`
`(12) United States Patent
`Hunt et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,305,561 B2
`Dec. 4, 2007
`
`(54) ESTABLISHING COMPUTING TRUST WITH
`A STAGING AREA
`
`(75) Inventors: Galen C. Hunt, Bellevue, WA (US);
`Jeff Simon, Redmond, WA (US)
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`0
`-
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 793 days.
`
`(*) Notice:
`
`(21) Appl. No.: 10/853,939
`
`(22) Filed:
`
`May 25, 2004
`
`(65)
`
`Prior Publication Data
`US 2005/O24677O A1
`Nov. 3, 2005
`
`9, 1998 Draves
`5,802,590 A
`9/1998 Fortinsky
`5,815,574 A
`5,818,937 A 10, 1998 Watson
`285. A ck AS S. r T10.64
`W - 4
`onnson et al.
`6,073, 183 A
`6/2000 Slonim ....................... T19,310
`88. A 38 by et al.
`6,167,515 A 12/2000 Lin
`6,185.308 B1
`2/2001 Ando et al.
`6,215,877 B1
`4/2001 Matsumoto
`6,215,878 B1
`4/2001 Harkins
`6,236,729 B1
`5/2001 Takaragi et al.
`6,311,270 B1
`10/2001 Challener et al.
`6,367,010 B1
`4/2002 Venkatram et al.
`6,408,390 B1
`6/2002 Saito
`(Conti
`ontinued)
`FOREIGN PATENT DOCUMENTS
`WO O237748
`5, 2002
`
`WO
`
`Related U.S. Application Data
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`4, 1980 Hellman et al.
`4,200,770 A
`8, 1980 Hellman et al.
`4,218,582 A
`9, 1983 Rivest et al.
`4.405,829 A
`1, 1984 Hellman et al.
`4,424.414 A
`7, 1998 Chen et al.
`5,784,463 A
`5,790,895 A * 8/1998 Krontz et al. ................. T10/64
`
`Secure Data CenterO2
`SECURITY DomAN104
`
`Production ARA
`
`
`
`i
`i
`i
`
`AUTHENTIATION
`server08
`
`23
`
`9
`|
`
`d
`is
`: &
`- -
`i
`Configured
`SPA 106
`
`
`
`
`
`switch 19
`
`SCUre :
`identification
`Processins
`AREA (SPA)
`06
`(CONFIGURED
`And NCLos
`PersisteNT
`IDENTITY)
`
`
`
`
`
`
`
`
`
`
`
`STAGING AREA 120
`
`SIPA 16
`BEING
`CONFIGURED
`
`OTHER PUBLICATIONS
`Schneier, Bruce, "Applied Cryptography Protocols, Algorithms and
`Source Code in C. Second Edition', 1996, John Wiley & Sons, Inc.,
`(63) yof application No. 10/837,419, filed on
`New York, p. 461, pp. 466-468, pp. 513-514.
`pr. 3U,
`(Continued)
`(51) Int. Cl.
`(2006.01)
`G06F I/24
`(52) U.S. Cl. ....................... 713/182; 713/189: 713/193 Egila", by R.
`(58) Field of Classification Search ................ 713/182,
`y, Agent,
`713/189, 193
`(sz)
`ABSTRACT
`See application file for complete search history.
`A technique is provided for admitting to a staging area a
`References Cited
`computing device. Information related to a persistent iden
`tity that is located in the computing device at the staging area
`is ascertained. The computing device can be substantially
`authenticated to a protected production network based on the
`information related to the persistent identity acquired in the
`staging area.
`
`Haves. PLLC
`yes,
`
`43 Claims, 14 Drawing Sheets
`
`IPR2020-01218
`Sony EX1023 Page 1
`
`
`
`US 7,305.561 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`6.424,718 B1
`7/2002 Holloway
`6.463,536 B2 10/2002 Saito
`6,578,144 B1
`6/2003 Gennaro et al.
`6,640.303 B1 10/2003 Vu
`6,678,821 B1
`1/2004 Waugh et al.
`8/2001 Baltzley
`2001/0014158 A1
`2001 OO16909 A1
`8/2001 Gehrmann
`2002fOO38421 A1
`3, 2002 Hamada
`7/2002 Branigan
`2002/0090089 A1
`9/2002 Ninomiya
`2002/0131601 A1
`2003/002877O A1
`2/2003 Litwin
`2003. O105963 A1
`6, 2003 Slick
`2003/0217263 A1
`11/2003 Sakai
`
`OTHER PUBLICATIONS
`Clifford, Kahn, “Report on DIMAC Workshop on Trust Manage
`ment’ Online, Mar. 10, 2003, Retrieved from the Internet: URL:
`http://webarchive.orl/web/20030310045643/http://ieee-security.
`org/Cipher/ConfReports/conf-rep-DIMACst.html>, pp. 2-3.
