The present invention relates to the technical fields of Computer Security, Software as a Service, Mobile Computing, Telecommunications, Digital Communications, and Computer Technology.
With the rapid proliferation of network enabled computing devices (the so-called Internet of Things) along with ubiquitous mobile personal devices and conventional computing platforms, the importance of secure, reliable computing environments is paramount. Failure to properly implement security on these new network enabled devices does not only threaten the devices themselves but could be a vulnerability for entire networks. This is a critical problem.
Secure access, management, and control of computing devices with compact or otherwise constrained processing hardware and networking hardware such as those found in the Internet of Things presents a number of challenges. Such devices may be constantly exposed to malicious attacks via the internet and can be remote and physically difficult or time-consuming to access directly by the permitted device users and administrators.
Many developers of devices and services do not focus on security as a priority—they understandably focus on their device or service. Also, these devices tend to be computationally lightweight and therefore have limited resources with which to implement reliable security. What is needed is a security framework that operates as a service whereby application developers need only subscribe to the service to receive appropriate implementation of security policies pertaining to their products and services.
Developers of computer code for such devices would benefit from having secure computing tools and secure services available so as to assist them in the development of secure computing code for the operation and control of these devices. A set of basic services is therefore provided that such developers can confidently and securely utilize without having to take the time and trouble to implement such services themselves.
This invention discloses a system and method for facilitating secure services over the network (as a software-as-a-service (SaaS) model) that also solves the problem of simplifying implementations for application programmers who need to implement security but who may not have the requisite expertise to do so.
The following device service framework and service design is disclosed herein as a way to provide developers with pre-built secure computing tools and services. As a whole, the framework represents a “base platform” for operation, control, and updating of online devices. Individual components or services from the framework may in some cases also be incorporated into devices to facilitate or simplify device development.
In the present invention, a secure framework is proposed for registering, managing, and operating computing services simply but securely. The framework is designed to facilitate access to secure services on network-connected computing devices and to simplify secure software development for such devices.
The system is a transport mechanism that establishes “file system” and “network” services based on functions that the client registers with the framework. The framework runs on both the client and the servers that supply services to the client (see
The system can be further abstracted where an aggregator can be used to aggregate commands from individual components in the client without having to know the structure of the client itself. In
On initialization, the framework runs in a loop whereby it executes “work” functions. Within the work functions in the loop, the framework constructs and sends commands and then receives responses. The client (designated as Node A, 201) creates remote service objects (202) that include the named service and command as well as arguments. This is useful because it allows the security services to run remotely or on the same hardware as the device if that is desired. The system then hashes, signs and encrypts the service call (203) and it is sent to the server for processing (204). Each request for services has a transaction number so that the calling client can track outstanding requests while it continues to compute.
The receiver (205), then authenticates, authorizes, and decrypts the service call (206) before it is dispatched for processing to the service handler. The receiver conducts a policy check to ensure that execution of the command is allowed for this client. If not allowed, a return message is sent, otherwise, the service handler is called. The service handlers may be remote or may run on the same hardware as the aggregator. This is useful because the service handlers know they will only receive properly vetted requests. Only authorized commands can be executed.
At this point, the client and the service are operating asynchronously. The client is not halted at any time while it waits for a response from the server. Execution continues with local execution of services (207). When the service handler completes, the response is encrypted and returned to the sender with its associated transaction number for identification (208).
When the response is received by the client, it is decrypted, verified, and passed to the appropriate function while computation continues (209). At this point, the process can repeat itself as needed.
The following components, shown schematically in
Abstraction of device specifics from the framework is accomplished via unix-like poll( ), ioctl( )and ioctl_completion( )functions, and other functions as required. However, in each case, policy-based control of each function call is provided by couplings to the policy-based system shown in
The invention disclosed herein is useful for any application domain where secure computing services are required but need not be executed or integrated into the local system directly. Mobile device applications are well suited to this invention because of their inherent lightweight computing capabilities and integrated networking. However, any computing application would benefit from the invention especially if the application developers want to “outsource” security to this service rather than implement it themselves.
