USOO7305561B2
`
`(12) United States Patent
`Hunt et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,305,561 B2
`Dec. 4, 2007
`
`(54) ESTABLISHING COMPUTING TRUST WITH
`A STAGING AREA
`
`(75) Inventors: Galen C. Hunt, Bellevue, WA (US);
`Jeff Simon, Redmond, WA (US)
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`0
`-
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 793 days.
`
`(*) Notice:
`
`(21) Appl. No.: 10/853,939
`
`(22) Filed:
`
`May 25, 2004
`
`(65)
`
`Prior Publication Data
`US 2005/O24677O A1
`Nov. 3, 2005
`
`9, 1998 Draves
`5,802,590 A
`9/1998 Fortinsky
`5,815,574 A
`5,818,937 A 10, 1998 Watson
`285. A ck AS S. r T10.64
`W - 4
`onnson et al.
`6,073, 183 A
`6/2000 Slonim ....................... T19,310
`88. A 38 by et al.
`6,167,515 A 12/2000 Lin
`6,185.308 B1
`2/2001 Ando et al.
`6,215,877 B1
`4/2001 Matsumoto
`6,215,878 B1
`4/2001 Harkins
`6,236,729 B1
`5/2001 Takaragi et al.
`6,311,270 B1
`10/2001 Challener et al.
`6,367,010 B1
`4/2002 Venkatram et al.
`6,408,390 B1
`6/2002 Saito
`(Conti
`ontinued)
`FOREIGN PATENT DOCUMENTS
`WO O237748
`5, 2002
`
`WO
`
`Related U.S. Application Data
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`4, 1980 Hellman et al.
`4,200,770 A
`8, 1980 Hellman et al.
`4,218,582 A
`9, 1983 Rivest et al.
`4.405,829 A
`1, 1984 Hellman et al.
`4,424.414 A
`7, 1998 Chen et al.
`5,784,463 A
`5,790,895 A * 8/1998 Krontz et al. ................. T10/64
`
`Secure Data CenterO2
`SECURITY DomAN104
`
`Production ARA
`
`
`
`i
`i
`i
`
`AUTHENTIATION
`server08
`
`23
`
`9
`|
`
`d
`is
`: &
`- -
`i
`Configured
`SPA 106
`
`
`
`
`
`switch 19
`
`SCUre :
`identification
`Processins
`AREA (SPA)
`06
`(CONFIGURED
`And NCLos
`PersisteNT
`IDENTITY)
`
`
`
`
`
`
`
`
`
`
`
`STAGING AREA 120
`
`SIPA 16
`BEING
`CONFIGURED
`
`OTHER PUBLICATIONS
`Schneier, Bruce, "Applied Cryptography Protocols, Algorithms and
`Source Code in C. Second Edition', 1996, John Wiley & Sons, Inc.,
`(63) yof application No. 10/837,419, filed on
`New York, p. 461, pp. 466-468, pp. 513-514.
`pr. 3U,
`(Continued)
`(51) Int. Cl.
`(2006.01)
`G06F I/24
`(52) U.S. Cl. ....................... 713/182; 713/189: 713/193 Egila", by R.
`(58) Field of Classification Search ................ 713/182,
`y, Agent,
`713/189, 193
`(sz)
`ABSTRACT
`See application file for complete search history.
`A technique is provided for admitting to a staging area a
`References Cited
`computing device. Information related to a persistent iden
`tity that is located in the computing device at the staging area
`is ascertained. The computing device can be substantially
`authenticated to a protected production network based on the
`information related to the persistent identity acquired in the
`staging area.
`
`Haves. PLLC
`yes,
`
`43 Claims, 14 Drawing Sheets
`
`IPR2020-01218
`Sony EX1023 Page 1
`
`
`
`(12) United States Patent
`Hunt et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,305,561 B2
`Dec. 4, 2007
`
`(54) ESTABLISHING COMPUTING TRUST WITH
`A STAGING AREA
`
`(75) Inventors: Galen C. Hunt, Bellevue, WA (US);
`Jeff Simon, Redmond, WA (US)
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`0
`-
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 793 days.
`
`(*) Notice:
`
`(21) Appl. No.: 10/853,939
`
`(22) Filed:
`
`May 25, 2004
`
`(65)
`
`Prior Publication Data
`US 2005/O24677O A1
`Nov. 3, 2005
`
`9, 1998 Draves
`5,802,590 A
`9/1998 Fortinsky
`5,815,574 A
`5,818,937 A 10, 1998 Watson
`285. A ck AS S. r T10.64
`W - 4
`onnson et al.
`6,073, 183 A
`6/2000 Slonim ....................... T19,310
`88. A 38 by et al.
`6,167,515 A 12/2000 Lin
`6,185.308 B1
`2/2001 Ando et al.
`6,215,877 B1
`4/2001 Matsumoto
`6,215,878 B1
`4/2001 Harkins
`6,236,729 B1
`5/2001 Takaragi et al.
`6,311,270 B1
`10/2001 Challener et al.
`6,367,010 B1
`4/2002 Venkatram et al.
`6,408,390 B1
`6/2002 Saito
`(Conti
`ontinued)
`FOREIGN PATENT DOCUMENTS
`WO O237748
`5, 2002
`
`WO
`
`Related U.S. Application Data
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`4, 1980 Hellman et al.
