Stateless attestation system

US 20090178138A1
Filed: 01/05/2009
Published: 07/09/2009
Est. Priority Date: 01/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

assessing a trustworthiness level of a user computer by communication between the user computer and a first server;

sending a record from the first server to the user computer, for storage by the user computer, indicating the trustworthiness level;

sending a request from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server;

providing the record from the user computer to the second server by communicating between the user computer and the second server; and

at the second server, extracting the trustworthiness level from the record, and conditionally allowing the requested service to be provided to the user computer depending on the extracted trustworthiness level.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level.

117 Citations

View as Search Results

24 Claims

1. A method, comprising:
- assessing a trustworthiness level of a user computer by communication between the user computer and a first server;
  
  sending a record from the first server to the user computer, for storage by the user computer, indicating the trustworthiness level;
  
  sending a request from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server;
  
  providing the record from the user computer to the second server by communicating between the user computer and the second server; and
  
  at the second server, extracting the trustworthiness level from the record, and conditionally allowing the requested service to be provided to the user computer depending on the extracted trustworthiness level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein the user computer runs a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with the second server and is isolated from the first operating environment, and wherein assessing the trustworthiness level of the user computer comprises assessing the trustworthiness level of the second operating environment.
  - 3. The method according to claim 1, wherein assessing the trustworthiness level comprises obtaining from the user computer information regarding a configuration of the user computer, and computing the trustworthiness level based on the obtained information.
  - 4. The method according to claim 3, wherein obtaining the information comprises obtaining a secure signature of at least part of an operating system of the user computer, and wherein computing the trustworthiness level comprises comparing the obtained signature to a list of legitimate signatures.
  - 5. The method according to claim 1, wherein sending the record comprises signing the record with a secure signature by the first server.
  - 6. The method according to claim 1, wherein sending the record comprises encrypting the record by the first server.
  - 7. The method according to claim 1, wherein sending the record comprises including in the record at least one parameter selected from a group of parameters consisting of a time stamp indicating a time at which the trustworthiness was assessed, a unique identifier of the user computer provided to the first server upon initial interaction with the user computer, a Platform Configuration Register (PCR) obtained from a Trusted Platform Module (TPM) in the user computer, an indication of a network location of the user computer, an identity of a user of the user computer, and an identifier of a trusted site with which the user computer communicates.
  - 8. The method according to claim 1, wherein assessing the trustworthiness comprises obtaining from the user computer a value of a secure counter that is incremented in accordance with predefined logic during each interaction of the user computer with the first server, and wherein sending the record comprises storing the value of the secure counter in the record.
  - 9. The method according to claim 1, wherein the first server comprises multiple first servers, and wherein assessing the trustworthiness comprises obtaining from the user computer a value of a secure counter that is incremented in accordance with predefined logic during each interaction of the user computer with the first servers, and detecting, based on the value of the secure counter, that a previous interaction of the user computer with one of the first servers was terminated abnormally.
  - 10. The method according to claim 9, wherein detecting that the previous interaction was terminated abnormally comprises verifying whether the value of the secure counter is an integer multiple of a predefined number.
  - 11. The method according to claim 9, wherein obtaining the value comprises obtaining from the user computer a first value of the secure counter that is stored in the record, and a second value indicating a current value of the secure counter, and wherein detecting that the previous interaction was terminated abnormally comprises comparing the first value to the second value.
  - 12. The method according to claim 1, and comprising, responsively to allowing the requested service, communicating between the user computer and the second server so as to provide the service.

13. A computer system, comprising:
- one or more first servers, which are configured to assess respective trustworthiness levels of user computers, and to forward records indicating the assessed trustworthiness levels to the user computers; and
  
  a second server, separate from the first servers, which is configured to obtain the records from the user computers along with requests from the user computers for a service to be provided by the second server, to extract the trustworthiness levels from the records, and to conditionally provide the service to the user computers depending on the extracted trustworthiness levels.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system according to claim 13, wherein at least one of the user computers runs a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with the second server and is isolated from the first operating environment, and wherein at least one of the first servers is configured to assess the trustworthiness level of the second operating environment.
  - 15. The system according to claim 13, wherein at least one of the first servers is configured to obtain from a given user computer information regarding a configuration of the given user computer, and to compute a trustworthiness level of the given user computer based on the obtained information.
  - 16. The system according to claim 15, wherein the at least one of the first servers is configured to obtain from the given user computer a secure signature of at least part of an operating system of the given user computer, and to compare the obtained signature to a list of legitimate signatures.
  - 17. The system according to claim 13, wherein at least one of the first servers is configured to sign the records with secure signatures.
  - 18. The system according to claim 13, wherein at least one of the first servers is configured to encrypt the records.
  - 19. The system according to claim 13, wherein at least one of the first servers is configured to include in the records at least one parameter selected from a group of parameters consisting of a time stamp indicating a time at which a given trustworthiness was assessed, a unique identifier of a given user computer provided upon initial interaction with the given user computer, a Platform Configuration Register (PCR) obtained from a Trusted Platform Module (TPM) in the given user computer, an indication of a network location of the given user computer, an identity of a user of the given user computer, and an identifier of a trusted site with which the given user computer communicates.
  - 20. The system according to claim 13, wherein at least one of the first servers is configured to obtain from a given user computer a value of a secure counter that is incremented in accordance with predefined logic during each interaction of the given user computer with the first servers, and to store the value of the secure counter in a record forwarded to the given user computer.
  - 21. The system according to claim 13, wherein at least one of the first servers is configured to obtain from a given user computer a value of a secure counter that is incremented in accordance with predefined logic during each interaction of the given user computer with the first servers, and to detect, based on the value of the secure counter, that a previous interaction of the given user computer with one of the first servers was terminated abnormally.
  - 22. The system according to claim 21, wherein the at least one of the first servers is configured to detect that the previous interaction was terminated abnormally by checking whether the value of the secure counter is an integer multiple of a predefined number.
  - 23. The system according to claim 21, wherein the at least one of the first servers is configured to obtain from the given user computer a first value of the secure counter that is stored in the record, and a second value indicating a current value of the secure counter, and to detect that the previous interaction was terminated abnormally by comparing the first value to the second value.
  - 24. The system according to claim 13, wherein the second server is configured to communicate with a given user computer and to provide the service to the given user computer responsively to allowing the requested service to the given user computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Neocleus Israel Limited
Inventors
Weiss, Yoav, Bogner, Etay

Granted Patent

US 8,474,037 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

Stateless attestation system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Stateless attestation system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links