`
`Wen-Chen Wang, “How a SCVP client authenticates the SCVP
`server'. Online Sep. 12, 2003, Retrieved from the Internet:
`URL:http://www.imc.org/ietf-pkixfold-archive-03/msg01323.
`html>, p. 1.
`Moore, D.A., “Network Interoperability Program', MILCOM 97
`Proceedings, vol. 3, pp. 1152-1155, 1997.
`Maughan et al., “Security Associations: Building Blocks for Secure
`Communications'. IEEE Symposium on Computers and Commu
`nications, pp. 157-163, 1995.
`“C.O.B.A.S Centralized Out-Of-Band Authentication System'. QT
`Worldtel Inc., Sep. 8-9, 2003, p. 14.
`"Enhanced IP Services for Cisco Networks', retrieved on Jun. 19,
`2007, at <<http://proguest. Safaribooksonline.com/157870 1066>>.
`Sep. 23, 1999, pp. 11.
`“Pretty Good Privacy PGP for Personal Privacy, Version 5.0 For
`Windows 95 Windows NT, Pretty Good Privacy Inc., 1997, pp.
`137.
`
`* cited by examiner
`
`IPR2020-01218
`Sony EX1023 Page 2
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 1 of 14
`
`US 7,305,561 B2
`
`
`
`
`
`
`
`SECURE
`DENTIFICATION
`PROCESSING
`AREA (SIPA)
`106
`(CONFIGURED
`AND INCLUDES
`PERSISTENT
`IDENTITY)
`
`STAGING AREA 1
`
`
`
`
`
`
`
`SIPA 106
`BEING
`CONFIGURED
`
`Configured
`SIPA 106
`
`SWITCH109
`
`IPR2020-01218
`Sony EX1023 Page 3
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 2 of 14
`
`US 7,305,561 B2
`
`
`
`SECURE DATA CENTER 102
`
`COMPUTING DEVICE 105
`
`SECURE DENTIFICATION
`PROCESSING AREA (SIPA) 106
`
`150
`SOLATED STORAGE PORTION
`152
`PERSISTENT DENTITY 15
`
`MEMORY 134
`
`CENTRAL PROCESSING UNIT
`(CPU) 132
`
`FILES AND/OR FIRMWARE 138
`
`KEY(S) 158
`
`lNPUTIOUTPUT PORTION 136
`
`TRUSTED DOMAIN PUBLIC
`CERTIFICATE 156
`
`PRIVATE VLAN
`
`BOOT SERVER
`116
`
`SECURTITY DOMAIN
`CONTROLLER 115
`
`AUTHENTICATION
`SERVER 108
`
`PERSISTENT ACCOU
`NT
`113
`-au
`SECURITY DOMAIN 104
`
`199
`
`PRODUCTION VLAN
`CERTIFICATE
`AUTHORITY (OPTIONAL)
`110
`
`AUTOMATED
`DEPLOYMENT SERVICE
`119
`
`FIREWALL 112
`
`IPR2020-01218
`Sony EX1023 Page 4
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 3 of 14
`
`US 7,305,561 B2
`
`SWITCH
`A-TASSEMBLY 111
`
`AUTHENTICATION
`SERVER 108
`
`PORT
`302(1)
`WTH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`PXE/DHCP
`BOOT
`SERVER 116
`
`PORT 302(4)
`WITH NO
`FILTER
`
`PORT
`
`WITH FILTER
`
`BOOT CLIENT
`WTH SPA
`304
`
`
`
`COMPUTING DEVICE
`BLOB 1200
`TRUSTED DOMAIN
`PUBLC
`CERTIFICATE
`156
`
`COMPUTING
`DEVICE PUBLIC
`CERTIFICATE
`159
`
`
`
`SOLATED STORAGE
`PORTION 214 (FOR
`PERSISTENT DENTITY)
`TRUSTED DOMAIN
`PUBLIC CERTIFICATE
`156
`
`COMPUTING DEVICE
`PUBLIC CERTIFICATE
`159
`
`PRIVATE KEY NOT
`EXPORTED, IMPORTED,
`OR VIEWABLE OUTSIDE
`OF CRYPTOGRAPHIC
`PROCESSOR
`
`SPA PRIVATE
`KEY 157
`
`22, 15
`
`IPR2020-01218
`Sony EX1023 Page 5
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 4 of 14
`
`US 7,305,561 B2
`
`- a was is - EcoS
`
`CLIENT WITH
`SIPA
`304
`
`
`
`
`
`ROGUE
`SERVER 199
`
`A.
`
`2 6%,
`
`4.
