Browse Prior Art Database

Method to prevent the loss of control of remote computing platforms

IP.com Disclosure Number: IPCOM000020718D
Publication Date: 2003-Dec-10
Document File: 4 page(s) / 110K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to prevent the loss of control of remote computing platforms. Benefits include improved functionality and improved security.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 55% of the total text.

Method to prevent the loss of control of remote computing platforms

Disclosed is a method to prevent the loss of control of remote computing platforms. Benefits include improved functionality and improved security.

Background

         Conventionally, methods are based on reacting to events, such as failures and hacking. An attempt is made to exert control over the remote device when it is compromised. Typically, control is reestablished using a back-door feature, such as out-of-band communication, a remote power switch, or a magic message.

Conventional mechanisms for control over remote devices rely on messages being sent to the device to halt operation in the event of a security exploit or failure. These mechanisms are, therefore, dependent on:
•         A communication path from the control system to the controlled system
•         The state of the control system at the time that action is required
         These solutions can fail in many ways, for example:
•         The control system can fail or be made inoperable by an attacker.
•         The controlled system can fail or be compromised to the point that communication with the control system is no longer viable.
•         The communication path between the control system and the controlled system can fail, be compromised, or congested.

General description

         The disclosed method provides a mechanism in which network-enabled devices enter a failure state if a preset command/message is not periodically received from a controlling authority. The method applies to situations as diverse as:
•         Maintaining control of remote servers
•         Disabling electronic devices automatically if they are stolen
•         Enforcing control of leased devices, such as set-top cable receivers
         The key elements of the disclosed method include:

•         Trusted boot environment
•         Watchdog device
•         Enabled computing platform
•         Control service

Advantages

         The disclosed method provides advantages, including:
•         Improved functionality due to preventing the loss of control of remote computing platforms

•         Improved functionality due to ensuring the security of a device or software

•         Improved functionality due to returning system control back to the trusted boot environment in case of system failure
•         Improved security due to preventing the loss of control of remote computing platforms

Detailed description

         The disclosed method predisposes a device to fallback to a known good state unless it receives approval to continue operation. Fallback occurs automatically in the absence of back-door intervention.

         The method can be implemented in any network enabled product (hardware or software) that is planned to be used in a remote environment. Any device enabled with this technology falls back into a known, trusted state in the event of specified conditions, such as:

•         Internal failure

•         Network failure

•         Failure of the control system

•         Remote exploitation (hacking)

•         Denial of service attack

         The method is comprised of four components (see Figure 1).

Trusted boot proce...