US2016087963A1PendingUtilityA1

Establishing secure computing devices for virtualization and administration

Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Jul 22, 2014Filed: Dec 1, 2015Published: Mar 24, 2016
Est. expiryJul 22, 2034(~8 yrs left)· nominal 20-yr term from priority
H04L 63/20G06F 21/44H04L 63/0823H04L 63/08H04L 63/101G06F 21/31G06F 21/57H04L 63/10
41
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . At a computer system including at least one processor, a computer-implemented method for establishing a secure connection between computing systems, the method comprising:
 receiving, from a computing device, a request that at least one specified function be initiated, the request including user credentials and a device claim that identifies the computing device;   authenticating the user using the received user credentials;   determining, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the at least one specified function; and   upon determining that the user has been authenticated and that the computing device is approved to initiate performance of at least one specified function, initiating performance of the at least one specified function.   
     
     
         2 . The method of  claim 1 , wherein the at least one specified function comprises an administrative or cloud management task. 
     
     
         3 . The method of  claim 1 , wherein the device claim includes a digital certificate corresponding to the computing device, the digital certificate uniquely identifying the computing device. 
     
     
         4 . The method of  claim 1 , wherein determining, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the at least one specified function includes determining that the computing device comprises a secure workstation. 
     
     
         5 . The method of  claim 4 , wherein determining that the computing device comprises a secure workstation includes the following:
 establishing a device claim that identifies the secure workstation;   establishing an updating policy configured to ensure that the secure workstation is running up-to-date software patches;   instantiating an application blocking service configured to ensure that only applications on a specified whitelist are allowed to be executed on the secure workstation; and   establishing a networking policy that prevents at least some inbound network connections from reaching the secure workstation.   
     
     
         6 . The method of  claim 1 , wherein the at least one specified function comprises establishing a remote desktop session to a second, different computing system. 
     
     
         7 . The method of  claim 1 , wherein the computing device is shared between a plurality of computing device users. 
     
     
         8 . The method of  claim 7 , wherein the computing device is one of a plurality of approved computing devices that are approved to perform the one or more specified functions. 
     
     
         9 . The method of  claim 1 , wherein policy indicates which combinations of authenticated user and approved computing device are permitted to perform the at least one specified function. 
     
     
         10 . The method of  claim 1 , further comprising:
 receiving, from the computing device, an application identity that identifies at least one application running on the computing device;   determining that the application identity identifies at least one approved application; and   including the application identity determination in the determination to initiate performance of the at least one specified function.   
     
     
         11 . A computer system, comprising:
 one or more processors; and   one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to configure the computer system to establish a secure connection between computing systems, the computer-executable instructions including instructions that are executable to configure the computer system to perform at least the following:
 receive, from a computing device, a request that at least one specified function be initiated, the request including user credentials and a device claim that identifies the computing device; 
 authenticate the user using the received user credentials; 
 determine, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the at least one specified function; and 
 upon determining that the user has been authenticated and that the computing device is approved to initiate performance of at least one specified function, initiate performance of the at least one specified function. 
   
     
     
         12 . The computer system of  claim 11 , wherein the at least one specified function comprises an administrative or cloud management task. 
     
     
         13 . The computer system of  claim 11 , wherein the device claim includes a digital certificate corresponding to the computing device, the digital certificate uniquely identifying the computing device. 
     
     
         14 . The computer system of  claim 11 , wherein the computer-executable instructions also include instructions that are executable to configure the computer system to determine that the computing device comprises a secure workstation, when determining that the computing device is an approved computing device that has been approved to initiate performance of the at least one specified function. 
     
     
         15 . The computer system of  claim 14 , wherein the computer-executable instructions also include instructions that are executable to configure the computer system, when determining that the computing device comprises a secure workstation, to perform at least the following:
 establish a device claim that identifies the secure workstation;   establish an updating policy configured to ensure that the secure workstation is running up-to-date software patches;   instantiate an application blocking service configured to ensure that only applications on a specified whitelist are allowed to be executed on the secure workstation; and   establish a networking policy that prevents at least some inbound network connections from reaching the secure workstation.   
     
     
         16 . The computer system of  claim 11 , wherein the at least one specified function comprises establishing a remote desktop session to a second, different computing system. 
     
     
         17 . The computer system of  claim 11 , wherein the computing device is shared between a plurality of computing device users. 
     
     
         18 . The computer system of  claim 17 , wherein the computing device is one of a plurality of approved computing devices that are approved to perform the one or more specified functions. 
     
     
         19 . The computer system of  claim 11 , wherein policy indicates which combinations of authenticated user and approved computing device are permitted to perform the at least one specified function. 
     
     
         20 . A computer program product comprising one or more hardware storage devices having stored thereon computer-executable instructions that are executable by one or more processors of a computer system to configure the computer system to establish a secure connection between computing systems, the computer-executable instructions including instructions that are executable to configure the computer system to perform at least the following:
 receive, from a computing device, a request that at least one specified function be initiated, the request including user credentials and a device claim that identifies the computing device;   authenticate the user using the received user credentials;   determine, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the at least one specified function; and   upon determining that the user has been authenticated and that the computing device is approved to initiate performance of at least one specified function, initiate performance of the at least one specified function.

Join the waitlist — get patent alerts

Track US2016087963A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.