`
`SWITCH
`
`PORT
`302(B2
`WITH FILTER
`
`PORT
`302(BN)
`WITH FLTER
`
`Securipown
`
`
`
`PORT
`302(B1)
`WITH FILTER
`
`302(B3
`WITH NO
`FILTER
`
`PXE/DHCP
`BOOT
`SERVER 116
`
`BOOT CLIENT
`WITH SIPA
`
`PORT
`302(AN
`WITH FILTER
`
`PORT
`302(A2)
`WITH FLTER
`
`
`
`
`
`CLENT
`WTH SIPA
`
`BOOT CLIENT
`WTH SPA
`
`302(C1)
`WITH FILTER
`
`302(C2)
`WTH FILTER
`
`
`
`BOOT CLIENT
`WITH SPA
`
`PORT
`302(A5)
`WITH FLTER
`
`AUTHENTICATION
`SERVER 108
`
`PORT
`302(A3)
`WITH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`PORT
`302(CN)
`WITH FILTER
`
`BOOT CLIENT
`WITH SPA
`304
`
`IPR2020-01218
`Sony EX1023 Page 6
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 5 of 14
`
`US 7,305,561 B2
`
`COMPUTING DEVICE SEEKS AUTHENTICATION BY SECURITY DOMAIN
`
`502
`
`SECURITY DOMAIN CONSIDERS AUTHENTICATION REQUEST, AND
`EITHER GRANTS OR REJECTS REQUEST
`
`IF AUTHENTICATION REQUEST GRANTED, COMPUTING
`DEVICE JOINS SECURITY DOMAIN
`
`504
`
`506
`
`Y-500
`
`4. 702
`
`
`
`AUTHENTICATION SERVER CHALLENGES COMPUTING DEVICE, THE
`AUTHENTICATION SERVER THEN SENDS CHALLENGE TO COMPUTING DEVICE
`
`7O6
`
`COMPUTING DEVICE DECRYPTS CHALLENGE USNG PRIVATE KEY WITH
`SOLATED PROCESSING TO YIELD CHALLENGE RESPONSE. COMPUTING
`DEVICE THEN SENDS RESPONSE ENCRYPTED USING PUBLIC KEY OF TRUSTED
`DOMAIN BACK TO AUTHENTICATION SERVER.
`
`708
`
`AUTHENTICATION SERVER THEN PERFORMS COMPARE, IF SATISFIED, THEN
`COMPUTING DEVICE IS AUTHENTICATED
`
`71O
`
`22, 7
`
`704
`
`Y-700
`
`IPR2020-01218
`Sony EX1023 Page 7
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 6 of 14
`
`US 7,305,561 B2
`
`
`
`
`
`602
`
`- 600
`
`OPERATIONS
`PERFORMED IN
`COMPUTING DEVICE BY
`INTERFACING USING
`ETHER PRIVATE VLAN
`V2 OR PRODUCTION
`VLANV
`
`
`
`
`
`
`
`610
`
`IS ACCESS
`GRANTED TO COMPUTING DEVICE
`TO USE RESOURCE WITHIN SECURITY
`DOMAIN?
`
`NO
`
`612
`RESOURCE
`REQUEST FAILS
`
`
`
`
`
`
`
`DOES COMPUTING DEVICE
`NEED ACCESS TO ADDITIONAL RESOURCE(s)
`WTHIN SECURITY DOMAIN?
`
`
`
`NO
`
`618
`
`END
`
`IPR2020-01218
`Sony EX1023 Page 8
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 7 of 14
`
`US 7,305,561 B2
`
`SECURITY DOMAIN RECEIVES ACCESS REQUEST FROM
`COMPUTING DEVICE (FROM 606 IN FIG. 6a)
`
`- 630
`
`632
`
`SECURITY DOMAIN ATTEMPTS TO
`VALIDATEACCESS REQUEST
`
`634
`
`IS ACCESS REQUEST VALID?
`
`SECURITY DOMAIN GRANTS ACCESS TO
`RESOURCE FOR COMPUTING DEVICE
`
`
`
`
`
`SECURITY DOMAIN DENIES ACCESS TO
`RESOURCE FOR COMPUTING DEVICE
`
`640
`
`SECURITY DOMAIN SENDS ACCESS RESPONSE (EITHER
`GRANT OR DENIAL) To COMPUTING DEVICE (To 616 INFIG.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1023 Page 9
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 8 of 14
`
`US 7,305,561 B2
`
`LINK LAYER SEGMENT (STAGING AREA) 808
`COMPUTING DEVICE ACCESSESLINK-LAYER
`NETWORK OF STAGING AREA
`
`t
`|
`|
`||
`|
`- - - - - - - - - - - - - - - - - - - - - -
`
`
`
`|
`
`COMPUTING
`DEVICE PLACED
`IN STAGING
`AREA AND
`RESET WITH
`CONNECTION
`TO STAGING
`AREA
`
`I
`
`:
`
`I
`
`DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
`SEGMENT (STAGING AREA) 810
`
`- -
`
`834
`
`838
`
`
`
`:
`|
`
`!