`4,200,770 A
`8, 1980 Hellman et al.
`4,218,582 A
`9, 1983 Rivest et al.
`4.405,829 A
`1, 1984 Hellman et al.
`4,424.414 A
`7, 1998 Chen et al.
`5,784,463 A
`5,790,895 A * 8/1998 Krontz et al. ................. T10/64
`
`Secure Data CenterO2
`SECURITY DomAN104
`
`Production ARA
`
`
`
`i
`i
`i
`
`AUTHENTIATION
`server08
`
`23
`
`9
`|
`
`d
`is
`: &
`- -
`i
`Configured
`SPA 106
`
`
`
`
`
`switch 19
`
`SCUre :
`identification
`Processins
`AREA (SPA)
`06
`(CONFIGURED
`And NCLos
`PersisteNT
`IDENTITY)
`
`
`
`
`
`
`
`
`
`
`
`STAGING AREA 120
`
`SIPA 16
`BEING
`CONFIGURED
`
`OTHER PUBLICATIONS
`Schneier, Bruce, "Applied Cryptography Protocols, Algorithms and
`Source Code in C. Second Edition', 1996, John Wiley & Sons, Inc.,
`(63) yof application No. 10/837,419, filed on
`New York, p. 461, pp. 466-468, pp. 513-514.
`pr. 3U,
`(Continued)
`(51) Int. Cl.
`(2006.01)
`G06F I/24
`(52) U.S. Cl. ....................... 713/182; 713/189: 713/193 Egila", by R.
`(58) Field of Classification Search ................ 713/182,
`y, Agent,
`713/189, 193
`(sz)
`ABSTRACT
`See application file for complete search history.
`A technique is provided for admitting to a staging area a
`References Cited
`computing device. Information related to a persistent iden
`tity that is located in the computing device at the staging area
`is ascertained. The computing device can be substantially
`authenticated to a protected production network based on the
`information related to the persistent identity acquired in the
`staging area.
`
`Haves. PLLC
`yes,
`
`43 Claims, 14 Drawing Sheets
`
`IPR2020-01218
`Sony EX1023 Page 1
`
`
`
`US 7,305.561 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`6.424,718 B1
`7/2002 Holloway
`6.463,536 B2 10/2002 Saito
`6,578,144 B1
`6/2003 Gennaro et al.
`6,640.303 B1 10/2003 Vu
`6,678,821 B1
`1/2004 Waugh et al.
`8/2001 Baltzley
`2001/0014158 A1
`2001 OO16909 A1
`8/2001 Gehrmann
`2002fOO38421 A1
`3, 2002 Hamada
`7/2002 Branigan
`2002/0090089 A1
`9/2002 Ninomiya
`2002/0131601 A1
`2003/002877O A1
`2/2003 Litwin
`2003. O105963 A1
`6, 2003 Slick
`2003/0217263 A1
`11/2003 Sakai
`
`OTHER PUBLICATIONS
`Clifford, Kahn, “Report on DIMAC Workshop on Trust Manage
`ment’ Online, Mar. 10, 2003, Retrieved from the Internet: URL:
`http://webarchive.orl/web/20030310045643/http://ieee-security.
`org/Cipher/ConfReports/conf-rep-DIMACst.html>, pp. 2-3.
`
`Wen-Chen Wang, “How a SCVP client authenticates the SCVP
`server'. Online Sep. 12, 2003, Retrieved from the Internet:
`URL:http://www.imc.org/ietf-pkixfold-archive-03/msg01323.
`html>, p. 1.
`Moore, D.A., “Network Interoperability Program', MILCOM 97
`Proceedings, vol. 3, pp. 1152-1155, 1997.
`Maughan et al., “Security Associations: Building Blocks for Secure
`Communications'. IEEE Symposium on Computers and Commu
`nications, pp. 157-163, 1995.
`“C.O.B.A.S Centralized Out-Of-Band Authentication System'. QT
`Worldtel Inc., Sep. 8-9, 2003, p. 14.
`"Enhanced IP Services for Cisco Networks', retrieved on Jun. 19,
`2007, at <<http://proguest. Safaribooksonline.com/157870 1066>>.
`Sep. 23, 1999, pp. 11.
`“Pretty Good Privacy PGP for Personal Privacy, Version 5.0 For
`Windows 95 Windows NT, Pretty Good Privacy Inc., 1997, pp.
`137.