This non-provisional application claims priority to Provisional Patent Application Ser. No. 62/161,614, entitled “System and Methods for Facilitating Secure Computing Device Control and Operation” filed May 14, 2015.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US2016/032502 | 5/13/2016 | WO |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2016/183504 | 11/17/2016 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
5881225 | Worth | Mar 1999 | A |
7140035 | Karch | Nov 2006 | B1 |
7240015 | Karmouch | Jun 2007 | B1 |
7246233 | Brabson et al. | Jul 2007 | B2 |
7400891 | Aaron | Jul 2008 | B2 |
7640429 | Huang et al. | Dec 2009 | B2 |
7797544 | Dillaway | Sep 2010 | B2 |
7941647 | Yates | May 2011 | B2 |
8014721 | Johnson | Sep 2011 | B2 |
8037318 | Tahan | Oct 2011 | B2 |
8127982 | Casey et al. | Mar 2012 | B1 |
8135385 | Ohta | Mar 2012 | B2 |
8176336 | Mao | May 2012 | B1 |
8185959 | Bellwood | May 2012 | B2 |
8230399 | Vertes | Jul 2012 | B2 |
8285249 | Baker et al. | Oct 2012 | B2 |
8321498 | Maes | Nov 2012 | B2 |
8463819 | Shashikumar et al. | Jun 2013 | B2 |
8468586 | Kootayi et al. | Jun 2013 | B2 |
8468608 | Hernacki | Jun 2013 | B1 |
8538843 | Smith | Sep 2013 | B2 |
8922372 | Softer | Jan 2014 | B2 |
8688592 | Abramson | Apr 2014 | B1 |
8880047 | Konicek | Nov 2014 | B2 |
8904483 | Martini | Dec 2014 | B1 |
9053456 | Verthein | Jun 2015 | B2 |
9391782 | Mironenko | Jul 2016 | B1 |
9411962 | Attfield | Aug 2016 | B2 |
20010002485 | Bisbee | May 2001 | A1 |
20020101826 | Giacopelli | Aug 2002 | A1 |
20020138814 | Katayama | Sep 2002 | A1 |
20030125925 | Walther | Jul 2003 | A1 |
20040123139 | Aiello | Jun 2004 | A1 |
20040123153 | Wright | Jun 2004 | A1 |
20040204949 | Shaji | Oct 2004 | A1 |
20050132202 | Billaway | Jun 2005 | A1 |
20050193196 | Huang | Sep 2005 | A1 |
20060005239 | Mondri | Jan 2006 | A1 |
20060026548 | Rosener | Feb 2006 | A1 |
20060059565 | Green | Mar 2006 | A1 |
20060150256 | Fanton | Jul 2006 | A1 |
20060236369 | Covington | Oct 2006 | A1 |
20060236385 | Innes | Oct 2006 | A1 |
20070150559 | Smith | Jun 2007 | A1 |
20080085698 | Gamm | Apr 2008 | A1 |
20080133914 | Isaacson | Jun 2008 | A1 |
20080184336 | Sarukkai | Jul 2008 | A1 |
20080194233 | Henry | Aug 2008 | A1 |
20090031141 | Pearson | Jan 2009 | A1 |
20090089125 | Sultan | Apr 2009 | A1 |
20090100269 | Naccache | Apr 2009 | A1 |
20090193503 | Shevohenko | Jul 2009 | A1 |
20090198617 | Soghoian | Aug 2009 | A1 |
20090204785 | Yates, Jr. et al. | Aug 2009 | A1 |
20090205016 | Milas | Aug 2009 | A1 |
20090300174 | Floris | Dec 2009 | A1 |
20100023454 | Exton | Jan 2010 | A1 |
20100023703 | Christie | Jan 2010 | A1 |
20100037311 | He | Feb 2010 | A1 |
20100199325 | Raleigh | Aug 2010 | A1 |
20100216429 | Mahajan | Aug 2010 | A1 |
20100250370 | Jones et al. | Sep 2010 | A1 |
20110055890 | Gaulin | Mar 2011 | A1 |
20110063098 | Fischer | Mar 2011 | A1 |
20110077758 | Tran | Mar 2011 | A1 |
20110154034 | Bailey, Jr. | Jun 2011 | A1 |
20110173108 | Rjasekar | Jul 2011 | A1 |
20110173122 | Singhal | Jul 2011 | A1 |
20110251958 | Aubin | Oct 2011 | A1 |
20110258692 | Morrison | Oct 2011 | A1 |
20110270751 | Csinger | Nov 2011 | A1 |
20120030731 | Bhargava | Feb 2012 | A1 |
20120129450 | Lee | May 2012 | A1 |
20120197743 | Grigg | Aug 2012 | A1 |
20120204032 | Wilkins | Aug 2012 | A1 |
20120214516 | Rosenberg | Aug 2012 | A1 |
20120216012 | Vorbach et al. | Aug 2012 | A1 |
20120270523 | Laudermilch | Oct 2012 | A1 |
20120323596 | Verhulst | Dec 2012 | A1 |
20120323717 | Kirsch | Dec 2012 | A1 |
20130029653 | Baker et al. | Jan 2013 | A1 |
20130080411 | Rolia | Mar 2013 | A1 |
20130125099 | Budiu | May 2013 | A1 |
