Technologies for authenticated USB device policy enforcement
US10824766B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 6, 2017 |
| Grant date | Nov 3, 2020 |
| Priority date | — |
| Expiry date | Sep 5, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2213/0042
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Technologies for USB device policy enforcement include a computing device having a USB controller and secure enclave support. On boot, a firmware enclave randomly generates a binding identity and then securely provisions the binding identity to the USB controller. The firmware enclave also seals the binding identity to a policy enforcement enclave. At runtime, the policy enforcement enclave unseals the binding identity and includes the binding identity in a policy enforcement command sent to the USB controller. The USB controller verifies that the binding identity included in the command matches the binding identity that was previously provisioned. If the binding identities are successfully verified, the USB controller enforces the command. The USB controller may block data transfers or device configuration changes for one or more specified devices. Each of the firmware enclave and the policy enforcement enclave are trusted execution environments. Other embodiments are described and claimed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.