SECURE COMPUTING ENVIRONMENT IN A TRANSPORTABLE CONTAINER

US 20100306544A1
Filed: 06/02/2009
Published: 12/02/2010
Est. Priority Date: 06/02/2009
Status: Abandoned Application

First Claim

Patent Images

1. One or more computer-readable media comprising computer-executable instructions for protecting data within a secure container, the computer-executable instructions directed to steps comprising:

receiving a request, from a container server internal to the secure container, for a container server cryptographic key associated with the container server that enables the container server to access encrypted data;

receiving sensor data from one or more sensors of the secure container;

providing the container server cryptographic key to the requesting container server if the sensor data has been received in an uninterrupted manner since the secure container was last sealed and if the sensor data indicates that the secure container has remained sealed since it was last sealed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure container can comprise a security server, one or more container servers, and one or more sensors that can detect a breach of the physically secure computing environment provided by the container. A management server external to the container can be informed when the container is sealed and authorized and can subsequently provide a cryptographic key enabling the security server in the container to boot. Each container server can request and receive a cryptographic key from the security server enabling them to boot. If the container is breached, such keys can be withheld and any computing device that is powered off, or restarted, will be unable to complete a subsequent boot. If the container loses a support system and is degraded, so long as the security server does not lose power, it can provide the cryptographic keys to container servers restarted after the degradation is removed.

31 Citations

View as Search Results

20 Claims

1. One or more computer-readable media comprising computer-executable instructions for protecting data within a secure container, the computer-executable instructions directed to steps comprising:
- receiving a request, from a container server internal to the secure container, for a container server cryptographic key associated with the container server that enables the container server to access encrypted data;
  
  receiving sensor data from one or more sensors of the secure container;
  
  providing the container server cryptographic key to the requesting container server if the sensor data has been received in an uninterrupted manner since the secure container was last sealed and if the sensor data indicates that the secure container has remained sealed since it was last sealed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable media of claim 1, comprising further computer-executable instructions directed to requesting, from a management server external to the secure container, a security server cryptographic key to access encrypted data;
    - and utilizing the security server cryptographic key received from the management server to access security server encrypted data.
  - 3. The computer-readable media of claim 2, comprising further computer-executable instructions directed to storing the security server cryptographic key received from the management server only in volatile memory.
  - 4. The computer-readable media of claim 2, wherein the security server encrypted data comprises computer-executable instructions for booting a computing device executing the computer-executable instructions for protecting the data within the secure container.
  - 5. The computer-readable media of claim 1, wherein the computer-executable instructions directed to the providing the container server cryptographic key to the requesting container server further comprise computer-executable instructions directed to generating the container server cryptographic key if the requesting container server has not previously been provided any container server cryptographic key;
    - and storing the generated container server cryptographic key on non-volatile computer-readable storage media.
  - 6. The computer-readable media of claim 1, comprising further computer-executable instructions directed to determining, based on the sensor data, that the secure container has been breached;
    - and deleting container server cryptographic keys stored on non-volatile computer-readable storage media in response to the determining that the secure container has been breached.
  - 7. The computer-readable media of claim 6, comprising further computer-executable instructions directed to providing, in response to the determining that the secure container has been breached, the container server cryptographic keys to a management server external to the secure container prior to the deleting.

8. A secure container comprising:
- at least one connection to a network;
  
  one or more container servers providing services over the network, wherein at least one of the one or more container servers requires a container server cryptographic key to access its data;
  
  one or more sensors monitoring physical security of the secure container; and
  
  at least one security server communicationally coupled to the one or more container servers and the one or more sensors, wherein the at least one security server provides the container server cryptographic key to the at least one of the one or more container servers if the communicational coupling between the at least one security server and the one or more sensors has remained uninterrupted since the secure container was last sealed and if sensor data from the one or more sensors indicates that the secure container has remained sealed since it was last sealed.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The secure container of claim 8, further comprising a network switch communicationally coupled to the at least one connection to the network, the network switch establishing a secure network communicational connection between the at least one security server and a management server external to the secure container.
  - 10. The secure container of claim 9, wherein the management server provides a security server cryptographic key to the at least one security server if the secure container is authorized, and wherein further the security server requires the security server cryptographic key to access stored copies of container server cryptographic keys.
  - 11. The secure container of claim 10, wherein the security server stores the security server cryptographic key only in volatile memory.
  - 12. The secure container of claim 8, wherein the at least one of the one or more container servers stores the container server cryptographic key only in volatile memory.
  - 13. The secure container of claim 8, wherein the at least one security server generates the container server cryptographic key if the at least one of the one or more container servers has not previously been provided any container server cryptographic key and stores the generated container server cryptographic key on non-volatile computer-readable storage media.
  - 14. The secure container of claim 8, wherein the at least one security server determines, based on data from the one or more sensors, that the secure container has been breached and, in response to the determining, deletes container server cryptographic keys stored on non-volatile computer-readable storage media.
  - 15. The secure container of claim 14, wherein the at least one security server provides, in response to the determining that the secure container has been breached, the container server cryptographic keys to a management server external to the secure container prior to the deleting.
  - 16. The secure container of claim 8, wherein the at least one of the one or more container servers is a virtual container server process.

17. A method of authorizing a secure container comprising one or more container servers, one or more sensors and at least one security server, the method comprising the steps of:
- verifying proper operation of the one or more sensors;
  
  sealing the secure container after the verifying; and
  
  authorizing the secure container with a management server external to the secure container, the authorizing enabling the management server to provide a security server cryptographic key to the at least one security server, the security server cryptographic key enabling the at least one security server to access its data.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the secure container further comprises a network switch, the method further comprising the steps of provisioning, prior to the sealing, the network switch to provide for a secure network communicational connection between the at least one security server and the management server.
  - 19. The method of claim 17, wherein the at least one security server provides container server cryptographic keys to at least one of the one or more container servers if the one or more sensors have provided sensor data to the security server in an uninterrupted manner since the secure container was last sealed and if sensor data from the one or more sensors indicates that the secure container has remained sealed since it was last sealed.
  - 20. The method of claim 19, wherein the at least one security server stores the security server cryptographic key only in its volatile memory and wherein further the at least one of the one or more container servers stores the container server cryptographic key only in its volatile memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Olarig, Sompong Paul, Lionetti, Chris

Application Number

US12/476,890
Publication Number

US 20100306544A1
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/083   involving central third par...

SECURE COMPUTING ENVIRONMENT IN A TRANSPORTABLE CONTAINER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE COMPUTING ENVIRONMENT IN A TRANSPORTABLE CONTAINER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links