System and method for policy based adaptive application capability management and device attestation
US10341321B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 27, 2016 |
| Grant date | Jul 2, 2019 |
| Priority date | — |
| Expiry date | Jun 9, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method provides policy based adaptive application capability management and device attestation for dynamic control of remote device operations. The method includes instrumenting applications installed on a remote device to examine their runtime application programming interface (API) invocations to trusted functions abstracted by a trusted services platform anchored to an underlying firmware, software or hardware root of trust, and managing the application security operations based on the execution context and dynamic privilege controls to restrict their capabilities. The invention also provides a local attestation agent to perform state measurements for platform trust, configuration and operational metrics, and generates device policy based platform and application level alerts. These alerts allow operations technology (OT) administrators to dynamically control the operational capabilities of applications, to deal with discovered vulnerabilities and exploits, before requiring distribution of application software upgrades or patches onto a large number of distributed remote devices.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.