Used trusted co-servers to enhance security of web interaction
First Claim
1. A method, comprised of enhancing a computational service to each client of a plurality of clients, by:
- moving a selected portion of a computation from a server into a trusted co-server executing inside a secure coprocessor;
allowing each client to interact with the server and the co-server; and
using the trusted co-server as a trusted third party to authenticate interactions between the client and the server; and
wherein the moving step includes the steps ofi) installing a device private/public key pair on the co-server,ii) installing co-server application software in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair,iii) the co-server application software then generating an application key pair including a public key and a private key,iv) using the co-server application'"'"'s ability to authenticate itself with said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application,v) the certificate authority then issuing a certificate attesting to the public key of said application key pair and the entity to which said public key belongs, andvi) the co-server application storing said certificate,the step of using the trusted co-server includes the steps ofi) establishing a session between the client and the co-server application, andii) indicating to the client that the co-server application demonstrates knowledge of the private key of said application key pair to provide assurance of the authenticity of communication from the trusted co-server.
1 Assignment
0 Petitions
Accused Products
Abstract
A trusted co-server, and a method of using a trusted co-server, for a service provider. The co-server executes a program such that: for multiple parties P0–Pn (where Po is said co-server), each party Pi may (optionally) provide input Ii, and then said co-server carries out N functions: Fi (io . . . In) describes what the co-server returns to party Pi. The preferred embodiment of the invention raises the trust level of the computation and data storage at the server. For instance, this invention may be witness to authenticity of certain data coming back to the client. This data can include assertions from the trusted co-server about the server content and configuration. The invention, also, can provide privacy of data going back to the server, by keeping it encrypted between the client and the co-server, and then re-encrypting it before inserting it into the server. With this invention, the user can trust the integrity of the computation occurring at the co-server—even if the server operator might be motivated to subvert it. The co-server also provides a trusted haven for computation relevant to third parties who may also have an interest in the client-server interaction.
-
Citations
42 Claims
-
1. A method, comprised of enhancing a computational service to each client of a plurality of clients, by:
-
moving a selected portion of a computation from a server into a trusted co-server executing inside a secure coprocessor; allowing each client to interact with the server and the co-server; and using the trusted co-server as a trusted third party to authenticate interactions between the client and the server; and wherein the moving step includes the steps of i) installing a device private/public key pair on the co-server, ii) installing co-server application software in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair, iii) the co-server application software then generating an application key pair including a public key and a private key, iv) using the co-server application'"'"'s ability to authenticate itself with said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, v) the certificate authority then issuing a certificate attesting to the public key of said application key pair and the entity to which said public key belongs, and vi) the co-server application storing said certificate, the step of using the trusted co-server includes the steps of i) establishing a session between the client and the co-server application, and ii) indicating to the client that the co-server application demonstrates knowledge of the private key of said application key pair to provide assurance of the authenticity of communication from the trusted co-server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for enhancing a service to provide security and/or privacy to each client of a plurality of clients, said service including computation on a server controlled by an operator, the method comprising:
-
moving a selected portion of said computation from a server controlled by said operator into a trusted co-server executing inside a secure coprocessor; allowing clients to interact with the server through the co-server; and using the trusted co-server as a trusted third party to authenticate interactions between the client and the server; and wherein the moving step includes the steps of i) installing a device private/public key pair on the co-server, ii) installing co-server application software in the trusted co-server, said co-server application software having an ability to authenticate itself with said device key pair, iii) the co-server application software then generating an application key pair including a public key and a private key, iv) using the co-server application'"'"'s ability to authenticate itself with said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, v) the certificate authority then issuing a certificate attesting to the public key of said application key pair and the entity to which said public key belongs, and vi) the co-server application storing said certificate, the step of using the trusted co-server includes the steps of i) establishing a session between the client and the co-server application, and ii) indicating to the client that the co-server application demonstrates knowledge of the private key of said application key pair to provide assurance of the authenticity of communication from the trusted co-server. - View Dependent Claims (32)
-
-
33. A method for enhancing a service including computation on a server controlled by an operator, the method comprising:
-
providing at least one security and privacy property to at least one client of a plurality of clients by; moving a selected portion of said computation from a server controlled by said operator into a trusted co-server executing inside a secure coprocessor; enabling clients to interact with the server and the co-server; and using the trusted co-server as a trusted third party to authenticate interactions between the client and the server; and wherein the moving step includes the steps of i) installing a device private/public key pair on the co-server, ii) installing co-server application software in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair, iii) the co-server application software then generating an application key pair including a public key and a private key, iv) using the co-server application'"'"'s ability to authenticate itself with said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, v) the certificate authority then issuing a certificate attesting to the public key of said application key pair and the entity to which said public key belongs, and vi) the co-server application storing said certificate, the step of using the trusted co-server includes the steps of i) establishing a session between the client and the co-server application, and ii) indicating to the client that the co-server application demonstrates knowledge of the private key of said application key pair to provide assurance of the authenticity of communication from the trusted co-server.