`
`840
`
`
`
`COMPUTING DEVICE CONFIGURESTCP/IP NETWORK
`ACKNOWLEDGEMENT TO USE DESIGNATED PADDRESS
`:- - - - - - - - - - - - - - - - - - - - - -
`O
`
`!-------------------------------------------------------
`Y-802
`
`Y-800
`
`IPR2020-01218
`Sony EX1023 Page 10
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 9 of 14
`
`US 7,305,561 B2
`
`PREbooi Execution (PXE)
`SEGMENT 812 (STAGING AREA)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) Boot REQUEST
`
`
`
`COMPUTING
`DEVICE PLACED
`IN STAGING
`- AREA AND
`RESET WITH
`842 CONNECTION
`TO STAGING
`AREA
`
`
`
`
`
`T STAGING OPERATING SYSTEM
`SEGMENT 814 (STAGING AREA)
`STAGING OPERATING SYSTEM ON COMPUTING DEVICE ASKS SPA TO
`GENERATE PUBLIC/PRIVATE KEY PAIR, RETRIEVE PUBLIC KEY, AND
`CREATE CERTIFICATE RECUEST CONTAINING THE PUBLIC KEY
`
`
`
`IPR2020-01218
`Sony EX1023 Page 11
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 10 of 14
`
`US 7,305,561 B2
`
`
`
`:
`
`:
`
`:
`
`LINK LAYERAUTHENTICATION SEGMENT 904
`(PRODUCTION NETWORK)
`
`914
`
`COMPUTING
`DEVICE MOVED
`TO PRODUCTION
`NETWORK AND |
`RESET WITH
`CONNECTION To
`PRODUCTION
`NETWORK
`
`THE SWITCHENABLES THE NETWORK PORT
`AND CONNECT TO THE UNRESTRICTED PRODUCTION
`VIRTUAL LOCAL AREA NETWORK (VLAN)
`
`THE COMPUTING DEVICE FINISHES THE CONFIGURATION
`OF THE LINK-LAYER NETWORK iNTERFACE
`
`DYNAMICHOST CONFIGURATION PROTOCOL (DHCP)
`AUTHENTICATION SEGMENT 906 (PRODUCTION NETWORK)
`
`THE COMPUTING DEVICE CONFIGURES THE TCP/IP NETWORK
`WITH ACKNOWLEDGEMENT TO USE DESIGNATED PADDRESS
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - J
`
`N-gO2
`
`Y-900
`
`IPR2020-01218
`Sony EX1023 Page 12
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 11 of 14
`
`US 7,305,561 B2
`
`-- - - O
`
`-
`
`- um m.
`
`- - - - -
`
`PREBOOT EXECUTION (PXE) AUTHENTICATION
`SEGMENT 907 (PRODUCTION NETWORK)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) Boot REQUEST
`
`- am - -
`
`930
`
`|
`2
`3
`
`934
`
`CENG
`EVICE
`MAINTAINED IN
`PRODUCTION :
`NETWORKAND
`RESET WITH
`CONNECTION To
`PRODUCTION
`NETWORK
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BOOT SERVERVALIDATES PXE BOOT REQUEST
`
`DEPLOYMENT OPERATING SystEMAUTHENTICATION
`SEGMENT 908 (PRODUCTION NETWORK)
`
`Tl
`
`THE DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE
`CREATES REQUEST TO Join VLAN, AND SENDS THE REQUEST TO THE
`SWITCH
`
`THE SWITCH DELIVERS THE EAP/TLS REQUEST TO THE
`AUTHENTICATION SERVER. THE AUTHENTCATION SERVERVALIDATES
`THE COMPUTING DEVICE DENTITY USING PUBLIC AND PRIVATE KEY
`CHALLENGE-RESPONSE
`
`DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE
`CONFIGURES VIRTUAL NETWORKADAPTER THAT IS CONNECTED TO A
`RESTRICTED PRODUCTION VLAN, AND REBOOTS
`
`DEPLOYMENT OPERATING SYSTEM ON COMPUTING DEVICE BOOTS,
`AND CREATES AREQUEST TO JOIN A SECURITY DOMAIN IN
`PRODUCTION VLAN
`
`IPR2020-01218
`Sony EX1023 Page 13
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 12 of 14
`
`US 7,305,561 B2
`
`COMPUTING
`TT PRODUction OPERATING SYSTEMAUTHENicATION T
`IDEVICE MOVED
`SEGMENT 910 (PRODUCTION NETWORK)
`946 TO PRODUCTION
`THE PRODUCTION OPERATING SYSTEM on THE CoMPUTING DEVICEY NETWORKAND
`| BOOTS, AND CREATES AREQUEST TO Join A SECURITY DOMAIN IN
`RESEWTH
`PRODUCTION VLAN
`CNNECTION To
`PRODUCTION
