Patent number 8627464 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: "Modern computing devices often include a Trusted Platform Module (TPM) that provides security functionality to its host computing device. The TPM, being a hardware component, can provide for increased security over that available solely through the execution of computer-executable instructions by the computing device. More specifically, the hardware of a traditional TPM is designed to protect information stored within the TPM by enabling access and modification of such information only through specific channels and specific functions, and preventing other access or modification of such information. Thus, even if a malicious entity were to gain physical access to the TPM itself, the information stored within the TPM would still remain protected, except where truly exotic and advanced forensics were applied.
"One set of information that is commonly stored in a TPM are the numerical values that are stored in a TPM's Platform Configuration Registers (PCRs). These numerical values are intended to represent a current state of the computing device and are generated by extending numerical values, representing a hardware or software component that is being instantiated, into various PCRs. Thus, starting with an initial value when the computing device is powered on, the PCRs are extended with numerical values that represent hardware or software components that are successively instantiated, such that the value of the PCRs at a given time represents the state of the computing device at that time, as defined by the hardware or software components that have been instantiated, and measured into the PCRs, up to that point in time.
"As indicated, the hardware of the TPM is designed such that the values of the PCRs can only be changed by the above-described extending process. Thus, the values of the PCRs cannot otherwise be modified, nor can specific values simply be stored in them. However, this design works best if the state of the computing device is represented only by components that were instantiated since the computing device was last powered on.
"To conserve power, however, some computing devices have the capability of entering a 'sleep' state or an even less power consuming 'hibernate' state. Typically, a sleep state comprises a computing device ceasing most processing operations, as well as turning off or powering down other power consuming peripherals, such as display devices or hard disk drives. However, in a sleep state, a computing device will typically utilize power to maintain the contents of volatile memory, as well as maintain the current state of the TPM and any information stored therein, such as the values of PCRs. Consequently, when resuming from a sleep state, the state of the computing device, as reflected by both contents of volatile memory and the values of the PCR's of the TPM, can remain unchanged from when the computing device entered the sleep state.
"By contrast, to conserve as much power as possible, a hibernate state typically does not provide for continued power consumption by the volatile memory of the computing device, thereby resulting in the loss of the information that was stored in the volatile memory. To preserve the contents of volatile memory, a computing device entering the hibernate state can first save the contents of volatile memory to a non-volatile storage medium. Subsequently, the computing device can enter the hibernate state, which is typically a completely powered off state, akin to the computing device being completely shut down, with the exception that the contents of volatile memory are saved on a non-volatile storage medium.
"Subsequently, to resume operation, the computing device can proceed through an initial boot sequence similar to being powered on or restarted, except that, at some point in time in the initial boot sequence, the contents of volatile memory that were saved to the non-volatile storage medium can be detected, and copied back into the volatile memory, thereby enabling the computing device to resume its pre-hibernation state. However, while the computing device can resume its pre-hibernation state, at least as far as the hardware and software that has been instantiated and for which computer-executable instructions and data can have been restored into volatile memory, the PCRs of the TPM may not necessarily comprise the values that are associated with the pre-hibernation state. In particular, the copying of the saved contents back into volatile memory typically does not extend the PCRs of the TPM in the same manner as they would have been extended were the state of the computing device re-created from an initial power on or restart sequence. Consequently, the values of the PCRs may no longer correlate with the state of the computing device."
In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "In one embodiment, prior to entering a hibernation state, the current values of the Platform Configuration Registers (PCRs) can be quoted, such as by being signed with keys unique to a trusted execution environment, such as a Trusted Platform Module (TPM), and the values of the PCRs, together with the quote, can be appended to an event log that is typically maintained in volatile memory. When the contents of volatile memory are saved to a non-volatile storage medium, as is typically performed by a computing device prior to entering the hibernation state, the event log with the current values of the PCRs, and a quote thereof, can be part of the information that is saved to the non-volatile storage medium.
"In another embodiment, a monotonic counter that can only be incremented and cannot be reset, such as can be typically maintained by trusted execution environments, can be utilized as a 'boot counter', and can be incremented each time a computing device is 'booted'. The current value of the monotonic counter can be appended to the event log, along with the values of the PCRs, and the quote thereof, prior to the computing device entering the hibernation state.
"In a further embodiment, upon a subsequent resuming from a hibernated state, an existing event log can be concatenated with the event log that had been saved to the non-volatile storage medium as part of the hibernation process. The resulting event log, that can be maintained in volatile memory, and appended to in a traditional manner, can comprise not only entries since the most recent resuming from the hibernated state, but also entries prior to hibernation, including the values of the PCRs prior to hibernation, the quote thereof and the value of the monotonic counter prior to hibernation.
"In a still further embodiment, an event log comprising events from multiple generations or incarnations of a computing device, such as events from prior to a hibernation of the computing device and events subsequent to a resuming from hibernation, can be evaluated with reference to the current PCR values, the prior PCR values, as saved and quoted in the event log, and with reference to an incremental continuity between the current value of the monotonic counter and saved values of the monotonic counter in the event log.
"This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify access control features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
"Additional features and advantages will be made apparent from the following detailed description that proceeds with reference to the accompanying drawings."
URL and more information on this patent, see: Thom, Stefan; Ide,
Keywords for this news article include: Software,
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Top Hispanic Tech Companies Push for the Top
- 5 Notable Hispanic Technology Executives
- Taco Bell Rings Up Breakfast Menu
- Russia, Crimea Discuss Referendum
- California Establishes Center for Coffee Study
- 'Holy grail of guitars' OM-45 Deluxe Available in in NY Auction
- China Urges Malaysia Flight Emergency Response
- For Obama, a Last Stab at Improving Ties with Capitol Hill
- Justin Bieber Loses Cool Over Selena Gomez
- Sunday Starts Daylight Saving Time