Rollback protection for login security policy

US 9,984,250 B2
Filed: 06/22/2012
Issued: 05/29/2018
Est. Priority Date: 06/22/2012
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

storing, in a storage location in a data storage of a computing device, an encrypted user login metadata set containing state data used to enforce a login policy for the computing device;

registering a counter reading from a remote counter of login attempts in the encrypted user login metadata set, the remote counter stored in a secure location separate from the storage location, wherein the encrypted user login metadata includes a version number based on the counter reading;

determining a lockout state of the encrypted user login metadata set by detecting tampering with the user login metadata set based on a comparison of the counter reading and the version number; and

encrypting the encrypted user login metadata with a second level of encryption in response to determining the lockout state by detecting tampering with the user login metadata set.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.

Citations

19 Claims

1. A machine-implemented method, comprising:
- storing, in a storage location in a data storage of a computing device, an encrypted user login metadata set containing state data used to enforce a login policy for the computing device;
  
  registering a counter reading from a remote counter of login attempts in the encrypted user login metadata set, the remote counter stored in a secure location separate from the storage location, wherein the encrypted user login metadata includes a version number based on the counter reading;
  
  determining a lockout state of the encrypted user login metadata set by detecting tampering with the user login metadata set based on a comparison of the counter reading and the version number; and
  
  encrypting the encrypted user login metadata with a second level of encryption in response to determining the lockout state by detecting tampering with the user login metadata set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - locating the secure location of the remote counter in a present encrypted location of the data storage.
  - 3. The method of claim 2, further comprising:
    - moving the remote counter to a subsequent encrypted location from the present encrypted location.
  - 4. The method of claim 3, further comprising:
    - registering a login attempt as triggering a counter movement of the remote counter to the subsequent encrypted location from the present encrypted location.
  - 5. The method of claim 1, further comprising:
    - registering a monotonic counter reading of a protected monotonic counter as the counter reading of the remote counter.
  - 6. The method of claim 1, further comprising:
    - incrementing a protected monotonic counter upon a login attempt.
  - 7. The method of claim 1, further comprising:
    - incrementing a protected monotonic counter upon an unsuccessful login attempt.
  - 8. The method of claim 1, further comprising:
    - updating the encrypted user login metadata set when incrementing a protected monotonic counter.
  - 9. The method of claim 1, further comprising:
    - identifying a protected monotonic counter for an operating system using a boot configuration data set.

10. A non-transitory computer-readable medium storing instructions, that when executed by one or more processors, cause the one or more processors to perform a method, comprising:
- storing, in a storage location in a computing device, an encrypted user login metadata set containing state data used to enforce a login policy for the computing device;
  
  protecting the encrypted user login metadata set using a protected module having hardware anti-hammering protections built in to protect against attempts to unseal protected data;
  
  registering a counter reading from a remote counter of login attempts in the encrypted user login metadata set, the remote counter stored in a secure location separate from the storage location, wherein the encrypted user login metadata includes a version number based on the counter reading;
  
  determining a lockout state of the encrypted user login metadata set by detecting a rollback attack using the protected module based on a comparison of the counter reading and the version number; and
  
  encrypting the encrypted user login metadata with a second level of encryption in response to determining the lockout state by detecting tampering with the user login metadata set.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The non-transitory computer-readable medium of claim 10, wherein registering the counter reading comprises:
    - registering a secure counter reading of a secure counter stored in a secure variable protected by the protected module.
  - 12. The non-transitory computer-readable medium of claim 11, wherein the method further comprises:
    - storing a secure timestamp with the secure variable having the secure counter.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the method further comprises:
    - signing the secure timestamp with a private key of the protected module.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the method further comprises:
    - locating the secure location of the remote counter in a present encrypted location of the data storage;
      
      registering a login attempt as triggering a counter movement of the remote counter to a subsequent encrypted location from the present encrypted location; and
      
      moving the remote counter to the subsequent encrypted location from the present encrypted location.
  - 15. The non-transitory computer-readable medium of claim 10, wherein the method further comprises:
    - registering a monotonic counter reading of a protected monotonic counter of login attempts stored in the protected module.
  - 16. The non-transitory computer-readable medium of claim 15, wherein the method further comprises:
    - incrementing the protected monotonic counter upon a login attempt.

17. A computing device, comprising:
- a protected hardware module having hardware anti-hammering protections built in to protect against attempts to unseal protected data configured to execute a protected monotonic counter of login attempts;
  
  a hardware data storage configured to store an integrity protected data set having a version number created from a monotonic counter reading from the protected monotonic counter, wherein the monotonic counter reading is stored in a secure location separate from the hardware data storage; and
  
  a hardware processor configured to execute;
  
  a lockout application programming interface to determine a lockout state by detecting a rollback attack based in part on a comparison of the version number to a lockout counter reading of the protected monotonic counter, anda lockout driver to adjust the lockout state of the integrity protected data set from unlocked to locked in response to determining the lockout state by detecting tampering with the integrity protected data set by applying a second level of encryption to the integrity protected data set.
- View Dependent Claims (18, 19)
- - 18. The computing device of claim 17, wherein the integrity protected data set is at least one of a user login metadata set, a user account, and an application trial period.
  - 19. The computing device of claim 17, wherein the lockout driver is configured to:
    - locate the secure location of the monotonic counter reading in a present encrypted location of the data storage;
      
      register a login attempt as triggering a counter movement of the monotonic counter reading to a subsequent encrypted location from the present encrypted location; and
      
      move the monotonic counter reading to the subsequent encrypted location from the present encrypted location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Nick, Benjamin, Nystrom, Magnus, Basmov, Innokentiy, Novotney, Peter, Grass, Michael
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US13/531,481
Publication Number

US 20130346757A1
Time in Patent Office

2,167 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/6245 Protecting personal data, e...

Rollback protection for login security policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Rollback protection for login security policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links