TECHNOLOGIES FOR SECURE SERVER ACCESS USING A TRUSTED LICENSE AGENT
First Claim
1. A computing device for secure server access, the computing device comprising:
- a processor that includes secure enclave support;
a license agent loader module to load a license agent into a secure enclave;
an application request module to receive, by the license agent, a request to access a remote server from an application of the computing device;
an attestation module to perform, by the license agent, remote attestation of the secure enclave with the remote server via secure connection between the license agent and the remote server;
a user authentication module to authenticate, by the license agent, a user of the computing device; and
a server access module to (i) transmit, by the license agent, a machine identifier and a user identifier to the remote server via the secure connection in response to authentication of the user, wherein the machine identifier identifies the computing device and the user identifier identifies the user of the computing device; and
(ii) allow, by the license agent, the application to access the secure connection with the remote server in response to authentication of the machine identifier and the user identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for secure server access include a client computing device that loads a license agent into a secure enclave established by a processor of the client computing device. The license agent receives a request from an application to access a remote server device. The license agent opens a secure connection with the server device and performs remote attestation of the secure enclave. The license agent authenticates the user and transmits a machine identifier and a user identifier to the server device. The machine identifier may be based on an enclave sealing key of the client computing device. The server device verifies that the machine identifier and the user identifier are bound to a valid application license. If the machine identifier and the user identifier are successfully verified, the application communicates with the server device using the secure connection. Other embodiments are described and claimed.
-
Citations
22 Claims
-
1. A computing device for secure server access, the computing device comprising:
-
a processor that includes secure enclave support; a license agent loader module to load a license agent into a secure enclave; an application request module to receive, by the license agent, a request to access a remote server from an application of the computing device; an attestation module to perform, by the license agent, remote attestation of the secure enclave with the remote server via secure connection between the license agent and the remote server; a user authentication module to authenticate, by the license agent, a user of the computing device; and a server access module to (i) transmit, by the license agent, a machine identifier and a user identifier to the remote server via the secure connection in response to authentication of the user, wherein the machine identifier identifies the computing device and the user identifier identifies the user of the computing device; and
(ii) allow, by the license agent, the application to access the secure connection with the remote server in response to authentication of the machine identifier and the user identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
load a license agent into a secure enclave established by a processor of the computing device; receive, by the license agent, a request to access a remote server from an application of the computing device; perform, by the license agent, remote attestation of the secure enclave with the remote server via secure connection between the license agent and the remote server; authenticate, by the license agent, a user of the computing device; transmit, by the license agent, a machine identifier and a user identifier to the remote server via the secure connection in response to authenticating the user, wherein the machine identifier identifies the computing device and the user identifier identifies the user of the computing device; and allow, by the license agent, the application to access the secure connection with the remote server in response to authenticating the machine identifier and the user identifier. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computing device for secure server access, the computing device comprising:
-
an application license module to bind a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies a particular combination of a client computing device and a secure enclave established by a processor of the client computing device and the first user identifier identifies a particular user of the client computing device; a client computing device module to open a secure connection with the client computing device; an attestation module to perform remote attestation of the secure enclave of the client computing device via the secure connection; and an access verification module to (i) receive a second machine identifier and a second user identifier from the client computing device via the secure connection and (ii) determine whether the second machine identifier matches the first machine identifier and whether the second user identifier matches the first user identifier; wherein the client computing device module is further to allow the client computing device to access data of the computing device via the secure connection in response to (i) performance of the remote attestation of the secure enclave and (ii) a determination that the second machine identifier matches the first machine identifier and that the second user identifier matches the first user identifier. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
bind a first machine identifier and a first user identifier to an application license, wherein the first machine identifier identifies a particular combination of a client computing device and a secure enclave established by a processor of the client computing device and wherein the first user identifier identifies a particular user of the client computing device; open a secure connection with the client computing device; perform remote attestation of the secure enclave of the client computing device via the secure connection; receive a second machine identifier and a second user identifier from the client computing device via the secure connection; determine whether the second machine identifier matches the first machine identifier and whether the second user identifier matches the first user identifier; and allow the client computing device to access data of the computing device via the secure connection in response to (i) performing the remote attestation of the secure enclave and (ii) determining that the second machine identifier matches the first machine identifier and that the second user identifier matches the first user identifier. - View Dependent Claims (20, 21, 22)
-
Specification