System and method for enabling and verifying the trustworthiness of a hardware system
Abstract
To determine whether an IoT system connected with a network environment (e.g., the internet) is compromised, a networked Trust as a Service (TaaS) server receives system data indicative of various characteristics of the IoT system, wherein the system data is harvested by a software agent installed on the IoT system. The TaaS server initially establishes a baseline characteristics profile for the IoT system, such that subsequently received system data from the software agent may be compared against the baseline characteristics profile to quickly identify discrepancies between the originally established baseline characteristics profile and current operating characteristics of the system. Such discrepancies may be caused by desirable software updates, in which case the discrepancies may be integrated into the baseline characteristics profile, or the discrepancies may result from the IoT system being undesirably compromised.
Claims
exact text as granted — not AI-modifiedThat which is claimed:
1 . A computer-implemented method for determining trust of an Internet of Things (IoT) system within a networked environment, the method comprising:
receiving, via a communication interface in communication with the IoT system via the networked environment, system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system; generating, via one or more processors, a baseline characteristics profile based at least in part on the system data; storing the baseline characteristics profile within a storage device accessible to the one or more processors; receiving, from the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and determining whether the updated system data indicates that the IoT system is compromised by:
comparing the updated system data against the baseline characteristics profile; and
upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy.
2 . The computer-implemented method of claim 1 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data.
3 . The computer-implemented method of claim 1 , wherein at least a portion of the system data is harvested from firmware of the IoT system.
4 . The computer-implemented method of claim 1 , wherein the storage system is embodied as a blockchain ledger.
5 . The computer-implemented method of claim 1 , further comprising steps for updating the baseline characteristics profile by:
replacing at least a portion of the baseline characteristics profile with at least a portion of the updated system data.
6 . The computer-implemented method of claim 1 , further comprising steps for generating an alert upon determining that the trust metric indicates that the IoT system is compromised.
7 . The computer-implemented method of claim 1 , wherein:
generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and comparing the updated system data against the baseline characteristics profile comprises:
generating a hash based on the updated system data; and
comparing the hash of the updated system data against the baseline characteristics profile.
8 . A system for determining trust of an Internet of Things (IoT) system within a networked environment, the system comprising:
a communication interface in communication with the IoT system via the networked environment, wherein the communication interface is configured to receive system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system; a storage device; and one or more processors collectively configured to:
generate a baseline characteristics profile based at least in part on the system data;
store the baseline characteristics profile within the storage device;
receive, via the communication interface in communication with the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and
determine whether the updated system data indicates that the IoT system is compromised by:
comparing the updated system data against the baseline characteristics profile; and
upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy.
9 . The system of claim 8 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data.
10 . The system of claim 8 , wherein at least a portion of the system data is harvested from firmware of the IoT system.
11 . The system of claim 8 , wherein the storage system is embodied as a blockchain ledger.
12 . The system of claim 8 , wherein the one or more processors are further configured for updating the baseline characteristics profile by:
replacing at least a portion of the baseline characteristics profile with at least a portion of the updated system data.
13 . The system of claim 8 , wherein the one or more processors are further configured for generating an alert upon determining that the trust metric indicates that the IoT system is compromised.
14 . The system of claim 8 , wherein:
generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and comparing the updated system data against the baseline characteristics profile comprises:
generating a hash based on the updated system data; and
comparing the hash of the updated system data against the baseline characteristics profile.
15 . A non-transitory computer-readable storage medium comprising executable portions stored thereon, wherein the executable portions are configured to, when executed by a processor, cause the processor to:
receive, via a communication interface in communication with an IoT system via a networked environment, system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system; generate a baseline characteristics profile based at least in part on the system data; store the baseline characteristics profile within a storage device accessible to the one or more processors; receive, from the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and determine whether the updated system data indicates that the IoT system is compromised by:
comparing the updated system data against the baseline characteristics profile; and
upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy.
16 . The non-transitory computer readable storage medium of claim 15 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data.
17 . The non-transitory computer readable storage medium of claim 15 , wherein the storage system is embodied as a blockchain ledger.
18 . The non-transitory computer readable storage medium of claim 15 , wherein the executable portions are further configured to, when executed by a processor, cause the processor to:
replace at least a portion of the baseline characteristics profile with at least a portion of the updated system data.
19 . The non-transitory computer readable storage medium of claim 15 , wherein the executable portions are further configured to, when executed by a processor, cause the processor to generate an alert upon determining that the trust metric indicates that the IoT system is compromised.
20 . The non-transitory computer readable storage medium of claim 15 , wherein:
generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and comparing the updated system data against the baseline characteristics profile comprises:
generating a hash based on the updated system data; and
comparing the hash of the updated system data against the baseline characteristics profile.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.