`
`* cited by examiner
`
`IPR2020-01218
`Sony EX1023 Page 2
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 1 of 14
`
`US 7,305,561 B2
`
`
`
`
`
`
`
`SECURE
`DENTIFICATION
`PROCESSING
`AREA (SIPA)
`106
`(CONFIGURED
`AND INCLUDES
`PERSISTENT
`IDENTITY)
`
`STAGING AREA 1
`
`
`
`
`
`
`
`SIPA 106
`BEING
`CONFIGURED
`
`Configured
`SIPA 106
`
`SWITCH109
`
`IPR2020-01218
`Sony EX1023 Page 3
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 2 of 14
`
`US 7,305,561 B2
`
`
`
`SECURE DATA CENTER 102
`
`COMPUTING DEVICE 105
`
`SECURE DENTIFICATION
`PROCESSING AREA (SIPA) 106
`
`150
`SOLATED STORAGE PORTION
`152
`PERSISTENT DENTITY 15
`
`MEMORY 134
`
`CENTRAL PROCESSING UNIT
`(CPU) 132
`
`FILES AND/OR FIRMWARE 138
`
`KEY(S) 158
`
`lNPUTIOUTPUT PORTION 136
`
`TRUSTED DOMAIN PUBLIC
`CERTIFICATE 156
`
`PRIVATE VLAN
`
`BOOT SERVER
`116
`
`SECURTITY DOMAIN
`CONTROLLER 115
`
`AUTHENTICATION
`SERVER 108
`
`PERSISTENT ACCOU
`NT
`113
`-au
`SECURITY DOMAIN 104
`
`199
`
`PRODUCTION VLAN
`CERTIFICATE
`AUTHORITY (OPTIONAL)
`110
`
`AUTOMATED
`DEPLOYMENT SERVICE
`119
`
`FIREWALL 112
`
`IPR2020-01218
`Sony EX1023 Page 4
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 3 of 14
`
`US 7,305,561 B2
`
`SWITCH
`A-TASSEMBLY 111
`
`AUTHENTICATION
`SERVER 108
`
`PORT
`302(1)
`WTH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`PXE/DHCP
`BOOT
`SERVER 116
`
`PORT 302(4)
`WITH NO
`FILTER
`
`PORT
`
`WITH FILTER
`
`BOOT CLIENT
`WTH SPA
`304
`
`
`
`COMPUTING DEVICE
`BLOB 1200
`TRUSTED DOMAIN
`PUBLC
`CERTIFICATE
`156
`
`COMPUTING
`DEVICE PUBLIC
`CERTIFICATE
`159
`
`
`
`SOLATED STORAGE
`PORTION 214 (FOR
`PERSISTENT DENTITY)
`TRUSTED DOMAIN
`PUBLIC CERTIFICATE
`156
`
`COMPUTING DEVICE
`PUBLIC CERTIFICATE
`159
`
`PRIVATE KEY NOT
`EXPORTED, IMPORTED,
`OR VIEWABLE OUTSIDE
`OF CRYPTOGRAPHIC
`PROCESSOR
`
`SPA PRIVATE
`KEY 157
`
`22, 15
`
`IPR2020-01218
`Sony EX1023 Page 5
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 4 of 14
`
`US 7,305,561 B2
`
`- a was is - EcoS
`
`CLIENT WITH
`SIPA
`304
`
`
`
`
`
`ROGUE
`SERVER 199
`
`A.
`
`2 6%,
`
`4.
`
`SWITCH
`
`PORT
`302(B2
`WITH FILTER
`
`PORT
`302(BN)
`WITH FLTER
`
`Securipown
`
`
`
`PORT
`302(B1)
`WITH FILTER
`
`302(B3
`WITH NO
`FILTER
`
`PXE/DHCP
`BOOT
`SERVER 116
`
`BOOT CLIENT
`WITH SIPA
`
`PORT
`302(AN
`WITH FILTER
`
`PORT
`302(A2)
`WITH FLTER
`
`
`
`
`
`CLENT
`WTH SIPA
`
`BOOT CLIENT
`WTH SPA
`
`302(C1)
`WITH FILTER
`
`302(C2)
`WTH FILTER
`
`
`
`BOOT CLIENT
`WITH SPA
`
`PORT
`302(A5)
`WITH FLTER
`
`AUTHENTICATION
`SERVER 108
`
`PORT
`302(A3)
`WITH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`PORT
`302(CN)
`WITH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`IPR2020-01218
`Sony EX1023 Page 6
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 5 of 14
`
`US 7,305,561 B2
`
`COMPUTING DEVICE SEEKS AUTHENTICATION BY SECURITY DOMAIN
`
`502
`
`SECURITY DOMAIN CONSIDERS AUTHENTICATION REQUEST, AND
`EITHER GRANTS OR REJECTS REQUEST
`
`IF AUTHENTICATION REQUEST GRANTED, COMPUTING
`DEVICE JOINS SECURITY DOMAIN
`
`504
`
`506
`
`Y-500
`
`4. 702
`
`
`
`AUTHENTICATION SERVER CHALLENGES COMPUTING DEVICE, THE
`AUTHENTICATION SERVER THEN SENDS CHALLENGE TO COMPUTING DEVICE
`
`7O6
`
`COMPUTING DEVICE DECRYPTS CHALLENGE USNG PRIVATE KEY WITH
`SOLATED PROCESSING TO YIELD CHALLENGE RESPONSE. COMPUTING
`DEVICE THEN SENDS RESPONSE ENCRYPTED USING PUBLIC KEY OF TRUSTED
`DOMAIN BACK TO AUTHENTICATION SERVER.
`
`708
`
`AUTHENTICATION SERVER THEN PERFORMS COMPARE, IF SATISFIED, THEN
`COMPUTING DEVICE IS AUTHENTICATED
`
`71O
`
`22, 7
`
`704
`
`Y-700
`
`IPR2020-01218
`Sony EX1023 Page 7
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 6 of 14
`
`US 7,305,561 B2
`
`
`
`
`
`602
`
`- 600
`
`OPERATIONS
`PERFORMED IN
`COMPUTING DEVICE BY
`INTERFACING USING
`ETHER PRIVATE VLAN
`V2 OR PRODUCTION
`VLANV
`
`
`
`
`
`
`
`610
`
`IS ACCESS
`GRANTED TO COMPUTING DEVICE
`TO USE RESOURCE WITHIN SECURITY
`DOMAIN?
