Zero-trust systems run on trust scores — a continuously updated judgment of how much a given device or user should be trusted, which in turn governs what they're allowed to do. The interesting and underexamined question is what feeds those scores. Most rely on software and network signals: patch level, behavior, location. But software signals can be faked by software, and an attacker who controls a device controls what it reports about itself.
The grant US11316851B2, "Security for network environment using trust scoring based on power consumption of devices within network" (issued April 26, 2022, assigned to EMC IP Holding Company LLC), reaches for a signal that's harder to forge. Its CPC classifications combine the access class H04L 63/0876 and H04L 63/105 with the machine-learning class G06N 20/00 and, tellingly, G06F 1/28 — power management — describing trust derived partly from physical behavior.
“Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security mechanisms for network environments.”— U.S. Patent No. 11,316,851 source
The mechanism worth understanding is that physical characteristics are difficult to spoof from software. A device's power-consumption pattern reflects what it's actually doing at the hardware level; a device running unexpected processes — mining, exfiltrating, executing malware — may consume power in ways that don't match its claimed activity. Because power draw is a physical-layer signal, it's much harder for compromising software to fake than a self-reported software attestation.
For defenders, the conceptual takeaway is the value of out-of-band signals. The strongest evidence about a device often comes from a layer the attacker doesn't control — and physical-layer signals like power consumption are a category most threat models overlook entirely. This is especially relevant for IoT and embedded devices, where software-based attestation is weak but power behavior is observable.
The practical limits are real: power signals are noisy, vary with legitimate load, and require infrastructure to measure. The patent isn't proposing power as the sole basis for trust but as one input among many. Its real interest is the principle it embodies — that the most trustworthy security signals are often the ones the attacker can't reach to manipulate.