Software Bill of Materials Validation Systems and Methods
원문보기
IPC분류정보
국가/구분
United States(US) Patent
공개
국제특허분류(IPC7판)
G06F-008/65
G06F-008/20
G06F-008/61
G16H-040/67
출원번호
16725740
(2019-12-23)
공개번호
20200201620
(2020-06-25)
발명자
/ 주소
Beard, Daniel Ivan
출원인 / 주소
Beard, Daniel Ivan
인용정보
피인용 횟수 :
0인용 특허 :
0
초록▼
Each of a plurality of medical devices is configured to generate a device specific Software Bill of Materials (SBOM), and communicate the device specific SBOM to a validator system(s). A central authority system(s) is configured to authorize the validator system(s) to add a new block(s) to a SBOM bl
Each of a plurality of medical devices is configured to generate a device specific Software Bill of Materials (SBOM), and communicate the device specific SBOM to a validator system(s). A central authority system(s) is configured to authorize the validator system(s) to add a new block(s) to a SBOM blockchain. The SBOM blockchain is structured to contain updates to the device specific SBOM. The validator system(s) is configured to create a local copy of the SBOM blockchain, build a SBOM hash tree based on data in the SBOM blockchain, search the SBOM hash tree for the device specific SBOM, add a new block to the SBOM blockchain, the new block comprising an update(s) to the device specific SBOM, validate the update(s) in the device specific SBOM based on a vulnerability database, and communicate the new block to at least one other validator system.
대표청구항▼
1. A system comprising: a) a plurality of medical devices coupled to a computer network, each of the plurality of medical devices comprising: i) a device processor; andii) a non-transitory machine readable device medium comprising device instructions configured to cause the device processor to: A) g
1. A system comprising: a) a plurality of medical devices coupled to a computer network, each of the plurality of medical devices comprising: i) a device processor; andii) a non-transitory machine readable device medium comprising device instructions configured to cause the device processor to: A) generate a device specific Software Bill of Materials (SBOM); andB) communicate the device specific SBOM to at least one of a plurality of validator systems;b) at least one central authority system coupled to the computer network, each of the at least one central authority system comprising: i) a central authority processor; andii) a non-transitory machine readable central authority medium comprising central authority instructions configured to cause the central authority processor to authorize the plurality of validator systems to add a new block to a SBOM blockchain, the SBOM blockchain structured to contain updates to the device specific SBOM; andc) the plurality of validator systems coupled to the computer network, the computer network in communication with a vulnerability database, each of the plurality of validator systems comprising: i) a validator processor; andii) a non-transitory machine readable validator medium comprising validator instructions configured to cause the validator processor to: A) create a local copy of the SBOM blockchain;B) build a SBOM hash tree based on data in the SBOM blockchain, the SBOM hash tree comprising: a) a root node with an original SBOM; andb) at least one leaf node, each of the at least one leaf node comprising a distinct SBOM update;C) search the SBOM hash tree for the device specific SBOM;D) add the new block to the SBOM blockchain in response to the device specific SBOM not being contained in the SBOM hash tree, the new block comprising a new distinct SBOM update;E) validate the new distinct SBOM update based on the vulnerability database in response to the device specific SBOM not being contained in the SBOM hash tree; andF) communicate the new block to at least one other validator system in the plurality of validator systems in response to the new block being added to the SBOM blockchain. 2. The system according to claim 1, wherein the device specific SBOM is based on at least one of the following: a) a software version;b) an installed library;c) a library version;d) an installed operating system;e) an operating system component;f) an operating system version;g) a patch applied;h) a patch version;i) installed firmware; andj) a firmware version. 3. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to generate the device specific SBOM on a regular basis. 4. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to generate the device specific SBOM according to a schedule. 5. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to generate the device specific SBOM during an idle mode. 6. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to communicate the device specific SBOM upon boot up. 7. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to communicate the device specific SBOM in response to a determination that the device specific SBOM is distinct from a previous device specific SBOM. 8. The system according to claim 1, wherein the device instructions are further configured to cause the device processor to: a) generate an assertion; andb) communicate the assertion to at least one of the plurality of validator systems. 9. The system according to claim 8, wherein the assertion comprises a digital signature. 10. The system according to claim 1, wherein the validator instructions are further configured to cause the validator processor to: a) generate a SBOM score based on: the device specific SBOM, and the vulnerability database; andb) add the SBOM score to the new block. 11. The system according to claim 1, further comprising a coordinator system, the coordinator system comprising: a) a coordinator processor; andb) a non-transitory machine readable coordinator medium comprising coordinator instructions configured to cause the coordinator processor to generate status data. 12. A computer implemented method comprising: a) generating a device specific Software Bill of Materials (SBOM) for each of a plurality of medical devices;b) communicating the device specific SBOM to at least one of a plurality of validator systems;c) building a SBOM hash tree based on data in a SBOM blockchain, the SBOM hash tree comprising: i) a root node with an original SBOM; andii) at least one leaf node, each of the at least one leaf node comprising a distinct SBOM update;d) searching the SBOM hash tree for the device specific SBOM;e) adding a new block to the SBOM blockchain in response to the device specific SBOM not being contained in the SBOM hash tree, the new block comprising a new distinct SBOM update;f) validating the new distinct SBOM update based on a vulnerability database; andg) communicating the new block to at least one of the plurality of validator systems in response to the new block being added to the SBOM blockchain. 13. The computer implemented method according to claim 12, wherein the device specific SBOM is based on at least one of the following: a) a software version;b) an installed library;c) a library version;d) an installed operating system;e) an operating system component;f) an operating system version;g) a patch applied;h) a patch version;i) installed firmware; andj) a firmware version. 14. The computer implemented method according to claim 12, further comprising gaining consensus from a majority of the plurality of validator systems, the consensus based on the SBOM blockchain. 15. The computer implemented method according to claim 12, further comprising gaining consensus from a majority of the plurality of validator systems, the consensus based on the vulnerability database. 16. The computer implemented method according to claim 12, further comprising: a) generating an assertion by one of the plurality of medical devices; andb) communicating the assertion to at least one of the plurality of validator systems. 17. The computer implemented method according to claim 16, wherein the assertion comprises a digital signature. 18. The computer implemented method according to claim 12, further comprising generating a SBOM score based on: the device specific SBOM, and the vulnerability database. 19. The computer implemented method according to claim 18, further comprising adding the SBOM score to the new block. 20. The computer implemented method according to claim 12, further comprising generating status data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.