US2022138333A1PendingUtilityA1

System and method for enabling and verifying the trustworthiness of a hardware system

63
Assignee: CORLINA INCPriority: Dec 28, 2017Filed: Jan 14, 2022Published: May 5, 2022
Est. expiryDec 28, 2037(~11.5 yrs left)· nominal 20-yr term from priority
H04L 9/3239H04W 12/66G06F 8/60H04L 63/1425H04L 63/12G06F 16/2255G06F 21/606G06F 21/57G06F 8/65G06F 16/9538G06F 16/9038G06F 16/951H04L 9/0637H04L 9/50H04W 12/63H04L 63/1416H04W 12/009G06F 21/577
63
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

To determine whether an IoT system connected with a network environment (e.g., the internet) is compromised, a networked Trust as a Service (TaaS) server receives system data indicative of various characteristics of the IoT system, wherein the system data is harvested by a software agent installed on the IoT system. The TaaS server initially establishes a baseline characteristics profile for the IoT system, such that subsequently received system data from the software agent may be compared against the baseline characteristics profile to quickly identify discrepancies between the originally established baseline characteristics profile and current operating characteristics of the system. Such discrepancies may be caused by desirable software updates, in which case the discrepancies may be integrated into the baseline characteristics profile, or the discrepancies may result from the IoT system being undesirably compromised.

Claims

exact text as granted — not AI-modified
That which is claimed: 
     
         1 . A computer-implemented method for determining trust of an Internet of Things (IoT) system within a networked environment, the method comprising:
 receiving, via a communication interface in communication with the IoT system via the networked environment, system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system;   generating, via one or more processors, a baseline characteristics profile based at least in part on the system data;   storing the baseline characteristics profile within a storage device accessible to the one or more processors;   receiving, from the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and   determining whether the updated system data indicates that the IoT system is compromised by:
 comparing the updated system data against the baseline characteristics profile; and 
 upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy. 
   
     
     
         2 . The computer-implemented method of  claim 1 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data. 
     
     
         3 . The computer-implemented method of  claim 1 , wherein at least a portion of the system data is harvested from firmware of the IoT system. 
     
     
         4 . The computer-implemented method of  claim 1 , wherein the storage system is embodied as a blockchain ledger. 
     
     
         5 . The computer-implemented method of  claim 1 , further comprising steps for updating the baseline characteristics profile by:
 replacing at least a portion of the baseline characteristics profile with at least a portion of the updated system data.   
     
     
         6 . The computer-implemented method of  claim 1 , further comprising steps for generating an alert upon determining that the trust metric indicates that the IoT system is compromised. 
     
     
         7 . The computer-implemented method of  claim 1 , wherein:
 generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and   comparing the updated system data against the baseline characteristics profile comprises:
 generating a hash based on the updated system data; and 
 comparing the hash of the updated system data against the baseline characteristics profile. 
   
     
     
         8 . A system for determining trust of an Internet of Things (IoT) system within a networked environment, the system comprising:
 a communication interface in communication with the IoT system via the networked environment, wherein the communication interface is configured to receive system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system;   a storage device; and   one or more processors collectively configured to:
 generate a baseline characteristics profile based at least in part on the system data; 
 store the baseline characteristics profile within the storage device; 
 receive, via the communication interface in communication with the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and 
 determine whether the updated system data indicates that the IoT system is compromised by:
 comparing the updated system data against the baseline characteristics profile; and 
 upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy. 
 
   
     
     
         9 . The system of  claim 8 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data. 
     
     
         10 . The system of  claim 8 , wherein at least a portion of the system data is harvested from firmware of the IoT system. 
     
     
         11 . The system of  claim 8 , wherein the storage system is embodied as a blockchain ledger. 
     
     
         12 . The system of  claim 8 , wherein the one or more processors are further configured for updating the baseline characteristics profile by:
 replacing at least a portion of the baseline characteristics profile with at least a portion of the updated system data.   
     
     
         13 . The system of  claim 8 , wherein the one or more processors are further configured for generating an alert upon determining that the trust metric indicates that the IoT system is compromised. 
     
     
         14 . The system of  claim 8 , wherein:
 generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and   comparing the updated system data against the baseline characteristics profile comprises:
 generating a hash based on the updated system data; and 
 comparing the hash of the updated system data against the baseline characteristics profile. 
   
     
     
         15 . A non-transitory computer-readable storage medium comprising executable portions stored thereon, wherein the executable portions are configured to, when executed by a processor, cause the processor to:
 receive, via a communication interface in communication with an IoT system via a networked environment, system data indicative of artifacts of the IoT system harvested by a software agent installed on the IoT system;   generate a baseline characteristics profile based at least in part on the system data;   store the baseline characteristics profile within a storage device accessible to the one or more processors;   receive, from the software agent installed on the IoT system, updated system data indicative of updated artifacts harvested from the IoT system; and   determine whether the updated system data indicates that the IoT system is compromised by:
 comparing the updated system data against the baseline characteristics profile; and 
 upon detecting a discrepancy between the updated system data and the baseline characteristics profile, establishing a trust metric based at least in part on the detected discrepancy. 
   
     
     
         16 . The non-transitory computer readable storage medium of  claim 15 , wherein the system data comprises one or more of: system hardware data; system image data; application data; and system behavior data. 
     
     
         17 . The non-transitory computer readable storage medium of  claim 15 , wherein the storage system is embodied as a blockchain ledger. 
     
     
         18 . The non-transitory computer readable storage medium of  claim 15 , wherein the executable portions are further configured to, when executed by a processor, cause the processor to:
 replace at least a portion of the baseline characteristics profile with at least a portion of the updated system data.   
     
     
         19 . The non-transitory computer readable storage medium of  claim 15 , wherein the executable portions are further configured to, when executed by a processor, cause the processor to generate an alert upon determining that the trust metric indicates that the IoT system is compromised. 
     
     
         20 . The non-transitory computer readable storage medium of  claim 15 , wherein:
 generating the baseline characteristics profile comprises generating a hash based at least in part on the system data; and   comparing the updated system data against the baseline characteristics profile comprises:
 generating a hash based on the updated system data; and 
 comparing the hash of the updated system data against the baseline characteristics profile.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.