`NETWORK
`|
`
`
`
`:
`
`ASECURITY DOMAIN SERVER VALIDATES THE DENTITY OF THE
`COMPUTING DEVICE VIA PUBLIC/PRIVATE KEY CHALLENGE/
`RESPONSE WITH SPA
`
`950
`THE SECURITY DOMAIN SERVER RETURNS THE SECURITY DOMAINY
`LOGONCREDENTIALS TO COMPUTING DEVICE
`
`
`
`
`
`
`
`:
`
`|
`
`:
`
`:
`
`952
`THE PRODUCTION OPERATING SYSTEM REBOOTS AND USES
`STORED SECURITY DOMAIN LOGONCREDENTIALS TO ACCESS
`RESTRICTED PRODUCTION SECURITY DOMAIN
`- - - -
`- -
`- - - - -
`
`- - -
`
`m - - - - - - - - - -
`- - -
`N 902
`
`SUBSEQUENT
`VIRTUAL
`LANS (OR
`COULD BE
`SAME VLAN)
`
`NITIAL
`VIRTUAL LAN
`(PRIVATE)
`
`DOMAIN JOIN OF OPERATING SYSTEM STAGE 1108
`
`FULL OPERATING SYSTEMSTAGE 1106
`
`DEPLOYMENTAGENT STAGE 1104
`
`PREBOOT EXECUTION (PXE) STAGE 1102
`
`22, 77
`
`Y-- 1:100
`
`IPR2020-01218
`Sony EX1023 Page 14
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 13 of 14
`
`US 7,305,561 B2
`
`1014 COMPUTING
`(PRODUCTION NETWORK)
`T
`DEVICE MOVED
`HE COMPUTER DEVICE ACCESSES THE LINK-LAYER NETWORK
`TO PRODUCTION
`OF THE PRODUCTION NETWORK
`NETWORKAND
`1016 RESET WITH
`|CONNECTION TO
`PRODUCTION
`NETWORK
`
`THE SWITCH DETERMINES THAT THE
`ACCESS TO NETWORK PORT IS VALID
`
`1018
`
`THE SWITCHENABLES THE NETWORK PORT FOR
`COMMUNICATION, BUT DOES NOT CONNECT TO ANY WIRTUAL
`LOCAL AREANETWORK (WLAN)
`
`1020
`THE COMPUTING DEVICE FINISHES THE CONFIGURATION OF THE
`LINK-LAYER NETWORK iNTERFACE
`
`
`
`
`
`
`
`
`
`
`
`DEPLOYMENT OPERATING SYSTEM AUTHENTICATION
`SEGMENT 1008 (PRODUCTION NETWORK)
`THE NETWORK BOOT FRMWARE OF COMPUTING DEVICE CREATES
`REQUEST TO JOIN RESTRICTED PRODUCTION VIRTUAL LOCAL AREA
`NETWORK (VLAN), AND SENDS THE REQUEST TO THE SWITCH
`
`THE SWITCH DELIVERS THE EAPITLS REQUEST TO THE
`AUTHENTICATION SERVER. THE AUTHENTICATION SERVER VALIDATES
`THE COMPUTING DEVICE DENTITY USING KEY CHALLENGE-RESPONSE
`
`THE AUTHENTICATION SERVER INSTRUCTS THE SWITCH TO ENABLE
`PORT ACCESS OF THE COMPUTING DEVICE TO A RESTRICTED
`PRODUCTION VLAN
`
`THE NETWORK BOOT FIRMWARE OF COMPUTING DEVICE CONFIGURES
`NETWORK STACK TO USE THE RESTRICTED PRODUCTION VLAN
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1023 Page 15
`
`
`
`U.S. Patent
`
`Dec. 4, 2007
`
`Sheet 14 of 14
`
`US 7,305,561 B2
`
`;
`
`I
`
`T DYNAMICHOST CONFIGURATION PROTOCOL (DHCP)
`AUTHENTICATION SEGMENT 1010 (PRODUCTION NETWORK)
`
`NETWORK BOOT FIRMWARE OF COMPUTING DEVICE REQUESTS
`ADDRESS THROUGH DHCP CLIENT PROTOCOL
`
`THE BOOT SERVER ALLOCATES PADDRESS AND PROVIDES
`ADDRESS TO THE COMPUTING DEVICE THROUGH DHCP SERVER
`PROTOCOL
`
`COMPUTING
`DEVICE MoVER
`1030 TO PRODUCTION
`EAP :
`CONNECTION TO
`PRODUCTION
`NETWORK
`
`(THE CoMPUTING Device Configures THE Transfer Control
`PROTOCOL/INTERNET PROTOCOL TCP/IP). NETWORK TO USE
`DESIGNATED PADDRESS
`- - - - - - - - - - - - - - - - - - - - - - -
`
`|
`
`
`
`
`
`PREBoot EXECUTION (PXE) AUTHENTICATION
`SEGMENT 1012 (PRODUCTION NETWORK)
`COMPUTING DEVICE BROADCASTS PREBOOT
`EXECUTION (PXE) BooT REQUEST
`
`1040
`
`1042
`
`:
`
`:
`
`10:
`1046
`(NETwork Boot Firmware of CoMPuTiNG Device Downloads
`PXE BOOT LOADER AND STAGING OPERATING SYSTEM FROM
`BOOT SERVER
`
`
`
`:
`
`|
`| |
`I
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`-
`
`TN 1004
`
`Y-1000
`
`IPR2020-01218
`Sony EX1023 Page 16
`
`
`
`1.
