| 发明名称 |
Self regulation of the subject of attestation |
| 摘要 |
Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication. |
| 申请公布号 |
US8880667(B2) |
申请公布日期 |
2014.11.04 |
| 申请号 |
US201113024288 |
申请日期 |
2011.02.09 |
| 申请人 |
Microsoft Corporation |
发明人 |
Novak Mark F.;Thom Stefan;Tor Yair;Efron Alexey;Ortal Amos |
| 分类号 |
G06F15/173;H04L29/06;G06F21/64;G06F21/57 |
主分类号 |
G06F15/173 |
| 代理机构 |
|
代理人 |
Tabor Ben;Chinagudabha Raghu;Minhas Micky |
| 主权项 |
1. A method implemented within a self-regulating attestation client computing system and that includes one or more processors and memory storing instructions which, when executed by the one or more processors, implement the method for using a certificate of health from an attestation service to authenticate that the self-regulating attestation client computing system is currently healthy upon request, the method comprising the acts of: the computing system of the attestation client requesting a credential of health from an attestation service, the credential of health from the attestation service comprising a digital certificate or token that is signed by a public cryptographic key provided by the computing system, the request comprising an ordered attestation log as well as a proof of integrity and freshness of the ordered attestation log, the proof of integrity and freshness being implemented by the attestation service to verify the integrity and freshness of the log itself; the computing system receiving the credential of health from the attestation service, the credential of health uniquely identifying the computing system and certifying that the computing system was healthy when the computing system requested the credential of health and that the attestation service trusts the computing system to be healthy each time the computing system authenticates using the credential of health, such that the credential of health is only sent to and received by the computing system in response to the attestation service having verified the past health attestation of the computing system and, upon verifying the past health attestation of the computing system, the ability for the computing system to verify that the computing system will only use the credential of health when the computing system is currently in a healthy state and when the credential of health is not expired; the computing system receiving a request to use the credential of health to authenticate that it is currently healthy; the computing system verifying that it is currently healthy; and the computing system using the credential of health to authenticate that it currently healthy. |
| 地址 |
Redmond WA US |