-
-
34. A trusted co-server, executing a program such that:
-
for multiple parties, including a Web server, a remote client and said co-server, each party provides input, and then the co-server carries out for each party, a function on all these inputs, and output to said each party; and wherein the co-server executes so as to authenticate interactions between the client and the Web server so that said parties can authenticate and trust the correct execution of the co-server, in interactions between the client and the co-server, despite attempts by the Web server to subvert said execution; and wherein a device private/public key pair and co-server application software is installed in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair, and said co-server application software generates an application key pair including a public key and a private key, said co-server authenticates itself using said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, the certificate authority then issues a certificate attesting to the public key of said application key pair and the entity to which said public key pair belongs, and the co-server application stores said certificate, and when a session is established between the client and the co-server application, the client is informed that the co-server application has knowledge of the private key of said key pair to provide assurance of the authenticity of communications from the trusted co-server. - View Dependent Claims (35, 36)
-
-
37. A method of enhancing the security of a Web based transaction utilizing a server, the method comprising the steps:
-
providing the server with a trusted co-server; and using the trusted co-server to execute a program such that; for multiple parties, each party provides input and then said co-server carries out for each party, a function on all these inputs to authenticate interactions between the party and the server and the parties trust interactions between the parties and the servers and wherein a device private/public key pair and co-server application software is installed in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair, and said co-server application software generates a key pair including a public key and a private key, said co-server authenticates itself using said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, the certificate authority then issues a certificate attesting to the public key of said application key pair and the entity to which said public key pair belongs, and the co-server application stores said certificate, and when a session is established between the client and the co-server application, the client is informed that the co-server application has knowledge of the private key of said key pair to provide assurance of the authenticity of communications from the trusted co-server. - View Dependent Claims (38, 39)
-
-
40. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for enhancing a computational service to at least one client of a plurality of clients, said method steps comprising:
-
moving a selected portion of a computation from a server into a trusted co-server executing inside a secure coprocessor; allowing each client to interact with the server and the co-server; and using the trusted co-server as a trusted third party to authenticate interactions between the client and the server; and wherein the moving step includes the steps of; i) installing a device private/public key pair on the co-server, ii) installing co-server application software in the trusted co-server, said co-server application software having an ability to authenticate itself using said device key pair, iii) the co-server application software then generating an application key pair including a public key and a private key, iv) using the co-server application'"'"'s ability to authenticate itself with said device key pair to prove to a certificate authority that said application key pair belongs to an installation of said co-server application, v) the certificate authority then issuing a certificate attesting to the public key of said application key pair and the entity to which said public key belongs, and vi) the co-server application storing said certificate, the step of using the trusted co-server includes the steps of i) establishing a session between the client and the co-server application, and ii) indicating to the client that the co-server application demonstrates knowledge of the private key of said application key pair to provide assurance of the authenticity of communication from the trusted co-server. - View Dependent Claims (41, 42)
-
Specification