`ESTABLISHING COMPUTING TRUST WITH
`A STAGING AREA
`
`This is a continuation of application Ser. No. 10/837,419.
`filed Apr. 30, 2004, entitled “Isolated Persistent Identity 5
`Storage For Authentication of Computing Devices” to
`inventors Hunt et al.
`
`BACKGROUND
`
`10
`
`15
`
`Authenticating a new computing device with respect to an
`existing network is challenging, labor intensive, and is often
`performed manually by sending a trusted employee to the
`location of the computing device. Typically, Such authenti
`cating is performed using a shared secret that is made
`available to the trusted employee. The trusted employee is
`then able to enter the shared secret when the new computing
`device is coupled to the network, and also possibly when
`re-configuring the computing device (e.g., when installing a
`new operating system). For security purposes, the reliability
`of the shared secret is only as good as the trust and reliability
`of the trusted employee because the trusted employee can
`disclose the shared secret to others either intentionally or
`accidentally.
`Furthermore, sending a trusted employee to enter the
`shared secret to each computing device when it is added to
`the network or re-configured represents a time-consuming
`and expensive operation. As electronic commerce and other
`operations that demand greater security become more com
`30
`monplace, increasing the reliability and simplicity of
`authentication of newly added and/or re-configured comput
`ing devices is desirable.
`
`25
`
`SUMMARY
`
`35
`
`This disclosure describes a technique is provided for
`admitting to a staging area a computing device. Information
`related to a persistent identity that is located in the comput
`ing device at the staging area is ascertained. The computing a
`device can be substantially authenticated to a protected
`production network based on the information related to the
`persistent identity acquired in the staging area.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`45
`
`The same numbers are used throughout the document to
`reference like components and/or features.
`FIG. 1 is an illustrative architecture of a secure data center
`including a security domain and a number of computing 50
`devices, each computing device including a secure identity
`processing area (SIPA).
`FIG. 2 is a more detailed example of a secure data center
`with a security domain and a computing device, the com
`puting device including the SIPA.
`55
`FIG. 3 is a block diagram of one embodiment of a switch
`assembly that is included in the security domain of FIGS. 1
`and 2.
`FIG. 4 is a block diagram of another embodiment of a
`switch assembly that is included in the security domain of
`FIGS. 1 and 2.
`FIG. 5 is a flow diagram of one embodiment of a
`generalized authentication request.
`FIG. 6a is a flow diagram of one embodiment of a 65
`resource request as performed in a computing device in
`attempting to access a resource in a security domain.
`
`60
`
`US 7,305,561 B2
`
`2
`FIG. 6b is a flow diagram of one embodiment of a
`resource grant as is performed in a security domain in
`response to the resource request of FIG. 6a.
`FIG. 7 is a flow diagram of one embodiment of authen
`tication challenge technique.
`FIGS. 8a and 8b are a flow diagram of one embodiment
`of a computing device authentication technique that is
`performed in a staging area.
`FIGS. 9a, 9b, and 9c are a flow diagram of one embodi
`ment of a computing device authentication technique that is
`performed in a production network.
`FIGS. 10a and 10b are a flow diagram of another embodi
`ment of a computing device authentication technique that is
`performed in a production network.
`FIG. 11 is a diagram of one embodiment of the authen
`tication levels relative to a security domain that may be
`attained by a computing device containing the SIPA.
`FIG. 12 is a block diagram of one embodiment of com
`puting device blob.
`FIG. 13 is a block diagram of one embodiment of a
`persistent isolated storage portion of a SIPA.
`
`DETAILED DESCRIPTION
`
`This disclosure describes a number of authentication
`techniques and devices that authenticate at least one com
`puting device with respect to a security domain. The com
`puting device is located outside of the security domain prior
`to the authentication. As a result of the authentication, the
`computing device joins the security domain. A secure iden
`tity processing area (SIPA) is included in each computing
`device, and each SIPA provides the authentication using a
`persistent identity. The SIPA does not require key informa
`tion input from trusted individuals who are in conventional
`systems provided with information relating to cryptographic
`keys or certificates.
`In one embodiment, a computing device having an un
`configured SIPA is placed in a staging area where the
`un-configured SIPA is configured such that it can be dis
`connected from the staging area and then integrated within
`a production area where it can be authenticated with the
`security domain. In one embodiment, the SIPA largely
`automates the authentication process of computing devices
`joining the security domain.
