Manifest-based trusted agent management in a trusted operating system environment
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/14
H04L-009/00
출원번호
US-0206519
(2005-08-18)
발명자
/ 주소
England,Paul
Peinado,Marcus
Simon,Daniel R.
Benaloh,Josh D.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Lee &
인용정보
피인용 횟수 :
18인용 특허 :
105
초록▼
Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binar
Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
대표청구항▼
The invention claimed is: 1. A method of generating a new manifest to facilitate upgrading a trusted application on a computing device to a new trusted application, the method comprising: receiving a request to upgrade the trusted application to the new trusted application; receiving one or more ne
The invention claimed is: 1. A method of generating a new manifest to facilitate upgrading a trusted application on a computing device to a new trusted application, the method comprising: receiving a request to upgrade the trusted application to the new trusted application; receiving one or more new components to be included in the new trusted application; generating a manifest for the new trusted application, wherein the manifest indicates that the one or more new components can be executed in a process space for the new trusted application, and wherein the manifest comprises: a first portion including data representing a unique identifier of the new trusted application; a second portion including data indicating whether a particular one or more binaries can be executed in the process space for the new trusted application; and a third portion that includes data representing an export statement that allows a secret associated with the new trusted application to be exported to a second trusted application, the export statement comprising an identifier of the manifest, an identifier of a manifest of the second trusted application, and a digital signature over the identifier of the manifest and the identifier of the manifest of the second trusted application; and making the manifest available to the computing device where the new trusted application is to be executed. 2. A method as recited in claim 1, further comprising: digitally signing each of the one or more new components. 3. A method as recited in claim 1, further comprising: making the manifest available to a trusted core of an operating system executing on the computing device. 4. A method as recited in claim 1, wherein the manifest further prevents one or more components of the trusted application from being loaded on the computing device. 5. A method as recited in claim 1, wherein the manifest further comprises: a fourth portion derived from the data in both the first portion and the second portion by generating a digital signature over the first and second portions; and a fifth portion that includes data representing a set of properties corresponding to the manifest. 6. A method as recited in claim 1, wherein the manifest further comprises a fourth portion that includes the identifier of the manifest, and wherein the identifier of the manifest includes: a public key of a public-private key pair of a party that generates the manifest; an identifier of the party that generates the manifest; and a version number of the manifest. 7. A method as recited in claim 6, wherein: the public key of the manifest is the same as a public key in the manifest identifier portion of an original manifest corresponding to the trusted application; and the identifier of the party of the manifest is the same as an identifier, in the original manifest, of the party that generated the original manifest. 8. A method as recited in claim 1, wherein generating the manifest comprises: adding, to the manifest, a list of one or more hashes of certificates that certify public keys which correspond to private keys that were used to sign the certificates that correspond to the one or more new components. 9. A method as recited in claim 1, wherein generating the manifest comprises: adding, to the manifest, a list of one or more certificates that certify public keys which correspond to private keys that were used to sign the certificates that correspond to the one or more new components. 10. A method as recited in claim 1, further comprising: adding, to the manifest, an indication of each of one or more additional components that cannot be executed in the process space. 11. A method as recited in claim 10, wherein adding, to the manifest, an indication of each of one or more additional components that cannot be executed in the process space, comprises: adding, to the manifest, a list of one or more additional hashes of certificates that certify public keys which correspond to private keys that were used to sign the certificates that correspond to one or more additional components that are not authorized to execute in the process space. 12. A method as recited in claim 10, wherein adding, to the manifest, an indication of each of one or more additional components that cannot be executed in the process space, comprises: adding, to the manifest, a list of one or more additional certificates that certify public keys which correspond to private keys that were used to sign the certificates that correspond to one or more additional components that are not authorized to execute in the process space. 13. A method as recited in claim 1, wherein the export statement Farther comprises a hardware identifier that identifies one or more computing devices on which the export statement can be used. 14. A method as recited in claim 1, wherein the manifest is digitally signed using a key, and wherein the digital signature over the identifier of the manifest and the identifier of the manifest of the second trusted application is generated using the key. 15. A method as recited in claim 1, further comprising encrypting the export statement using a public key of one or more computing devices on which the export statement can be used.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (105)
Campbell Randall B., Apparatus and method for remotely executing commands using distributed computing environment remote procedure calls.
Murray, Michael C.; Erickson, Paul R.; Fisher, Oliver G.; Raman, Suryanarayanan V.; Hopcroft, Michael J., Architectures for and methods of providing network-based software extensions.
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
Fischer Addison M. (60 14th Ave. South Naples FL 33942), Computer system security method and apparatus having program authorization information data structures.
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
Robert G. Atkinson ; James W. Kelly, Jr. ; Bryan W. Tuttle ; Robert M. Price ; Robert P. Reichel, Embedding certifications in executable files for network transmission.
Benantar Messaoud ; Blakley ; III George Robert ; Nadalin Anthony Joseph, Information handling system, method, and article of manufacture for efficient object security processing by grouping obj.
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
Novoa Manuel ; McCann Paul H. ; Sharum Wayne P. ; Crisan Adrian ; Hokanson Paul B., Method and apparatus for remote ROM flashing and security management for a computer system.
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
Krishnan Ganapathy ; Guthrie John ; Oyler Scott, Method and system for securely incorporating electronic information into an online purchasing application.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow David Wayne ; Wrench ; Jr. Edwin H., Method for establishing trust in a computer network via association.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Barlow Doug ; Dillaway Blair ; Fox Barbara ; Lipscomb Terry ; Spies Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
Ryan ; Jr. Frederick W. ; Sisson Robert W., System and method for mutual authentication and secure communications between a postage security device and a meter server.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
Fisk,Mark; Carroll,Robert; Maruyama,Hirosi; Ghafir,Hatem, Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system.
Jakobsson,Bjorn Markus; Pointcheval,David; Young,Adam Lucas, Low-overhead secure information processing for mobile gaming and other lightweight device applications.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.