“
- TTS rule”
), first instructions for performing a first function on the authenticated device, and second instructions for performing a second function on the authenticated device, wherein the authenticated device is in an unlocked state, the method comprising;
automatically obtaining a first measurement from the sensor;
prior to performing the first function on the authenticated device, determining that the first measurement satisfies one or more values defined by the at least one TTS rule, and performing the first function by the authenticated device;
prior to performing the second function on the authenticated device, determining that the first measurement fails to satisfy one or more values defined by the at least one TTS rule, and blocking the authenticated device from performing the second function while maintaining the authenticated device in the unlocked state; and
while performing the first function on the authenticated device, automatically obtaining a second measurement from the sensor, comparing the second measurement to the one or more values defined by the at least one TTS rule, and only continuing to perform the first function if the second measurement satisfies at least one of the one or more values defined by the at least one TTS rule;
executing, by the authenticated device, the at least one TTS rule;
when a first TTS rule of the at least one TTS rule fails to be satisfied by the first measurement and the second measurement, then automatically unloading application executable code, and deleting application executable code, application configuration, and decrypted application data from the authenticated device; and
when a second TTS rule of the at least one TTS rule fails to be satisfied by the first measurement and the second measurement, then automatically unloading a decryption key for application data from the authenticated device and preventing application access to the decrypted application data.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention is for a system capable of securing one or more fixed or mobile computing device and connected system. Each device is configured to change its operating posture by allowing, limiting, or disallowing access to applications, application features, devices features, data, and other information based on the current Tailored Trustworthy Space (TTS) definitions and rules which provided for various situationally dependent scenarios. Multiple TTS may be defined for a given deployment, each of which specifies one or more sensors and algorithms for combining sensor data from the device, other connected devices, and/or other data sources from which the current TTS is identified. The device further achieves security by loading digital credentials through a unidirectional multidimensional physical representation process which allows for the device to obtain said credentials without the risk of compromising the credential issuing system through the data transfer process. This secure system methodology may be used to create a Mobile Secure Compartmentalized Information Facility (M-SCIF), among other applications.
37 Citations
23 Claims
-
1. A method for securely and automatically performing functions on an authenticated device comprising a sensor and memory containing third instructions to implement at least one tailored trustworthy space rule (“
- TTS rule”
), first instructions for performing a first function on the authenticated device, and second instructions for performing a second function on the authenticated device, wherein the authenticated device is in an unlocked state, the method comprising;automatically obtaining a first measurement from the sensor; prior to performing the first function on the authenticated device, determining that the first measurement satisfies one or more values defined by the at least one TTS rule, and performing the first function by the authenticated device; prior to performing the second function on the authenticated device, determining that the first measurement fails to satisfy one or more values defined by the at least one TTS rule, and blocking the authenticated device from performing the second function while maintaining the authenticated device in the unlocked state; and while performing the first function on the authenticated device, automatically obtaining a second measurement from the sensor, comparing the second measurement to the one or more values defined by the at least one TTS rule, and only continuing to perform the first function if the second measurement satisfies at least one of the one or more values defined by the at least one TTS rule; executing, by the authenticated device, the at least one TTS rule; when a first TTS rule of the at least one TTS rule fails to be satisfied by the first measurement and the second measurement, then automatically unloading application executable code, and deleting application executable code, application configuration, and decrypted application data from the authenticated device; and when a second TTS rule of the at least one TTS rule fails to be satisfied by the first measurement and the second measurement, then automatically unloading a decryption key for application data from the authenticated device and preventing application access to the decrypted application data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- TTS rule”
-
15. A system for securing one or more devices using a tailored trustworthy space rule (“
- TTS rule”
), comprising;an authenticated device comprising a processor, a memory, and a sensor, wherein the processor is communicatively coupled to the memory and the sensor, and wherein the authenticated device is in an unlocked state; wherein the memory contains an application and at least one TTS rule, and the processor is configured to load and execute the application, wherein the application comprises application executable code, application configuration, and application data; wherein the processor is configured to automatically obtain a first measurement from the sensor prior to loading the application; wherein the processor is configured to perform a first check comparing the first measurement against one or more values defined by the at least one TTS rule; wherein, upon passing the first check, the processor is configured to proceed with loading the application and decrypting application data; wherein, upon failing the first check, the processor is configured to block the loading of the application while maintaining the device in the unlocked state, automatically unload the application from the memory, and delete the application executable code, the application configuration, and decrypted application data from the memory; and wherein the processor is further configured to; obtain a second measurement from the sensor while executing the application; and perform a second check comparing the second measurement against the one or more values defined by the at least one TTS rule; and wherein, upon failing a second check, the processor is configured to automatically unload a decryption key for the application data, and prevent application access to the decrypted application data. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- TTS rule”
-
23. A non-transitory machine-readable storage medium embodying a set of instructions for securing a device using tailored trustworthy space rules (“
- TTS rules”
), wherein the device is configured to perform a first action and wherein the set of instructions, when executed by a processor in the device, cause the processor to perform operations, the operations comprising;obtaining a security certificate from a certificate server using an out-of-band process; encrypting and storing the security certificate in a certificate store on the device; obtaining a configuration comprising a device-wide TTS rule from a system server; obtaining application data comprising an application code configured to perform a second action, application configuration, and an application-specific TTS rules from an application server; obtaining user specific application data comprising information which is at least one of displayed, manipulated, and used by the application code; securely storing the application data in a compartmentalized application store on the device; prior to executing the application code, automatically comparing a first measurement from a sensor in the device to the device-wide TTS rule and the application-specific TTS rules; if the first measurement fails at least one of the device-wide TTS rule and the application-specific TTS rules, then at least one of refraining from executing the application code and preventing the application code from performing the second action in accordance with the device-wide TTS rule or the application-specific TTS rules, respectively; during execution of the application code, automatically comparing a second measurement from the sensor to the device-wide TTS rule and the application-specific TTS rules; if the second measurement fails at least one of the device-wide TTS rule and the application-specific TTS rule, then at least one of ceasing execution of the application code and preventing the application code from performing the second action in accordance with the device-wide TTS rule or the application-specific TTS rule, respectively; if at least one of the first measurement and the second measurement fails the device-wide TTS rule, preventing the device from performing the first action in accordance with the device-wide TTS rule; and prior to the execution of the application code and during execution of the application code, automatically comparing a third measurement from the sensor to the device-wide TTS rules and the application-specific TTS rules; if the third measurement fails at least one of the device-wide TTS rules and the application-specific TTS rules, then; automatically unloading application executable code, securely deleting some or all of the user specific application data from the device, deleting the application code from the device, deleting the application configuration from the device, deleting the application-specific TTS rules from the device, deleting encryption keys from the device, preventing application access to decrypted application data, deleting decrypted application data from the device, automatically unloading the security certificate from the device, and preventing application access to the decrypted application data.
- TTS rules”
Specification