20130130650 | Cheung | May 2013 | A1 |
20130145429 | Mendel | Jun 2013 | A1 |
20130212022 | Lanc | Aug 2013 | A1 |
20130253942 | Liu et al. | Sep 2013 | A1 |
20130275746 | Galdwin | Oct 2013 | A1 |
20130298664 | Gillette, II | Nov 2013 | A1 |
20140007193 | Qureshi | Jan 2014 | A1 |
20140013112 | Cidon | Jan 2014 | A1 |
20140096186 | Barton | Apr 2014 | A1 |
20140115659 | Attfield et al. | Apr 2014 | A1 |
20140143089 | Campos | May 2014 | A1 |
20140173700 | Awan | Jun 2014 | A1 |
20140195425 | Campos | Jul 2014 | A1 |
20140279474 | Evan | Sep 2014 | A1 |
20140379361 | Mahakar | Dec 2014 | A1 |
20150227925 | Filler | Aug 2015 | A1 |
20150278810 | Ramatchandirane | Oct 2015 | A1 |
20150302409 | Malek | Oct 2015 | A1 |
20150312277 | Rane et al. | Oct 2015 | A1 |
20150334133 | Schaffner et al. | Nov 2015 | A1 |
20150350254 | Hendrick et al. | Dec 2015 | A1 |
20150358822 | Hendrick et al. | Dec 2015 | A1 |
20160012216 | Attfield et al. | Jan 2016 | A1 |
20160314296 | Attfield et al. | Oct 2016 | A1 |
20170048714 | Attfield et al. | Feb 2017 | A1 |
20170244759 | Attfield et al. | Aug 2017 | A1 |
Number | Date | Country |
---|---|---|
1339199 | Aug 2003 | EP |
2985728 | Feb 2016 | EP |
2017529786 | Dec 2015 | JP |
PCTUS06017123 | Jan 2008 | WO |
PCTUS08009313 | Feb 2009 | WO |
WO2015026389 | Feb 2015 | WO |
PCTUS1524932 | Apr 2015 | WO |
PCTUS1527561 | Apr 2015 | WO |
PCTUS1470897 | Dec 2015 | WO |
PCTUS15048526 | Mar 2016 | WO |
PCTUS1628481 | Oct 2016 | WO |
PCTUS16032502 | Nov 2016 | WO |
PCTUS16029144 | Feb 2017 | WO |
Entry |
---|
“Computer Architecture: A Quantitative Approach”, Hennessy J. and Patterson, D., 5th Ed. Morgan Kaufman (2011). |
“Computer Networks”, Tanenbaum, A. Andrew and Wetherall, D., 5th Ed. Prentice Hall (2010). |
“Prolog Programming: A First Course”, Brna, P. (Mar. 5, 2001). Retrieved from <http://homepages.inf.ed.ac.ud/pbma/prolog book/> on Mar. 16, 2013. |
NFC Forum (2007), “Near Field Communication and the NFC Forum: The Keys to Truly Interoperable Communications” (PDF), http://www.nfc-forum.org, retrieved Oct. 30, 2012. |
Landt, Jeremy (2001), “Shrouds of Time: The history of RFID”, AIM, Inc. pp. 5-7. |
Bluetooth Special Interest Group website, “A Look at the Basics of Bluetooth Wireless Technology”, http:www.bluetooth.com/Pages/Basics.aspx, retrieved Oct. 29, 2012. |
See e.g. H. Schildt, C ++—The Complete Reference, 2nd edition, pp. 67-70 McGraw Hill, 1995, ISBN 0-07-882123-1. |
K. Ashton, “That ‘Internet of Things’ Thing”, RFID Journal Jun. 22, 2009 (available online as of Oct. 20, 2013 at http://www.rfidjournal.com/articles/view?4986). |
T. White, Hadoop—The Definitive Guide, O'Reilly, 2009 978-0-596-52197-4. |
Nakamoto, Satoshi. “Bitcoin: A peer-to-peer electronic cash system.” Consulted Jan. 2012 (2008): 28. Obtained from http://www.cryptovest.co.ok/resources/Bitcoin%20paper%20 Original.pdf on Apr. 6, 2015. |
Bitcoin, Inc. “What are multi-signature transactions?”, Obtained from http://bitcoin.stackexchange.com/questions 3718/what-are-multi-signature-transactions on Apr. 6, 2015. |
Verilog, http://www.verilog.comm/, accessed May 12, 2014. |
L. Woods, ZS. Istvan, G. Alonzo Ibex(2014) An Intelligent Storage Engine with Support for Advanced SQL Off-loading. VLDB 2014k, Hangzhou, China, Sep. 2014. |
University of British Columbia, Department of Electrical and Computer Engineering, http://www.ece.ubc.ca//˜edc/379,an99/lecgureslec 13.pdf, accessed May 2014. |
IEEE P 1076 Working Group. http://www.eda.org/twiki/bin/view.cgi/P1076, accessed May 12, 2014. |
Number | Date | Country | |
---|---|---|---|
20180262532 A1 | Sep 2018 | US |
Number | Date | Country | |
---|---|---|---|
62161614 | May 2015 | US |