ROLLBACK PROTECTION FOR LOGIN SECURITY POLICY

US 20130346757A1
Filed: 06/22/2012
Published: 12/26/2013
Est. Priority Date: 06/22/2012
Status: Active Grant

First Claim

Patent Images

1. A machine-Implemented method, comprising:

storing a user login metadata set for an operating system in a storage location;

registering a counter reading from a remote counter in a secure location separate from the storage location; and

determining a lockout state of the user login metadata set based on the counter reading.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.

38 Citations

View as Search Results

20 Claims

1. A machine-Implemented method, comprising:
- storing a user login metadata set for an operating system in a storage location;
  
  registering a counter reading from a remote counter in a secure location separate from the storage location; and
  
  determining a lockout state of the user login metadata set based on the counter reading.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - locating the secure location of the remote counter in a present encrypted location of a data storage.
  - 3. The method of claim 2, further comprising:
    - moving the remote counter to a subsequent encrypted location from the present encrypted location.
  - 4. The method of claim 1, further comprising:
    - registering a login attempt as triggering a counter movement.
  - 5. The method of claim 1, further comprising:
    - registering a monotonic counter reading of a protected monotonic counter as the counter reading of the remote counter.
  - 6. The method of claim 1, further comprising:
    - incrementing a protected monotonic counter upon a login attempt.
  - 7. The method of claim 1, further comprising:
    - incrementing a protected monotonic counter upon an unsuccessful login attempt.
  - 8. The method of claim 1, further comprising:
    - updating the user login metadata set when incrementing a protected monotonic counter.
  - 9. The method of claim 1, further comprising:
    - identifying a protected monotonic counter for the operating system using a boot configuration data set.
  - 10. The method of claim 1, further comprising:
    - creating a version number based on the counter reading from the remote counter.
  - 11. The method of claim 1, further comprising:
    - storing a version number based on the counter reading in the user login metadata set.

12. A tangible machine-readable medium having a set of instructions detailing a method stored thereon that when executed by one or more processors cause the one or more processors to perform the method, the method comprising:
- storing a user login metadata set for an operating system;
  
  protecting the user login metadata set using a protected module; and
  
  determining a lockout state of the user login metadata set using the protected module.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The tangible machine-readable medium of claim 12, wherein the method further comprises:
    - registering a secure counter reading of a secure counter stored in a secure variable.
  - 14. The tangible machine-readable medium of claim 13, wherein the method further comprises:
    - storing a secure timestamp with the secure variable having the secure counter
  - 15. The tangible machine-readable medium of claim 14, wherein the method further comprises:
    - signing the secure timestamp with a private key of the protected module.
  - 16. The tangible machine-readable medium of claim 12, wherein the method further comprises:
    - registering a monotonic counter reading of a protected monotonic counter of the protected module.
  - 17. The tangible machine-readable medium of claim 16, wherein the method further comprises:
    - storing a version number created from the protected monotonic counter reading in the user login metadata set.
  - 18. The tangible machine-readable medium of claim 16, wherein the method further comprises:
    - incrementing the protected monotonic counter upon a login attempt.

19. An encryption system, comprising:
- a protected module that executes a protected monotonic counter;
  
  a data storage that stores an Integrity protected data set having a version number created from a monotonic counter reading from the protected monotonic counter; and
  
  a processor that determines a lockout state of the integrity protected data set based in part on a comparison of the version number to a lockout counter reading of the protected monotonic counter.
- View Dependent Claims (20)
- - 20. The encryption system of claim 19, wherein the integrity protected data set is at least one of a user login metadata set, a user account, and an application trial period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nystrom, Magnus, Basmov, Innokentiy, Nick, Benjamin, Novotney, Peter, Grass, Micheal

Granted Patent

US 9,984,250 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/6245 Protecting personal data, e...

ROLLBACK PROTECTION FOR LOGIN SECURITY POLICY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

ROLLBACK PROTECTION FOR LOGIN SECURITY POLICY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others