`
`NO
`
`612
`RESOURCE
`REQUEST FAILS
`
`
`
`
`
`
`
`DOES COMPUTING DEVICE
`NEED ACCESS TO ADDITIONAL RESOURCE(s)
`WTHIN SECURITY DOMAIN?
`
`
`
`NO
`
`618
`
`END
`
`IPR2020-01218
`Sony EX1023 Page 8
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 7 of 14
`
`US 7,305,561 B2
`
`SECURITY DOMAIN RECEIVES ACCESS REQUEST FROM
`COMPUTING DEVICE (FROM 606 IN FIG. 6a)
`
`- 630
`
`632
`
`SECURITY DOMAIN ATTEMPTS TO
`VALIDATEACCESS REQUEST
`
`634
`
`IS ACCESS REQUEST VALID?
`
`SECURITY DOMAIN GRANTS ACCESS TO
`RESOURCE FOR COMPUTING DEVICE
`
`
`
`
`
`SECURITY DOMAIN DENIES ACCESS TO
`RESOURCE FOR COMPUTING DEVICE
`
`640
`
`SECURITY DOMAIN SENDS ACCESS RESPONSE (EITHER
`GRANT OR DENIAL) To COMPUTING DEVICE (To 616 INFIG.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1023 Page 9
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 8 of 14
`
`US 7,305,561 B2
`
`LINK LAYER SEGMENT (STAGING AREA) 808
`COMPUTING DEVICE ACCESSESLINK-LAYER
`NETWORK OF STAGING AREA
`
`t
`|
`|
`||
`|
`- - - - - - - - - - - - - - - - - - - - - -
`
`
`
`|
`
`COMPUTING
`DEVICE PLACED
`IN STAGING
`AREA AND
`RESET WITH
`CONNECTION
`TO STAGING
`AREA
`
`I
`
`:
`
`I
`
`DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
`SEGMENT (STAGING AREA) 810
`
`- -
`
`834
`
`838
`
`
`
`:
`|
`
`!
`
`840
`
`
`
`COMPUTING DEVICE CONFIGURESTCP/IP NETWORK
`ACKNOWLEDGEMENT TO USE DESIGNATED PADDRESS
`:- - - - - - - - - - - - - - - - - - - - - -
`O
`
`!-------------------------------------------------------
`Y-802
`
`Y-800
`
`IPR2020-01218
`Sony EX1023 Page 10
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 9 of 14
`
`US 7,305,561 B2
`
`PREbooi Execution (PXE)
`SEGMENT 812 (STAGING AREA)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) Boot REQUEST
`
`
`
`COMPUTING
`DEVICE PLACED
`IN STAGING
`- AREA AND
`RESET WITH
`842 CONNECTION
`TO STAGING
`AREA
`
`
`
`
`
`T STAGING OPERATING SYSTEM
`SEGMENT 814 (STAGING AREA)
`STAGING OPERATING SYSTEM ON COMPUTING DEVICE ASKS SPA TO
`GENERATE PUBLIC/PRIVATE KEY PAIR, RETRIEVE PUBLIC KEY, AND
`CREATE CERTIFICATE RECUEST CONTAINING THE PUBLIC KEY
`
`
`
`IPR2020-01218
`Sony EX1023 Page 11
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 10 of 14
`
`US 7,305,561 B2
`
`
`
`:
`
`:
`
`:
`
`LINK LAYERAUTHENTICATION SEGMENT 904
`(PRODUCTION NETWORK)
`
`914
`
`COMPUTING
`DEVICE MOVED
`TO PRODUCTION
`NETWORK AND |
`RESET WITH
`CONNECTION To
`PRODUCTION
`NETWORK
`
`THE SWITCHENABLES THE NETWORK PORT
`AND CONNECT TO THE UNRESTRICTED PRODUCTION
`VIRTUAL LOCAL AREA NETWORK (VLAN)
`
`THE COMPUTING DEVICE FINISHES THE CONFIGURATION
`OF THE LINK-LAYER NETWORK iNTERFACE
`
`DYNAMICHOST CONFIGURATION PROTOCOL (DHCP)
`AUTHENTICATION SEGMENT 906 (PRODUCTION NETWORK)
`
`THE COMPUTING DEVICE CONFIGURES THE TCP/IP NETWORK
`WITH ACKNOWLEDGEMENT TO USE DESIGNATED PADDRESS
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - J
`
`N-gO2
`
`Y-900
`
`IPR2020-01218
`Sony EX1023 Page 12
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 11 of 14
`
`US 7,305,561 B2
`
`-- - - O
`
`-
`
`- um m.
