US2023216878A1PendingUtilityA1

Threat prevention by selective feature deprivation

54
Assignee: INTEL CORPPriority: Dec 23, 2020Filed: Dec 20, 2022Published: Jul 6, 2023
Est. expiryDec 23, 2040(~14.5 yrs left)· nominal 20-yr term from priority
H04L 63/1433H04L 63/102H04L 63/105H04L 63/108G06F 21/577G06F 21/568
54
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method of preventing exploitation of a vulnerability of a computing system includes generating a deprivation token to cause disabling of a selected one or more features of a component of the computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system for distribution to affected computing systems.

Claims

exact text as granted — not AI-modified
1 . An apparatus comprising:
 a processing device; and   a memory device coupled to the processing device, the memory device having instructions stored thereon that, in response to execution by the processing device, cause the processing device to:
 generate a deprivation token to cause disabling of a selected one or more features of a component of a computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and 
 publish the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system. 
   
     
     
         2 . The apparatus of  claim 1 , comprising instructions stored in the memory device that, in response to execution by the processing device, cause the processing device to:
 distribute the derivation token to the computing system.   
     
     
         3 . The apparatus of  claim 1 , wherein the computing system comprises at least one of an affected enterprise computing system and a personal computing system. 
     
     
         4 . The apparatus of  claim 1 , comprising instructions stored in the memory device that, in response to execution by the processing device, cause the processing device to determine the selected one or more features that can be disabled, without causing the computing system to malfunction, at a time of design or manufacturing of the component. 
     
     
         5 . The apparatus of  claim 1 , comprising instructions stored in the memory device that, in response to execution by the processing device, cause the processing device to determine if the vulnerability exists for the selected one or more features. 
     
     
         6 . The apparatus of  claim 1 , wherein the deprivation token comprises a vulnerability identifier (ID), a valid time, one or more feature IDs, and a digital signature. 
     
     
         7 . The apparatus of  claim 6 , comprising instructions stored in the memory device that, in response to execution by the processing device, cause the processing device to digitally sign the deprivation token prior to publishing the derivation token. 
     
     
         8 . The apparatus of  claim 6 , wherein the deprivation token comprises an enablement field to cause re-enabling of a previously disabled selected one or more features on the computing system. 
     
     
         9 . The apparatus of  claim 6 , wherein the valid time to cause disabling of the selected one or more features for a specified time period. 
     
     
         10 . The apparatus of  claim 1 , wherein the component comprises a processor and the feature is a hardware capability of the processor. 
     
     
         11 . The apparatus of  claim 1 , comprising including the deprivation token in a firmware update to the computing system. 
     
     
         12 . A computer-implemented method comprising:
 generating a deprivation token to cause disabling of a selected one or more features of a component of a computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and   publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system.   
     
     
         13 . The computer-implemented method of  claim 12 , comprising distributing the derivation token to the computing system. 
     
     
         14 . The computer-implemented method of  claim 12 , comprising determining the selected one or more features that can be disabled, without causing the computing system to malfunction, at a time of design or manufacturing of the component. 
     
     
         15 . The computer-implemented method of  claim 12 , comprising determining if the vulnerability exists for the selected one or more features. 
     
     
         16 . The computer-implemented method of  claim 12 , wherein the deprivation token comprises a vulnerability identifier (ID), a valid time, one or more feature IDs, and a digital signature. 
     
     
         17 . The computer-implemented method of  claim 16 , comprising digitally signing the deprivation token prior to publishing the derivation token. 
     
     
         18 . (canceled) 
     
     
         19 . (canceled) 
     
     
         20 . At least one non-transitory machine-readable storage medium comprising instructions that, when executed, cause at least one processor to:
 generate a deprivation token to cause disabling of a selected one or more features of a component of a computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and   publish the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system.   
     
     
         21 . The at least one non-transitory machine-readable storage medium of  claim 20  comprising instructions that, when executed, cause at least one processor to distribute the derivation token to the computing system. 
     
     
         22 . The at least one non-transitory machine-readable storage medium of  claim 20  comprising instructions that, when executed, cause at least one processor to determine the selected one or more features that can be disabled, without causing the computing system to malfunction, at a time of design or manufacturing of the component. 
     
     
         23 . (canceled) 
     
     
         24 . (canceled) 
     
     
         25 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.