`Different aspects of the SIPA provide for a number of
`functions including but not limited to: persisting an identity,
`providing a secure bootstrap program to provide or update
`an operating system, and/or securely joining a security
`domain in a manner that requires no human intervention
`Such as providing a shared secret or by the person entering
`a pin code that is used by the SIPA to generate a key pair. The
`operating system can have a number of configurations and
`require certain levels of authentication. Portions of the
`operating system, and associated application programs, may
`be resident at different times in the CPU 132, the memory
`134, and/or other network or other locations. As such, the
`specific location or operation of the operating system is not
`further described, and is not shown in the figures. A number
`of types of operating system are produced and made com
`mercially available by Microsoft. The SIPA further allows
`the computing device to be purposed or repurposed in a
`manner that mitigates spoofing threats such as exist with the
`conventional remote boot protocols.
`
`IPR2020-01218
`Sony EX1023 Page 17
`
`
`
`3
`EXAMPLE SIPA AUTHENTICATION WITH
`RESPECT TO SECURITY DOMAIN
`
`US 7,305,561 B2
`
`4
`intervention and no human knowledge of private key infor
`mation that is included in the SIPA 106.
`The secure data center 102 can authenticate a computing
`device that is installing an operating system. The secure data
`center 102 allows a number of computing devices 105 to
`securely download at least a portion of their operating
`system from an automated deployment service 119 as shown
`in FIG. 2 that is located within the security domain 104, as
`discussed in more detail below.
`One embodiment of the secure data center 102 as shown
`in FIG. 1 is segmented into the security domain 104 and the
`production area 103. The security domain 104 represents
`those portions of the secure data center 102 in which all of
`the devices are secured and/or trusted. Any particular secu
`rity mechanism that provides trust and/or security, Such as
`by using cryptographic authentication, can be used to estab
`lish the security domain 104. The production area 103
`represents those portions of the secure data center 102 where
`at least Some of the components or devices may not be
`cryptographically authenticated.
`The security domain (e.g., as maintained by the security
`domain controller 115) contains a computing device related
`identity datum that is stored in a persistent account 113. The
`security domain controller 115 establishes the computing
`device's identity in the security domain 104. The persistent
`account 113 of the security domain and the persistent
`identity 154 of the SIPA 106 are relied upon as described
`below when the computing device 105 including the SIPA
`106 joins the security domain.
`The computing device. 105 bootstraps at least a portion of
`the operating system using the SIPA 106 to provide authen
`tication to the computing device 105. Each computing
`device 105 that is undergoing such network bootstrap pro
`tocols as preboot may be authenticated based on the opera
`tion using the SIPA 106. At the onset of the SIPA's opera
`tion, the state of one embodiment of the computing device
`105 may be limited to hardware initialization instructions
`such as provided by the Basic Input/Output System (BIOS),
`a network bootstrap program such as the Preboot Execution
`Environment (PXE), and authentication instructions pro
`vided by the SIPA 106 identity each as described in this
`disclosure. The SIPA 106 and the secure data center 102
`provide a mechanism for the computing device 105 to obtain
`a cryptographically authenticated operating system.
`An alternative preboot embodiment that enhances a net
`work bootstrap protocol contains an Extensible Authentica
`tion Protocol (EAP) in which the computing device 105 can
`perform an authentication transaction (based for example on
`IEEE 802.1X communications) without an operating system,
`or by using a partial or minimal operating system.
`The computing device 105 can download a minimal
`operating system from the automated deployment service
`119. The automated deployment service 119 is in the secu
`rity domain 104. A minimal operating system that is used to
`bootstrap a normal operating system is also referred to
`within this disclosure as a “minimal bootstrap'. The minimal
`operating system yields a minimal degree of authentication
`for the SIPA. Immediately following the download, the
`computing device 105 and the minimal operating system are
`both unauthenticated with respect to the security domain.
`The minimal bootstrap uses credentials in the SIPA in
`response to authentication requests from the switch 109 that
`provides port authentication to establish either a mutual
`authenticated identity or a one-way authenticated identity.
`The SIPA 106 uses established cryptographic operations
`to provide authentication between its associated computing
`device 105 and the security domain 104. Cryptographic
`
`10
`
`15
`
`25
`
`35
`
`FIGS. 1 and 2 each show a data center 102 having a
`security domain 104 and at least one computing device 105.
`Although FIG. 2 shows a single computing device 105 in
`order to avoid cluttering the drawings, a number of com
`puting devices may be in communication with the security
`domain 104. The security domain 104 distinctly interfaces
`with each computing device 105 via ports located in one or
`more switches 109. While the computing devices in a
`production area 103 are shown as being distinct from the
`security domain 104 in FIG. 1, the act of a computing device
`joining the security domain results in a computing device
`such as a boot server 304 becoming a portion of the security
`domain as shown in FIG. 4. The Switches 109 can be
`coupled to the computing devices 105 with wired and/or
`wireless couplings. Each computing device 105 includes a
`SIPA 106 that provides a number of authentication functions
`to allow the identity of the computing device 105 to be
`proven to the security domain 104.
