Abstract: A software system that transforms an original application into an STPM enabled application and runs the enabled application. At protect time, an anti-tamper tool accepts the original application, uses anti-tamper techniques to create a guarded application, creates a security wrapper according to a policy file, and wraps the guarded application to create the STPM enabled application. A trusted service provider is inserted at the entry point of the enabled application. A set of core services is made accessible to the enabled application through the trusted service provider. At runtime the trusted service provider creates a TSP thread and passes a security file to an STPM device driver implementing TPM functionality and protected by anti-tamper techniques. The TSP thread actively monitors the enabled application and interacts with the STPM device driver through the set of core services.

Abstract: The present automatic update mechanism provides a method for periodically checking for updates to support a trusted environment. During the periodic check, an indication from an update service is received if there is a recommended update. Upon receiving the indication, a new revocation list is downloaded from the update service and saved as a pending revocation list. The pending revocation list is then available for on-demand update when protected content requests a higher level of protection on a computing device than the protection provided by a current level of protection on the computing device.

Abstract: Described is a system and method that protect certain classes of sensitive data traveling across an accessible transmission medium, such as an internal bus in a device, from automated attacks. The protection is particularly useful for resource-constrained and/or security constrained components. Automated attacks depend on analyzing data characteristics such as bit pattern signatures and/or frequency distributions to succeed. To preclude such automated attacks, various alternatives of the present invention internally alter the sensitive data at a data source prior to transmission, in a synchronized way such that the altered data is internally reversible at the destination resource. Data alteration includes interspersing random data into a data stream (e.g., bitstream or stream of packets), and interspersing data of varying length on the bus.