| Manifest-based trusted agent management in a trusted operating system environment -> Monitor Keywords |
|
|
Manifest-based trusted agent management in a trusted operating system environmentRelated Patent Categories: Information Security, Prevention Of Unauthorized Use Of Data Including Prevention Of Piracy, Privacy Violations, Or Unauthorized Data Modification, Access Control, By Authorizing DataManifest-based trusted agent management in a trusted operating system environment description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20070174921, Manifest-based trusted agent management in a trusted operating system environment. Brief Patent Description - Full Patent Description - Patent Application Claims
RELATED APPLICATIONS [0001] This application is a continuation of U.S. patent application Ser. No. 09/993,370, filed Nov. 16, 2001, which is hereby incorporated by reference herein. TECHNICAL FIELD [0002] This invention relates to trusted environments generally, and more particularly to manifest-based trusted agent management in a trusted operating system environment. BACKGROUND [0003] Having people be able to trust computers has become an increasingly important goal. This trust generally focuses on the ability to trust the computer to use the information it stores or receives correctly. Exactly what this trust entails can vary based on the circumstances. For example, multimedia content providers would like to be able to trust computers to not improperly copy their content. By way of another example, users would like to be able to trust their computers to forward confidential financial information (e.g., bank account numbers) only to appropriate destinations (e.g., allow the information to be passed to their bank, but nowhere else). Unfortunately, given the generally open nature of most computers, a wide range of applications can be run on most current computers without the user's knowledge, and these applications can compromise this trust (e.g., forward the user's financial information to some other destination for malicious use). [0004] To address these trust issues, different mechanisms have been proposed (and new mechanisms are being developed) that allow a computer or portions thereof to be trusted. Generally, these mechanisms entail some sort of authentication procedure where the computer can authenticate or certify that at least a portion of it (e.g., certain areas of memory, certain applications, etc.) are at least as trustworthy as they present themselves to be (e.g., that the computer or application actually is what it claims to be). In other words, these mechanisms prevent a malicious application from impersonating another application (or allowing a computer to impersonate another computer). Once such a mechanism can be established, the user or others (e.g., content providers) can make a judgment as to whether or not to accept a particular platform and application as trustworthy (e.g., a multimedia content provider may accept a particular application as being trustworthy, once the computer can certify to the content provider's satisfaction that the particular application is the application it claims to be). [0005] Oftentimes, components and modules of an application are allowed to be changed (e.g., in response to user preferences) and/or upgraded fairly frequently. For example, applications frequently include various dynamic link libraries (DLL's), plug-ins, etc. and allow for different software configurations, each of which can alter the binaries which execute as the application. Currently, it is difficult (if possible at all) in many systems to allow for such changes and differing configurations of applications, while at the same time maintaining the trustworthiness of the computer. Thus, it would be beneficial to have a security model that allows for these differences and changes, while at the same time maintaining the trustworthiness of the computer. The manifest-based trusted agent management in a trusted operating system environment described herein provides such a security model. SUMMARY [0006] Manifest-based trusted agent management in a trusted operating system environment is described herein. [0007] According to one aspect, a request to execute a process is received and a virtual memory space for the process is set up. A manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest. [0008] According to another aspect, a manifest includes a first portion including data representing a unique identifier of the trusted application, a second portion including data indicating whether a particular one or more binaries can be loaded into the process space for the trusted application, and a third portion derived from the data in both the first portion and the second portion by generating a digital signature over the first and second portions. The manifest can also include a portion that includes data representing a list of one or more export statements that allow a secret associated with the trusted application to be exported to another trusted application, a portion that includes data representing a set of properties corresponding to the data structure, and a portion that includes data representing a list of entry points into the executing trusted application. BRIEF DESCRIPTION OF THE DRAWINGS [0009] FIG. 1 illustrates an exemplary trusted operating system environment. [0010] FIG. 2 illustrates one exemplary architecture that can be implemented on a client computing device. [0011] FIG. 3 illustrates another exemplary architecture that can be used with the invention. [0012] FIG. 4 illustrates an exemplary relationship between a gatekeeper storage key and trusted application secrets. [0013] FIG. 5 illustrates an exemplary process for securely storing secrets using a gatekeeper storage key. [0014] FIG. 6 illustrates an exemplary upgrade from one trusted core to another trusted core on the same client computing device. [0015] FIG. 7 illustrates an exemplary process for upgrading a trusted core. [0016] FIG. 8 illustrates another exemplary process for upgrading a trusted core. [0017] FIG. 9 illustrates an exemplary secret storage architecture employing hive keys. [0018] FIG. 10 illustrates an exemplary process for securely storing secrets using hive keys. [0019] FIG. 11 illustrates an exemplary process for migrating secrets from a source computing device to a destination computing device. Continue reading about Manifest-based trusted agent management in a trusted operating system environment... Full patent description for Manifest-based trusted agent management in a trusted operating system environment Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Manifest-based trusted agent management in a trusted operating system environment patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Manifest-based trusted agent management in a trusted operating system environment or other areas of interest. ### Previous Patent Application: Methods and systems for promoting security in a computer system employing attached storage devices Next Patent Application: Nucleic acid encoding novel type-1 cytokine receptor glm-r Industry Class: ### FreshPatents.com Support Thank you for viewing the Manifest-based trusted agent management in a trusted operating system environment patent info. IP-related news and info Results in 0.23265 seconds Other interesting Feshpatents.com categories: Qualcomm , Schering-Plough , Schlumberger , Seagate , Siemens , Texas Instruments , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
