Stateless attestation system

摘要

A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level.

主权项

1. A method comprising:
requesting from a user computer access to a service of a first server over a network via a first operating environment; receiving an attestation request from the first server, via the first operating environment, in response to requesting access to the service; sending from the user computer a value of a secure counter, which is incremented during each interaction of the user computer with the first server, to an attestation server to cause the attestation server to verify trustworthiness of the user computer based on the secure counter value; and sending a locally-stored attestation record from the user computer to the first server via a second operating environment in response to the attestation request and in response to the attestation server verifying trustworthiness of the user computer, wherein the second operating environment is isolated from the first operating environment, and wherein the attestation record is stored locally in a secure storage device accessible via the second operating environment; and receiving access to the service in response to the first server verifying the attestation record received from the user computer.