`
`- - - - -
`
`PREBOOT EXECUTION (PXE) AUTHENTICATION
`SEGMENT 907 (PRODUCTION NETWORK)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) Boot REQUEST
`
`- am - -
`
`930
`
`|
`2
`3
`
`934
`
`CENG
`EVICE
`MAINTAINED IN
`PRODUCTION :
`NETWORKAND
`RESET WITH
`CONNECTION To
`PRODUCTION
`NETWORK
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BOOT SERVERVALIDATES PXE BOOT REQUEST
`
`DEPLOYMENT OPERATING SystEMAUTHENTICATION
`SEGMENT 908 (PRODUCTION NETWORK)
`
`Tl
`
`THE DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE
`CREATES REQUEST TO Join VLAN, AND SENDS THE REQUEST TO THE
`SWITCH
`
`THE SWITCH DELIVERS THE EAP/TLS REQUEST TO THE
`AUTHENTICATION SERVER. THE AUTHENTCATION SERVERVALIDATES
`THE COMPUTING DEVICE DENTITY USING PUBLIC AND PRIVATE KEY
`CHALLENGE-RESPONSE
`
`DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE
`CONFIGURES VIRTUAL NETWORKADAPTER THAT IS CONNECTED TO A
`RESTRICTED PRODUCTION VLAN, AND REBOOTS
`
`DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE BOOTS,
`AND CREATES AREQUEST TO JOIN A SECURITY DOMAIN IN
`PRODUCTION VLAN
`
`IPR2020-01218
`Sony EX1023 Page 13
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 12 of 14
`
`US 7,305,561 B2
`
`COMPUTING
`TT PRODUction OPERATING SYSTEMAUTHENicATION T
`IDEVICE MOVED
`SEGMENT 910 (PRODUCTION NETWORK)
`946 TO PRODUCTION
`THE PRODUCTION OPERATING SYSTEM on THE CoMPUTING DEVICEY NETWORKAND
`| BOOTS, AND CREATES AREQUEST TO Join A SECURITY DOMAIN IN
`RESEWTH
`PRODUCTION VLAN
`CNNECTION To
`PRODUCTION
`NETWORK
`|
`
`
`
`:
`
`ASECURITY DOMAIN SERVER VALIDATES THE DENTITY OF THE
`COMPUTING DEVICE VIA PUBLIC/PRIVATE KEY CHALLENGE/
`RESPONSE WITH SPA
`
`950
`THE SECURITY DOMAIN SERVER RETURNS THE SECURITY DOMAINY
`LOGONCREDENTIALS TO COMPUTING DEVICE
`
`
`
`
`
`
`
`:
`
`|
`
`:
`
`:
`
`952
`THE PRODUCTION OPERATING SYSTEM REBOOTS AND USES
`STORED SECURITY DOMAIN LOGONCREDENTIALS TO ACCESS
`RESTRICTED PRODUCTION SECURITY DOMAIN
`- - - -
`- -
`- - - - -
`
`- - -
`
`m - - - - - - - - - -
`- - -
`N 902
`
`SUBSEQUENT
`VIRTUAL
`LANS (OR
`COULD BE
`SAME VLAN)
`
`NITIAL
`VIRTUAL LAN
`(PRIVATE)
`
`DOMAIN JOIN OF OPERATING SYSTEM STAGE 1108
`
`FULL OPERATING SYSTEMSTAGE 1106
`
`DEPLOYMENTAGENT STAGE 1104
`
`PREBOOT EXECUTION (PXE) STAGE 1102
`
`22, 77
`
`Y-- 1:100
`
`IPR2020-01218
`Sony EX1023 Page 14
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 13 of 14
`
`US 7,305,561 B2
`
`1014 COMPUTING
`(PRODUCTION NETWORK)
`T
`DEVICE MOVED
`HE COMPUTER DEVICE ACCESSES THE LINK-LAYER NETWORK
`TO PRODUCTION
`OF THE PRODUCTION NETWORK
`NETWORKAND
`1016 RESET WITH
`|CONNECTION TO
`PRODUCTION
`NETWORK
`
`THE SWITCH DETERMINES THAT THE
`ACCESS TO NETWORK PORT IS VALID
`
`1018
`
`THE SWITCHENABLES THE NETWORK PORT FOR
`COMMUNICATION, BUT DOES NOT CONNECT TO ANY WIRTUAL
`LOCAL AREANETWORK (WLAN)
`
`1020
`THE COMPUTING DEVICE FINISHES THE CONFIGURATION OF THE
`LINK-LAYER NETWORK iNTERFACE
`
`
`
`
`
`
`
`
`
`
`
`DEPLOYMENT OPERATING SYSTEM AUTHENTICATION
`SEGMENT 1008 (PRODUCTION NETWORK)
`THE NETWORK BOOT FRMWARE OF COMPUTING DEVICE CREATES
`REQUEST TO JOIN RESTRICTED PRODUCTION VIRTUAL LOCAL AREA
`NETWORK (VLAN), AND SENDS THE REQUEST TO THE SWITCH
`
`THE SWITCH DELIVERS THE EAPITLS REQUEST TO THE
`AUTHENTICATION SERVER. THE AUTHENTICATION SERVER VALIDATES
`THE COMPUTING DEVICE DENTITY USING KEY CHALLENGE-RESPONSE
`
`THE AUTHENTICATION SERVER INSTRUCTS THE SWITCH TO ENABLE
`PORT ACCESS OF THE COMPUTING DEVICE TO A RESTRICTED
`PRODUCTION VLAN
`
`THE NETWORK BOOT FIRMWARE OF COMPUTING DEVICE CONFIGURES
`NETWORK STACK TO USE THE RESTRICTED PRODUCTION VLAN
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1023 Page 15
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 14 of 14
`
`US 7,305,561 B2
`
`;
`
`I
`
`T DYNAMICHOST CONFIGURATION PROTOCOL (DHCP)
`AUTHENTICATION SEGMENT 1010 (PRODUCTION NETWORK)
`
`NETWORK BOOT FIRMWARE OF COMPUTING DEVICE REQUESTS
`ADDRESS THROUGH DHCP CLIENT PROTOCOL
`
`THE BOOT SERVER ALLOCATES PADDRESS AND PROVIDES
`ADDRESS TO THE COMPUTING DEVICE THROUGH DHCP SERVER
`PROTOCOL
`
`COMPUTING
`DEVICE MoVER
`1030 TO PRODUCTION
`EAP :
`CONNECTION TO
`PRODUCTION
`NETWORK
`
`(THE CoMPUTING Device Configures THE Transfer Control
`PROTOCOL/INTERNET PROTOCOL TCP/IP). NETWORK TO USE
`DESIGNATED PADDRESS
`- - - - - - - - - - - - - - - - - - - - - - -
`
`|
`
`
`
`
`
`PREBoot EXECUTION (PXE) AUTHENTICATION
