摘要:
Described is a system and method that protect certain classes of sensitive data traveling across an accessible transmission medium, such as an internal bus in a device, from automated attacks. The protection is particularly useful for resource-constrained and/or security constrained components. Automated attacks depend on analyzing data characteristics such as bit pattern signatures and/or frequency distributions to succeed. To preclude such automated attacks, various alternatives of the present invention internally alter the sensitive data at a data source prior to transmission, in a synchronized way such that the altered data is internally reversible at the destination resource. Data alteration includes interspersing random data into a data stream (e.g., bitstream or stream of packets), and interspersing data of varying length on the bus. Synchronization algorithms enable the data source and the destination resource to pad and remove the interspersed data in relatively complex ways even with resource-constrained and/or security constrained components.
摘要:
The present automatic update mechanism provides a method for periodically checking for updates to support a trusted environment. During the periodic check, an indication from an update service is received if there is a recommended update. Upon receiving the indication, a new revocation list is downloaded from the update service and saved as a pending revocation list. The pending revocation list is then available for on-demand update when protected content requests a higher level of protection on a computing device than the protection provided by a current level of protection on the computing device.