主权项 |
1. A method comprising:
receiving, by a trusted platform module of a computing device, a request from a program of the computing device to access information in a protected object, the request having multiple parts including a first part of the request identifying a first value for a monotonic counter associated with the protected object, a second part of the request identifying a second value for the monotonic counter, the second value having been incremented from the first value, and a third part of the request identifying an authorization value for the information, the protected object including the information and an associated policy, the policy having multiple policy entries including one or more conditions; responsive to the trusted platform module receiving the request, determining whether the one or more conditions for the program to access the information are satisfied, the determining including determining the one or more conditions are satisfied only if at least one of the multiple policy entries identifies as conditions the first value for the monotonic counter, the second value for the monotonic counter, and the authorization value for the information; allowing the program access to the information in response to the one or more conditions being satisfied; creating a new policy associated with the protected object in response to the one or more conditions being satisfied; denying the program access to the information in response to the one or more conditions not being satisfied; and locking, in response to the one or more conditions not being satisfied for a threshold number of requests from the program, the information for an indefinite amount of time to prevent the program from accessing the information. |