`SEGMENT 1012 (PRODUCTION NETWORK)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) BooT REQUEST
`
`1040
`
`1042
`
`:
`
`:
`
`10:
`1046
`(NETwork Boot Firmware of CoMPuTiNG Device Downloads
`PXE BOOT LOADER AND STAGING OPERATING SYSTEM FROM
`BOOT SERVER
`
`
`
`:
`
`|
`| |
`I
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`-
`
`TN 1004
`
`Y-1000
`
`IPR2020-01218
`Sony EX1023 Page 16
`
`
`
`1.
`ESTABLISHING COMPUTING TRUST WITH
`A STAGING AREA
`
`This is a continuation of application Ser. No. 10/837,419.
`filed Apr. 30, 2004, entitled “Isolated Persistent Identity 5
`Storage For Authentication of Computing Devices” to
`inventors Hunt et al.
`
`BACKGROUND
`
`10
`
`15
`
`Authenticating a new computing device with respect to an
`existing network is challenging, labor intensive, and is often
`performed manually by sending a trusted employee to the
`location of the computing device. Typically, Such authenti
`cating is performed using a shared secret that is made
`available to the trusted employee. The trusted employee is
`then able to enter the shared secret when the new computing
`device is coupled to the network, and also possibly when
`re-configuring the computing device (e.g., when installing a
`new operating system). For security purposes, the reliability
`of the shared secret is only as good as the trust and reliability
`of the trusted employee because the trusted employee can
`disclose the shared secret to others either intentionally or
`accidentally.
`Furthermore, sending a trusted employee to enter the
`shared secret to each computing device when it is added to
`the network or re-configured represents a time-consuming
`and expensive operation. As electronic commerce and other
`operations that demand greater security become more com
`30
`monplace, increasing the reliability and simplicity of
`authentication of newly added and/or re-configured comput
`ing devices is desirable.
`
`25
`
`SUMMARY
`
`35
`
`This disclosure describes a technique is provided for
`admitting to a staging area a computing device. Information
`related to a persistent identity that is located in the comput
`ing device at the staging area is ascertained. The computing a
`device can be substantially authenticated to a protected
`production network based on the information related to the
`persistent identity acquired in the staging area.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`45
`
`The same numbers are used throughout the document to
`reference like components and/or features.
`FIG. 1 is an illustrative architecture of a secure data center
`including a security domain and a number of computing 50
`devices, each computing device including a secure identity
`processing area (SIPA).
`FIG. 2 is a more detailed example of a secure data center
`with a security domain and a computing device, the com
`puting device including the SIPA.
`55
`FIG. 3 is a block diagram of one embodiment of a switch
`assembly that is included in the security domain of FIGS. 1
`and 2.
`FIG. 4 is a block diagram of another embodiment of a
`switch assembly that is included in the security domain of
`FIGS. 1 and 2.
`FIG. 5 is a flow diagram of one embodiment of a
`generalized authentication request.
`FIG. 6a is a flow diagram of one embodiment of a 65
`resource request as performed in a computing device in
`attempting to access a resource in a security domain.
`
`60
`
`US 7,305,561 B2
`
`2
`FIG. 6b is a flow diagram of one embodiment of a
`resource grant as is performed in a security domain in
`response to the resource request of FIG. 6a.
`FIG. 7 is a flow diagram of one embodiment of authen
`tication challenge technique.
`FIGS. 8a and 8b are a flow diagram of one embodiment
`of a computing device authentication technique that is
`performed in a staging area.
`FIGS. 9a, 9b, and 9c are a flow diagram of one embodi
`ment of a computing device authentication technique that is
`performed in a production network.
`FIGS. 10a and 10b are a flow diagram of another embodi
`ment of a computing device authentication technique that is
`performed in a production network.
`FIG. 11 is a diagram of one embodiment of the authen
`tication levels relative to a security domain that may be
`attained by a computing device containing the SIPA.
`FIG. 12 is a block diagram of one embodiment of com
`puting device blob.
`FIG. 13 is a block diagram of one embodiment of a
`persistent isolated storage portion of a SIPA.