`Each computing device 105 can be any of a variety of
`types of computers including, but not limited to, desktop
`PCs, workStations, mainframe computers, server computers,
`client computers, Internet appliances, gaming consoles,
`handheld computers, cellular telephones, personal digital
`assistants (PDAs), etc. The multiple computing devices may
`have different purposes, hardware configurations, applica
`tion programs, operating systems, software configurations,
`processors, manufacturers, etc.
`30
`The secure data center 102 includes a number of com
`puting devices 105 that are within the production area 103.
`In one embodiment, each computing device joins the Secu
`rity domain 104 upon authentication. The computing
`devices 105 can be included in such embodiments of the
`secure data centers 102 as, for example, a data center Such
`as an Internet data center (IDC), a server farm, a client
`computer, an office or business environment, a home envi
`ronment, an educational or research facility, a retail or sales
`40
`environment, etc.
`Conventional server farms include a large number of
`computing devices 105 that are arranged as servers. Racks
`116 within a protected building often support a number of
`computing devices in server farms. Individual computing
`45
`devices 105 within the server farms are often referred to as
`“blades”, due largely to their ability to slide into and out of
`the racks during positioning.
`The components of the secure data center 102 provide
`authenticated interfacing between the computing devices
`105 and the security domain 104. Certain hardware and
`software embodiments of the secure data center 102 provide
`for mutual authentication or one-way authentication
`between the SIPA 106 within the computing device 105 and
`the security domain 104 using an automated deployment
`service 119. Cryptographic functions as described in this
`disclosure can be provided using hardware, firmware, and/or
`Software that are included in the SIPA 106.
`The secure data center 102 of FIGS. 1 and 2 acts as an
`isolated secure boot system. During a secure boot of the
`computing device 105, the security domain 104 becomes
`associated with the SIPA 106 of the computing device 105.
`The association between the security domain 104 and the
`SIPA 106 provides cryptographic verification of the SIPA
`106 to authenticate the computing device 105. The authen
`tication occurs largely automatically within the secure data
`center, and in certain embodiments there is no human
`
`50
`
`55
`
`60
`
`65
`
`IPR2020-01218
`Sony EX1023 Page 18
`
`
`
`US 7,305,561 B2
`
`5
`
`10
`
`15
`
`5
`operations that are performed within the SIPA 106 include,
`but are not limited to: key generation, encryption, and
`decryption. In one embodiment, the SIPA 106 replaces the
`identity of the operating system within the computing device
`105 to establish the identity of the computing device with
`respect to the security domain 104. The identity of the
`computing device 105 is characterized by the hardware and
`the operating system of the computing device. This capa
`bility of storing the identity of the computing device 105 in
`the SIPA 106 allows the computing device to be repurposed,
`which may include modifying the operating system on the
`computing device 105 or loading a different operating
`system on the computing device 105, without changing its
`identity.
`In one embodiment, the SIPA may be emulated or simu
`lated by a software-based operating system, a kernel, or a
`program. Within this disclosure, the term “software' is
`intended to apply to firmware as well. The software-based
`operating system, kernel, or program derives its identity at
`least in part from the persistent identity 154. In one embodi
`ment, the security domain (including a directory of
`resources in the security domain) uses cryptographic tech
`niques and cryptographic keys as provided by the SIPA to
`separate the resources within the directory of resources.
`The SIPA 106 provides mutual or one-way authentication
`between the computing device 105 and the security domain
`104 that establishes the identity of the computing device
`independent of the state of the operating system or the
`computing device. The SIPA 106 enables a secure network
`bootstrap, enables a secure operating system installation,
`and mitigates the Vulnerabilities of Such non-authenticated
`protocols as the Preboot Execution Environment (PXE).
`Purposing of the computing device refers to the initial
`set-up or configuration of the computing device. Purposing
`of the computing device includes, for example, adding the
`35
`operating system and/or application programs to the com
`puting device and initially configuring the operating system
`and/or application programs. Repurposing of the computing
`device refers to changing the set-up or configuration of the
`computing device. Repurposing of the computing device
`includes, for example, removing, replacing, adding to, or
`changing the operating system and/or application programs
`within the computing device. A computing device can be
`repurposed at any point after being purposed (e.g., a com
`puting device may be repurposed one hour, one week, three
`45
`years, etc. after being purposed). During the purposing or
`repurposing of the computing device, the operating system
`establishes an identity (or machine account) of the comput
`ing device (based on the SIPA of the computing device) to
`the security domain.
`Certain embodiments of the SIPA within the computing
`device establish mutual authentication Such that each com
`puting device is able to provide a persistent identity to the
`security domain, and vice versa. Other embodiments of the
`SIPA Within the computing devices performs one-way
`authentication. With one-way authenticat