US2023004648A1PendingUtilityA1

Firmware Integrity Check Using Silver Measurements

Assignee: ABSOLUTE SOFTWARE CORPPriority: Aug 22, 2017Filed: Sep 9, 2022Published: Jan 5, 2023
Est. expiryAug 22, 2037(~11.1 yrs left)· nominal 20-yr term from priority
G06F 21/55H04L 63/14G06F 21/572H04W 12/12G06F 21/577G06F 21/73G06F 21/74G06F 21/57
64
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Claims

exact text as granted — not AI-modified
1 . A method for protecting electronic devices comprising:
 receiving, by a processor, an identically-performed firmware measurement from each of a first threshold number electronic devices that have an identical make, model and firmware version number;   determining, by the processor, that a second threshold number of said firmware measurements are identical;   defining, by the processor, a silver measurement to be one of said identical firmware measurements;   receiving, by the processor, a further identically-performed firmware measurement from each of further electronic devices that have the identical make, model and firmware version number;   for those of the further electronic devices providing firmware measurements that equal the silver measurement, the processor permitting unhindered use thereof; and   for those of the further electronic devices providing firmware measurements that do not equal the silver measurement, the processor taking a security action therefor.   
     
     
         2 . The method of  claim 1 , wherein the security action is a restriction of use. 
     
     
         3 . The method of  claim 1  further comprising, for one of the further electronic devices providing firmware measurements that equal the silver measurement:
 determining, by the processor, that it has firmware that is out of date. 
 
     
     
         4 . The method of  claim 1 , further comprising:
 receiving, by the processor, a different firmware version number from another electronic device that has the identical make and model;   determining, by the processor, that the different firmware version number is earlier than the identical version number; and   generating, by the processor, a security alert indicating that a firmware of the other electronic device has been rolled back.   
     
     
         5 . The method of  claim 1  further comprising, for one of the further electronic devices providing firmware measurements that do not equal the silver measurement:
 determining, by the processor, that a non-volatile memory in which firmware of said one further electronic device is stored is not properly locked. 
 
     
     
         6 . The method of  claim 1 , wherein the firmware measurements are based on either:
 one or more volumes of firmware;   the firmware version number and a date of the firmware; or   a time of the firmware.   
     
     
         7 . The method of  claim 1 , wherein the firmware measurements are of either:
 a BIOS (Basic Input/Output System), or   a UEFI (Unified Extensible Firmware Interface).   
     
     
         8 . The method of  claim 1 , further comprising storing, by the processor, all said firmware measurements in a database. 
     
     
         9 . The method of  claim 1 , wherein the first threshold number is equal to the second threshold number. 
     
     
         10 . The method of  claim 1 , wherein the first threshold number is greater than the second threshold number, the method further comprising:
 permitting, by the processor, continued unhindered use of those of the electronic devices that have a firmware measurement equal to the silver measurement; and   taking, by the processor, another security action, with respect to those of the electronic devices that have a firmware measurement different from the silver measurement.   
     
     
         11 . The method of  claim 1 , wherein each of all said firmware measurements is performed by an application running in volatile memory in either one of the electronic devices or one of the further electronic devices. 
     
     
         12 . The method of  claim 11 , wherein each application is maintained to be present and functional by an operating system agent running under an operating system of the respective electronic device or further electronic device. 
     
     
         13 . The method of  claim 12 , wherein each operating system agent is maintained to be present and functional by a persistent agent present in non-volatile memory of the respective electronic device or further electronic device. 
     
     
         14 . The method of  claim 1 , wherein all said firmware measurements are hashes of firmware instructions and not of firmware data or firmware settings. 
     
     
         15 . A system for protecting electronic devices comprising:
 a server;   a processor in the server; and   a non-transient computer readable memory in the server that stores instructions, which, when executed by the processor, cause the server to:
 receive an identically-performed firmware measurement from each of a first threshold number electronic devices that have an identical make, model and firmware version number; 
 determine that a second threshold number of said firmware measurements are identical; 
 define a silver measurement to be one of said identical firmware measurements; 
 receive a further identically-performed firmware measurement from each of further electronic devices that have the identical make, model and firmware version number; 
 for those of the further electronic devices providing firmware measurements that equal the silver measurement, permit unhindered use thereof; and 
 for those of the further electronic devices providing firmware measurements that do not equal the silver measurement, take a security action therefor. 
   
     
     
         16 . The system of  claim 15 , further comprising in each of the electronic devices and each of the further electronic devices:
 a firmware measurement application running in volatile memory;   an operating system agent running under an operating system and configured to maintain the firmware measurement application present and functional; and   a persistent agent in non-volatile memory configured to maintain the operating system agent present and functional.   
     
     
         17 . The system of  claim 15 , wherein all said firmware measurements are hashes of firmware instructions and not of firmware data or firmware settings. 
     
     
         18 . A non-transient computer-readable medium that stores instructions, which, when executed by a processor, cause the processor to
 receive an identically-performed firmware measurement from each of a first threshold number electronic devices that have an identical make, model and firmware version number;   determine that a second threshold number of said firmware measurements are identical;   define a silver measurement to be one of said identical firmware measurements;   receive a further identically-performed firmware measurement from each of further electronic devices that have the identical make, model and firmware version number;   for those of the further electronic devices providing firmware measurements that equal the silver measurement, permit unhindered use thereof; and   for those of the further electronic devices providing firmware measurements that do not equal the silver measurement, take a security action therefor.   
     
     
         19 . The non-transient computer-readable medium of  claim 18 , wherein all said firmware measurements are hashes of firmware instructions and not of firmware data or firmware settings.

Join the waitlist — get patent alerts

Track US2023004648A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.