`
`DETAILED DESCRIPTION
`
`This disclosure describes a number of authentication
`techniques and devices that authenticate at least one com
`puting device with respect to a security domain. The com
`puting device is located outside of the security domain prior
`to the authentication. As a result of the authentication, the
`computing device joins the security domain. A secure iden
`tity processing area (SIPA) is included in each computing
`device, and each SIPA provides the authentication using a
`persistent identity. The SIPA does not require key informa
`tion input from trusted individuals who are in conventional
`systems provided with information relating to cryptographic
`keys or certificates.
`In one embodiment, a computing device having an un
`configured SIPA is placed in a staging area where the
`un-configured SIPA is configured such that it can be dis
`connected from the staging area and then integrated within
`a production area where it can be authenticated with the
`security domain. In one embodiment, the SIPA largely
`automates the authentication process of computing devices
`joining the security domain.
`Different aspects of the SIPA provide for a number of
`functions including but not limited to: persisting an identity,
`providing a secure bootstrap program to provide or update
`an operating system, and/or securely joining a security
`domain in a manner that requires no human intervention
`Such as providing a shared secret or by the person entering
`a pin code that is used by the SIPA to generate a key pair. The
`operating system can have a number of configurations and
`require certain levels of authentication. Portions of the
`operating system, and associated application programs, may
`be resident at different times in the CPU 132, the memory
`134, and/or other network or other locations. As such, the
`specific location or operation of the operating system is not
`further described, and is not shown in the figures. A number
`of types of operating system are produced and made com
`mercially available by Microsoft. The SIPA further allows
`the computing device to be purposed or repurposed in a
`manner that mitigates spoofing threats such as exist with the
`conventional remote boot protocols.
`
`IPR2020-01218
`Sony EX1023 Page 17
`
`
`
`3
`EXAMPLE SIPA AUTHENTICATION WITH
`RESPECT TO SECURITY DOMAIN
`
`US 7,305,561 B2
`
`4
`intervention and no human knowledge of private key infor
`mation that is included in the SIPA 106.
`The secure data center 102 can authenticate a computing
`device that is installing an operating system. The secure data
`center 102 allows a number of computing devices 105 to
`securely download at least a portion of their operating
`system from an automated deployment service 119 as shown
`in FIG. 2 that is located within the security domain 104, as
`discussed in more detail below.
`One embodiment of the secure data center 102 as shown
`in FIG. 1 is segmented into the security domain 104 and the
`production area 103. The security domain 104 represents
`those portions of the secure data center 102 in which all of
`the devices are secured and/or trusted. Any particular secu
`rity mechanism that provides trust and/or security, Such as
`by using cryptographic authentication, can be used to estab
`lish the security domain 104. The production area 103
`represents those portions of the secure data center 102 where
`at least Some of the components or devices may not be
`cryptographically authenticated.
`The security domain (e.g., as maintained by the security
`domain controller 115) contains a computing device related
`identity datum that is stored in a persistent account 113. The
`security domain controller 115 establishes the computing
`device's identity in the security domain 104. The persistent
`account 113 of the security domain and the persistent
`identity 154 of the SIPA 106 are relied upon as described
`below when the computing device 105 including the SIPA
`106 joins the security domain.
`The computing device. 105 bootstraps at least a portion of
`the operating system using the SIPA 106 to provide authen
`tication to the computing device 105. Each computing
`device 105 that is undergoing such network bootstrap pro
`tocols as preboot may be authenticated based on the opera
`tion using the SIPA 106. At the onset of the SIPA's opera
`tion, the state of one embodiment of the computing device
`105 may be limited to hardware initialization instructions
`such as provided by the Basic Input/Output System (BIOS),
`a network bootstrap program such as the Preboot Execution
`Environment (PXE), and authentication instructions pro
`vided by the SIPA 106 identity each as described in this
`disclosure. The SIPA 106 and the secure data center 102
`provide a mechanism for the computing device 105 to obtain
`a cryptographically authenticated operating system.
`An alternative preboot embodiment that enhances a net
`work bootstrap protocol contains an Extensible Authentica
`tion Protocol (EAP) in which the computing device 105 can
`perform an authentication transaction (based for example on
`IEEE 802.1X communications) without an operating system,
`or by using a partial or minimal operating system.
`The computing device 105 can download a minimal
`operating system from the automated deployment service
`119. The automated deployment service 119 is in the secu
`rity domain 104. A minimal operating system that is used to
`bootstrap a normal operating system is also referred to
`within this disclosure as a “minimal bootstrap'. The minimal
`operating system yields a minimal degree of authentication
`for the SIPA. Immediately following the download, the
`computing device 105 and the minimal operating system are
`both unauthenticated with respect to the security domain.
`The minimal bootstrap uses credentials in the SIPA in
`response to authentication requests from the switch 109 that
`provides port authentication to establish either a mutual
`authenticated identity or a one-way authenticated identity.
`The SIPA 106 uses established cryptographic operations
`to provide authentication between its associated computing
`device 105 and the security domain 104. Cryptographic
`
`10
`
`15
`
`25
`
`35
`
`FIGS. 1 and 2 each show a data center 102 having a
`security domain 104 and at least one computing device 105.
