Systems and methods for demonstrating authenticity of a virtual machine using a security image

US 7,565,535 B2
Filed: 05/06/2005
Issued: 07/21/2009
Est. Priority Date: 05/06/2005
Status: Active Grant

First Claim

Patent Images

1. In a computer system comprising a plurality of operating systems in a virtual machine arrangement, such that multiple operating systems simultaneously utilize processing resources associated with said computer system, a method for demonstrating that a User Interface (UI) associated with a one of said operating systems is authentic, said method comprising:

measuring, by a first operating system, digital information associated with a second operating system, and thereby obtaining a value;

comparing said value to a previously measured value for the digital information;

obtaining an image, wherein said image is only accessible if said value matches said previously measured value, wherein obtaining the image indicates that the user interface was authenticated; and

indicating to the user that the user interface was authenticated by displaying said image in a non-client area frame surrounding a display space for said second operating system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.

Citations

20 Claims

1. In a computer system comprising a plurality of operating systems in a virtual machine arrangement, such that multiple operating systems simultaneously utilize processing resources associated with said computer system, a method for demonstrating that a User Interface (UI) associated with a one of said operating systems is authentic, said method comprising:
- measuring, by a first operating system, digital information associated with a second operating system, and thereby obtaining a value;
  
  comparing said value to a previously measured value for the digital information;
  
  obtaining an image, wherein said image is only accessible if said value matches said previously measured value, wherein obtaining the image indicates that the user interface was authenticated; and
  
  indicating to the user that the user interface was authenticated by displaying said image in a non-client area frame surrounding a display space for said second operating system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said obtaining an image is accomplished by requesting a Hardware Security Module (HSM) to release said image.
  - 3. The method of claim 2 wherein said Hardware Security Module (HSM) is a Trusted Platform Module (TPM).
  - 4. The method of claim 1 wherein said image is initially selected by a user.
  - 5. The method of claim 4, further comprising displaying a selection of images for the user to choose from.
  - 6. The method of claim 5 wherein said at least one of said selection of images is generated by modifying at least one original image to produce a modified image.

7. A computer readable storage medium bearing instructions that when processed by a processor cause the processor to implement a method for displaying an image in a non-client area frame for a display space associated with an operating system, said instructions comprising:
- instructions for measuring digital information associated with said operating system, and thereby obtaining a value;
  
  instructions for comparing said value to a previously measured value for the digital information;
  
  instructions for obtaining an image, wherein said image is only accessible if said value matches said previously measured value, wherein obtaining the image indicates that the user interface was authenticated; and
  
  instructions for displaying said image in said non-client area frame surrounding a display space for said operating system, wherein displaying the image indicates to the user that the user interface is authenticated.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer readable storage medium of claim 7 wherein said instructions for obtaining an image comprise instructions for requesting a Hardware Security Module (HSM) to release said image.
  - 9. The computer readable storage medium of claim 8 wherein said Hardware Security Module (HSM) is a Trusted Platform Module (TPM).
  - 10. The computer readable storage medium of claim 7 wherein said image is initially selected by a user.
  - 11. The computer readable storage medium of claim 10, further comprising instructions for displaying a selection of images for the user to choose from.
  - 12. The computer readable storage medium of claim 11 wherein said at least one of said selection of images is generated by modifying at least one original image to produce a modified image.

13. A computer system comprising means for displaying an image in a non-client area frame on a display device associated with an operating system, said means comprising:
- means for measuring digital information associated with said operating system, and thereby obtaining a value;
  
  means for comparing said value to a previously measured value for the digital information;
  
  means for obtaining an image, wherein said image is only accessible if said value matches said previously measured value, wherein obtaining the image indicates that the operating system was authenticated; and
  
  means for displaying said image in said non-client area frame on said display device to demonstrate that said operating system is trusted.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer system of claim 13 wherein said means for obtaining an image comprise means for requesting a Hardware Security Module (HSM) to release said image.
  - 15. The computer system of claim 14 wherein said Hardware Security Module (HSM) is a Trusted Platform Module (TPM).
  - 16. The computer system of claim 13 wherein said image is initially selected by a user.
  - 17. The computer system of claim 16, further comprising means for displaying a selection of images for the user to choose from.
  - 18. The computer system of claim 17 wherein said at least one of said selection of images is generated by modifying at least one original image to produce a modified image.
  - 19. The computer system of claim 13 wherein said means for displaying said image on a display device to demonstrate that said operating system is trusted comprises means for placing said image in a non-client area frame for said operating system.
  - 20. The computer system of claim 13 wherein said means for displaying said image on a display device to demonstrate that said operating system is trusted comprises means for placing said image in a user interface frame for an application managed by said operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nussbaum, Nicholas I., Johnson, Leslie Helena, Benofsky, Laura Posey, Roberts, Paul Cador, Holt, William Gifford, Bryant, Madeline Jinx
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US11/123,779
Publication Number

US 20060253706A1
Time in Patent Office

1,537 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/52   during program execution, e...

G06F 21/6209   to a single file or object,...

Systems and methods for demonstrating authenticity of a virtual machine using a security image

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for demonstrating authenticity of a virtual machine using a security image

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links