System and method of a trusted computing operation mode

US 9,565,168 B1
Filed: 05/05/2015
Issued: 02/07/2017
Est. Priority Date: 05/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method of establishing hardware assisted trust to a communication server that does not utilize hardware assisted trust, comprising:

checking, by a secure application of a first server, for a message that requests for establishment of a secure communication link between the first server and a different server, wherein the secure application is executed on a first processor of a plurality of processors of the first server, and wherein the message is directed from the different server to the secure application of the first server;

finding, by the secure application, the message that requests establishment of the secure communication link;

responsive to finding the message, sending, by the secure application, a request to an operating system to suspend each of the plurality of processors except for the first processor;

responsive to finding the message, sending, by the secure application, a request to the operating system to suspend a process that is executing on the first processor;

conducting, by the secure application, a communication session with the different server;

responsive to conducting the communication session, sending, by the secure application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and

responsive to conducting the communication session, sending, by the secure application, a request to the operating system to resume execution of the process that was suspended on the first processor.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security monitor processing server is disclosed. The server comprises a plurality of processors, a memory, and a security monitor application that, when executed by a first processor checks for a message that requests establishment of a secure communication link between a different server and the server directed to it by the different server. The application sends a request to an operating system (OS) to suspend functionality of the other processors except for the first processor. The application sends a request to the OS to suspend a process executing on the first processor. The application conducts a communication session with the different server. The application, responsive to completion of the communication session sends a request to the OS to allow the other processors to resume functionality. The application sends a request to the OS to resume execution of the suspended process on the first processor.

93 Citations

View as Search Results

20 Claims

1. A method of establishing hardware assisted trust to a communication server that does not utilize hardware assisted trust, comprising:
- checking, by a secure application of a first server, for a message that requests for establishment of a secure communication link between the first server and a different server, wherein the secure application is executed on a first processor of a plurality of processors of the first server, and wherein the message is directed from the different server to the secure application of the first server;
  
  finding, by the secure application, the message that requests establishment of the secure communication link;
  
  responsive to finding the message, sending, by the secure application, a request to an operating system to suspend each of the plurality of processors except for the first processor;
  
  responsive to finding the message, sending, by the secure application, a request to the operating system to suspend a process that is executing on the first processor;
  
  conducting, by the secure application, a communication session with the different server;
  
  responsive to conducting the communication session, sending, by the secure application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and
  
  responsive to conducting the communication session, sending, by the secure application, a request to the operating system to resume execution of the process that was suspended on the first processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the communication session between the secure application and the different server takes place at intermittent time lengths.
  - 3. The method of claim 2, wherein the intermittent time lengths of the execution of the communication session are a second, five seconds, ten seconds, and thirty seconds.
  - 4. The method of claim 1, wherein the secure application checks for messages from the different server every second, ten seconds, thirty seconds, and every minute.
  - 5. The method of claim 1, wherein there are at least four processors in the plurality of processors.
  - 6. The method of claim 1, wherein the secure application executes on any processor of the plurality of processors.
  - 7. The method of claim 1, wherein the different server sends a security token, a personal identification number (PIN), or a passcode so that it is validated for communication with the secure application.

8. A method of establishing trust between a first communication server without hardware assisted trust and a second communication server with hardware assisted trust, comprising:
- checking, by a security monitor application of a first server, for a message from a second server that requests establishment of a secure communication link between the first server and the second server, wherein the security monitor application is executed on a first processor of a plurality of processors on the first server, wherein the message is directed to a secure application that also executes on the first processor of the first server, and wherein the message is from the second server;
  
  finding, by the security monitor application, the message that requests establishment of the secure communication link;
  
  responsive to finding the message, sending, by the security monitor application, a request to an operating system to suspend each of the plurality of processors except for the first processor, wherein the security monitor application receives the message and a security token from the second server, and wherein the security token identifies the second server as a secure server that is trusted;
  
  responsive to finding the message, sending, by the security monitor application, a request to the operating system to suspend a process that is executing on the first processor;
  
  invoking, by the security monitor application sending a request to the operating system, a secure application that executes on the first processor;
  
  sending, by the security monitor application, the message to the secure application;
  
  engaging, by the secure application, in a communication session with the second server in response to the second server being identified as a secure server that is trusted based on the security token received by the security monitor application;
  
  receiving, by the security monitor application, a message from the secure application that indicates to the security monitor application the communication session with the second server has finished;
  
  stopping, by the security monitor application, the secure application from executing on the first processor, wherein the security monitor application sends a request to the operating system to stop execution of the secure application, and wherein the secure application becomes dormant in response to the request to stop execution until re-invoked;
  
  sending, by the security monitor application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and
  
  sending, by the security monitor application, a request to the operating system to resume execution of the process that was suspended on the first processor.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the security monitor application becomes dormant while the secure application communicates directly with the second server.
  - 10. The method of claim 8, wherein the security monitor application acts as an intermediary between the secure application and the second server during the communication session.
  - 11. The method of claim 8, wherein the security monitor application checks for a request for communication from the second server every second, every ten seconds, every thirty seconds, and every minute.
  - 12. The method of claim 8, wherein the second server sends a security token, personal identification number (PIN), or passcode to the security monitor application so that the security monitor application can validate the second server.
  - 13. The method of claim 8, wherein the security monitor application is able to send the content of the two messages sent at the end of the communication session in one message.

14. A server, comprising;
- a plurality of processors,a non-transitory memory, anda security monitor application stored in the non-transitory memory, that when executed by a first processor of the plurality of processors,checks for a message from a different server, wherein the message requests establishment of a secure communication link between the different server and the security monitor application,finds the message that requests establishment of the secure communication link between the different server and the security monitor application,responsive to finding the message, sends a request to an operating system executing on the server to suspend functionality of each of the plurality of processors except for the first processor,responsive to finding the message, sends a request to the operating system to suspend a process that is executing on the first processor,conducts a communication session with the different server,responsive to conducting the communication session, sends a request to the operating system to allow each of the plurality of processors that were suspended to resume functionality, andresponsive to conducting the communication session, sends a request to the operating system to resume execution of the process that was suspended on the first processor.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The server of claim 14, wherein the security monitor application provides a trusted environment for trusted communication.
  - 16. The server of claim 14, wherein the operating system enters a secure state where only the operating system and the security monitor application executes.
  - 17. The server of claim 16, wherein only the security monitor application may initiate the operating system'"'"'s exit from the secure state.
  - 18. The server of claim 14, wherein the security monitor application checks for messages at predetermined intervals of time that include every second, every ten seconds, every 30 seconds, and every minute.
  - 19. The server of claim 14, wherein there are at least four processors in the plurality of processors.
  - 20. The server of claim 14, wherein the security monitor application executes on any one of the plurality of processors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Marquardt, Ronald R., Paczkowski, Lyle W., Rajagopal, Arun
Primary Examiner(s)
Cervetti, David Garca

Application Number

US14/703,885
Time in Patent Office

644 Days
Field of Search

726/3, 726/1, 726/12, 726/9, 726/22, 726/5, 726/6, 726/7, 726/8, 726/29, 713/171, 713/156, 713/151, 713/152, 713/160, 713/166, 713/182, 380/270, 380/255
US Class Current

1/1
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/083 using passwords cryptograph...

System and method of a trusted computing operation mode

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of a trusted computing operation mode

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links