Technologies for secure server access using a trusted license agent
First Claim
1. A method for secure server access, the method comprising:
- loading, by a computing device, a license agent into a secure enclave established by a processor of the computing device;
binding, by the license agent, a machine identifier and a user identifier to an application license, wherein binding the machine identifier and the user identifier to the application license comprises transmitting the machine identifier and the user identifier to a remote server;
receiving, by the license agent, a request to access the remote server from an application of the computing device in response to binding the machine identifier and the user identifier to application license;
performing, by the license agent, remote attestation of the secure enclave with the remote server via secure connection between the license agent and the remote server;
authenticating, by the license agent, a user of the computing device;
transmitting, by the license agent, the machine identifier and the user identifier to the remote server via the secure connection in response to authenticating the user, wherein the machine identifier identifies the computing device and the user identifier identifies the user of the computing device; and
allowing, by the license agent, the application to access the secure connection with the remote server in response to authenticating the machine identifier and the user identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.
10 Citations
17 Claims
-
1. A method for secure server access, the method comprising:
-
loading, by a computing device, a license agent into a secure enclave established by a processor of the computing device; binding, by the license agent, a machine identifier and a user identifier to an application license, wherein binding the machine identifier and the user identifier to the application license comprises transmitting the machine identifier and the user identifier to a remote server; receiving, by the license agent, a request to access the remote server from an application of the computing device in response to binding the machine identifier and the user identifier to application license; performing, by the license agent, remote attestation of the secure enclave with the remote server via secure connection between the license agent and the remote server; authenticating, by the license agent, a user of the computing device; transmitting, by the license agent, the machine identifier and the user identifier to the remote server via the secure connection in response to authenticating the user, wherein the machine identifier identifies the computing device and the user identifier identifies the user of the computing device; and allowing, by the license agent, the application to access the secure connection with the remote server in response to authenticating the machine identifier and the user identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for secure server access, the method comprising:
-
binding, by a computing device, a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies a particular combination of a client computing device and a secure enclave established by a processor of the client computing device and the first user identifier identifies a particular user of the client computing device; opening, by the computing device, a secure connection with the client computing device; performing, by the computing device, remote attestation of the secure enclave of the client computing device via the secure connection; receiving, by the computing device, a second machine identifier and a second user identifier from the client computing device via the secure connection; determining, by the computing device, whether the second machine identifier matches the first machine identifier and whether the second user identifier matches the first user identifier; and allowing, by the computing device, the client computing device to access data of the computing device via the secure connection in response to (i) performing the remote attestation of the secure enclave and (ii) determining that the second machine identifier matches the first machine identifier and that the second user identifier matches the first user identifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification