Verifying the security of a remote server
First Claim
Patent Images
1. A machine-implemented method, comprising:
- generating a server component log recording an operating system component of a secure server during a boot operation;
sending the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component;
receiving in the secure server a signed trusted credential from the attestation service validating the secure server as trustworthy to a client device seeking access based on the comparison;
protecting the signed trusted credential in the server secure module to prevent decryption of the signed trusted credential outside the secure server;
proving possession of the signed trusted credential to ensure any data exchange with the client device is secure;
receiving a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session; and
displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key,wherein displaying the proximity challenge comprises;
receiving an encrypted user login credential from the client device;
decrypting the encrypted user login credential using the client session key;
receiving a client personal identification number input by the user;
decrypting the encrypted user login credential with the client personal identification number; and
allowing the client device to login to the secure server based on the user login credential being decrypted twice.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.
33 Citations
17 Claims
-
1. A machine-implemented method, comprising:
-
generating a server component log recording an operating system component of a secure server during a boot operation; sending the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component; receiving in the secure server a signed trusted credential from the attestation service validating the secure server as trustworthy to a client device seeking access based on the comparison; protecting the signed trusted credential in the server secure module to prevent decryption of the signed trusted credential outside the secure server; proving possession of the signed trusted credential to ensure any data exchange with the client device is secure; receiving a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session; and displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key, wherein displaying the proximity challenge comprises; receiving an encrypted user login credential from the client device; decrypting the encrypted user login credential using the client session key; receiving a client personal identification number input by the user; decrypting the encrypted user login credential with the client personal identification number; and allowing the client device to login to the secure server based on the user login credential being decrypted twice. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory machine-readable medium having a set of instructions detailing a method stored thereon that when executed by one or more processors cause the one or more processors to perform the method, the method comprising:
-
sending an access request from a client device to a secure server; receiving from the secure server a signed trusted credential provided by a trusted third party performing as an attestation service validating the secure server as trustworthy based on a comparison of a recorded state of an operating system component of a secure server to a server component log recording the operating system component during a boot operation, the signed trusted credential protected by a server secure module at the secure server; ensuring any data exchange with the secure server is secure by having the secure server prove possession of the signed trusted credential; generating a client session key with a client secure module, the client session key being encrypted with the trusted credential and being used for communications of a trusted session; and displaying a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key, wherein displaying the proximity challenge comprises; randomly generating a client personal identification number; displaying the client personal identification number to a user; encrypting a user login credential using the client personal identification number; encrypting the user login credential further with the client session key; and sending the twice encrypted user login credential to the secure server. - View Dependent Claims (11, 12, 13)
-
-
14. A secure server, comprising:
-
at least one processor configured to generate a server component log recording an operating system component during a boot operation; a communication interface configured to; send the server component log signed by a server secure module to a trusted third party performing as an attestation service to execute a comparison of the server component log to a recorded state of the operating system component, receive a signed trusted credential from the attestation service validating the secure server as trustworthy, respond to an access request from a client device with an access response signed by the signed trusted credential to prove possession of the signed trusted credential to ensure any data exchange with the client device is secure, and receive a client session key encrypted with the trusted credential from the client device, the client session key being used for communications of a trusted session; a server secure module configured to protect the signed trusted credential and an operating system boot path to prevent decryption of the signed trusted credential outside the secure server; and a display configured to present a proximity challenge to a user as a validation of the trusted session executed at close proximity between the user device and the secure server upon establishing the trusted session, wherein the proximity challenge is communicated between the client device and the secure server encrypted by the client session key, wherein the communication interface is further configured to; receive an encrypted user login credential from the client device; decrypt the encrypted user login credential using the client session key; receiving a client personal identification number input by the user; decrypt the encrypted user login credential with the client personal identification number; and allow the client device to login to the secure server based on the user login credential being decrypted twice. - View Dependent Claims (15, 16, 17)
-
Specification