`Although FIG. 2 shows a single computing device 105 in
`order to avoid cluttering the drawings, a number of com
`puting devices may be in communication with the security
`domain 104. The security domain 104 distinctly interfaces
`with each computing device 105 via ports located in one or
`more switches 109. While the computing devices in a
`production area 103 are shown as being distinct from the
`security domain 104 in FIG. 1, the act of a computing device
`joining the security domain results in a computing device
`such as a boot server 304 becoming a portion of the security
`domain as shown in FIG. 4. The Switches 109 can be
`coupled to the computing devices 105 with wired and/or
`wireless couplings. Each computing device 105 includes a
`SIPA 106 that provides a number of authentication functions
`to allow the identity of the computing device 105 to be
`proven to the security domain 104.
`Each computing device 105 can be any of a variety of
`types of computers including, but not limited to, desktop
`PCs, workStations, mainframe computers, server computers,
`client computers, Internet appliances, gaming consoles,
`handheld computers, cellular telephones, personal digital
`assistants (PDAs), etc. The multiple computing devices may
`have different purposes, hardware configurations, applica
`tion programs, operating systems, software configurations,
`processors, manufacturers, etc.
`30
`The secure data center 102 includes a number of com
`puting devices 105 that are within the production area 103.
`In one embodiment, each computing device joins the Secu
`rity domain 104 upon authentication. The computing
`devices 105 can be included in such embodiments of the
`secure data centers 102 as, for example, a data center Such
`as an Internet data center (IDC), a server farm, a client
`computer, an office or business environment, a home envi
`ronment, an educational or research facility, a retail or sales
`40
`environment, etc.
`Conventional server farms include a large number of
`computing devices 105 that are arranged as servers. Racks
`116 within a protected building often support a number of
`computing devices in server farms. Individual computing
`45
`devices 105 within the server farms are often referred to as
`“blades”, due largely to their ability to slide into and out of
`the racks during positioning.
`The components of the secure data center 102 provide
`authenticated interfacing between the computing devices
`105 and the security domain 104. Certain hardware and
`software embodiments of the secure data center 102 provide
`for mutual authentication or one-way authentication
`between the SIPA 106 within the computing device 105 and
`the security domain 104 using an automated deployment
`service 119. Cryptographic functions as described in this
`disclosure can be provided using hardware, firmware, and/or
`Software that are included in the SIPA 106.
`The secure data center 102 of FIGS. 1 and 2 acts as an
`isolated secure boot system. During a secure boot of the
`computing device 105, the security domain 104 becomes
`associated with the SIPA 106 of the computing device 105.
`The association between the security domain 104 and the
`SIPA 106 provides cryptographic verification of the SIPA
`106 to authenticate the computing device 105. The authen
`tication occurs largely automatically within the secure data
`center, and in certain embodiments there is no human
`
`50
`
`55
`
`60
`
`65
`
`IPR2020-01218
`Sony EX1023 Page 18
`
`
`
`US 7,305,561 B2
`
`5
`
`10
`
`15
`
`5
`operations that are performed within the SIPA 106 include,
`but are not limited to: key generation, encryption, and
`decryption. In one embodiment, the SIPA 106 replaces the
`identity of the operating system within the computing device
`105 to establish the identity of the computing device with
`respect to the security domain 104. The identity of the
`computing device 105 is characterized by the hardware and
`the operating system of the computing device. This capa
`bility of storing the identity of the computing device 105 in
`the SIPA 106 allows the computing device to be repurposed,
`which may include modifying the operating system on the
`computing device 105 or loading a different operating
`system on the computing device 105, without changing its
`identity.
`In one embodiment, the SIPA may be emulated or simu
`lated by a software-based operating system, a kernel, or a
`program. Within this disclosure, the term “software' is
`intended to apply to firmware as well. The software-based
`operating system, kernel, or program derives its identity at
`least in part from the persistent identity 154. In one embodi
`ment, the security domain (including a directory of
`resources in the security domain) uses cryptographic tech
`niques and cryptographic keys as provided by the SIPA to
`separate the resources within the directory of resources.
`The SIPA 106 provides mutual or one-way authentication
`between the computing device 105 and the security domain
`104 that establishes the identity of the computing device
`independent of the state of the operating system or the
`computing device. The SIPA 106 enables a secure network
`bootstrap, enables a secure operating system installation,
`and mitigates the Vulnerabilities of Such non-authenticated
`protocols as the Preboot Execution Environment (PXE).
`Purposing of the computing device refers to the initial
`set-up or configuration of the computing device. Purposing
`of the computing device includes, for example, adding the
`35
`operating system and/or application programs to the com
`puting device and initially configuring the operating system
`and/or application programs. Repurposing of the computing
`device refers to changing the set-up or configuration of the
`computing device. Repurposing of the computing device
`includes, for example, removing, replacing, adding to, or
`changing the operating system and/or application programs
`within the computing device. A computing device can be
`repurposed at any point after being purposed (e.g., a com
`puting device may be repurposed one hour, one week, three
`45
`years, etc. after being purposed). During the purposing or
`repurposing of the computing device, the operating system
`establishes an identity (or machine account) of the comput
`ing device (based on the SIPA of the computing device) to
`the security domain.
`Certain embodiments of the SIPA within the computing
`device establish mutual authentication Such that each com
`puting device is able to provide a persistent identity to the
`security domain, and vice versa. Other embodiments of the
`SIPA Within the computing devices performs one-way
`authentication. With one-way authenticat
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
