Verifying the security of a remote server

US 9,998,438 B2
Filed: 10/23/2013
Issued: 06/12/2018
Est. Priority Date: 10/23/2013
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

generating a server component log recording an operating system component of a secure server during a boot operation;

sending the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component;

receiving in the secure server a signed trusted credential from the attestation service validating the secure server as trustworthy to a client device seeking access based on the comparison;

protecting the signed trusted credential in the server secure module to prevent decryption of the signed trusted credential outside the secure server;

proving possession of the signed trusted credential to ensure any data exchange with the client device is secure;

receiving a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session; and

displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key,wherein displaying the proximity challenge comprises;

receiving an encrypted user login credential from the client device;

decrypting the encrypted user login credential using the client session key;

receiving a client personal identification number input by the user;

decrypting the encrypted user login credential with the client personal identification number; and

allowing the client device to login to the secure server based on the user login credential being decrypted twice.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.

33 Citations

View as Search Results

17 Claims

1. A machine-implemented method, comprising:
- generating a server component log recording an operating system component of a secure server during a boot operation;
  
  sending the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component;
  
  receiving in the secure server a signed trusted credential from the attestation service validating the secure server as trustworthy to a client device seeking access based on the comparison;
  
  protecting the signed trusted credential in the server secure module to prevent decryption of the signed trusted credential outside the secure server;
  
  proving possession of the signed trusted credential to ensure any data exchange with the client device is secure;
  
  receiving a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session; and
  
  displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key,wherein displaying the proximity challenge comprises;
  
  receiving an encrypted user login credential from the client device;
  
  decrypting the encrypted user login credential using the client session key;
  
  receiving a client personal identification number input by the user;
  
  decrypting the encrypted user login credential with the client personal identification number; and
  
  allowing the client device to login to the secure server based on the user login credential being decrypted twice.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - generating a trusted credential to be sent to the attestation service for signature.
  - 3. The method of claim 1, further comprising:
    - preventing access to the signed trusted credential if an operating system component is compromised.
  - 4. The method of claim 1, further comprising:
    - sending an access response signed by the signed trusted credential in response to an access request from the client device.
  - 5. The method of claim 1, further comprising:
    - establishing the trusted session with the client device using the signed trusted credential.
  - 6. The method of claim 1, further comprising:
    - receiving a login credential encrypted by a client session key from the client device.
  - 7. The method of claim 1, wherein displaying the proximity challenge comprises:
    - encrypting an image with the client session key;
      
      sending the encrypted image to the client device; and
      
      displaying the image to a user.
  - 8. The method of claim 1, further comprising:
    - contacting an identity provider service with a user identifier from the client device.
  - 9. The method of claim 1, further comprising:
    - retrieving a challenge encrypted by an identity public key stored with an identity provider service.

10. A non-transitory machine-readable medium having a set of instructions detailing a method stored thereon that when executed by one or more processors cause the one or more processors to perform the method, the method comprising:
- sending an access request from a client device to a secure server;
  
  receiving from the secure server a signed trusted credential provided by a trusted third party performing as an attestation service validating the secure server as trustworthy based on a comparison of a recorded state of an operating system component of a secure server to a server component log recording the operating system component during a boot operation, the signed trusted credential protected by a server secure module at the secure server;
  
  ensuring any data exchange with the secure server is secure by having the secure server prove possession of the signed trusted credential;
  
  generating a client session key with a client secure module, the client session key being encrypted with the trusted credential and being used for communications of a trusted session; and
  
  displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key,wherein displaying the proximity challenge comprises;
  
  randomly generating a client personal identification number;
  
  displaying the client personal identification number to a user;
  
  encrypting a user login credential using the client personal identification number;
  
  encrypting the user login credential further with the client session key; and
  
  sending the twice encrypted user login credential to the secure server.
- View Dependent Claims (11, 12, 13)
- - 11. The non-transitory machine-readable medium of claim 10, wherein the method further comprises:
    - registering the client session key generated by the client secure module with the secure server.
  - 12. The non-transitory machine-readable medium of claim 10, wherein displaying the proximity challenge comprises:
    - receiving an encrypted image from the secure server;
      
      decrypting the encrypted image using the client session key; and
      
      displaying the decrypted image.
  - 13. The non-transitory machine-readable medium of claim 10, wherein the method further comprises:
    - registering an identity public key and a policy with an identity provider service.

14. A secure server, comprising:
- at least one processor configured to generate a server component log recording an operating system component during a boot operation;
  
  a communication interface configured to;
  
  send the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component,receive a signed trusted credential from the attestation service validating the secure server as trustworthy,respond to an access request from a client device with an access response signed by the signed trusted credential to prove possession of the signed trusted credential to ensure any data exchange with the client device is secure, andreceive a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session;
  
  a server secure module configured to protect the signed trusted credential and an operating system boot path to prevent decryption of the signed trusted credential outside the secure server; and
  
  a display configured to present a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key,wherein the communication interface is further configured to;
  
  receive an encrypted user login credential from the client device;
  
  decrypt the encrypted user login credential using the client session key;
  
  receiving a client personal identification number input by the user;
  
  decrypt the encrypted user login credential with the client personal identification number; and
  
  allow the client device to login to the secure server based on the user login credential being decrypted twice.
- View Dependent Claims (15, 16, 17)
- - 15. The secure server of claim 14,wherein the display is configured to present at least one of an image and a personal identification number to a user as part of the proximity challenge.
  - 16. The secure server of claim 14, further comprising:
    - a user input configured to receive a client personal identification number input by the user.
  - 17. The secure server of claim 14, wherein the at least one processor is further configured to decrypt an encrypted user login credential with the client session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sinha, Saurav, Kannan, Gopinathan, Ide, Nathan, Corey, Shawn, Ureche, Tony
Primary Examiner(s)
Shiferaw, Eleni A
Assistant Examiner(s)
Lapian, Alexander R

Application Number

US14/061,621
Publication Number

US 20150113618A1
Time in Patent Office

1,693 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

G06F 2221/2133   Verifying human interaction...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

H04L 9/3263   involving certificates, e.g...

Verifying the security of a remote server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying the security of a remote server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links