Stefan Thom

US Patent:

7565553, Jul 21, 2009

Filed:

Jan 14, 2005

Appl. No.:

11/036415

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D. Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 12/14

US Classification:

713192, 726 34

Abstract:

Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.

US Patent:

7725703, May 25, 2010

Filed:

Jan 7, 2005

Appl. No.:

11/031161

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/02
G06F 21/22

US Classification:

713 2, 713100, 713170, 713181, 713193, 726 29, 726 34, 380259

Abstract:

In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.

US Patent:

7836309, Nov 16, 2010

Filed:

Jul 20, 2007

Appl. No.:

11/780781

Inventors:

Erik Holt - Redmond WA, US
Stefan Thom - Snohomish WA, US
Shivaram H. Mysore - Kirkland WA, US
Valerie Kathleen Bays - Redmond WA, US
Carl Ellison - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

713182, 380287

Abstract:

A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier.

US Patent:

7934096, Apr 26, 2011

Filed:

Jul 27, 2007

Appl. No.:

11/829737

Inventors:

Stefan Thom - Snohomish WA, US
Erik Lee Holt - Redmond WA, US
Shivaram H. Mysore - Kirkland WA, US
Valerie Kathleen Bays - Redmond WA, US
Carl M. Ellison - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32
H04L 29/06
G06F 21/00
G06F 7/04

US Classification:

713172, 713185, 713193, 726 9, 726 20, 726 27, 725 30, 725 6, 902 1, 902 2, 902 3, 902 4, 902 5

Abstract:

Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.

US Patent:

8028172, Sep 27, 2011

Filed:

Jan 14, 2005

Appl. No.:

11/036018

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D. Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32

US Classification:

713193

Abstract:

Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

US Patent:

8127146, Feb 28, 2012

Filed:

Sep 30, 2008

Appl. No.:

12/241496

Inventors:

Stefan Thom - Snohomish WA, US
Shon Eizenhoefer - Bothell WA, US
Erik Holt - Redmond WA, US
Yash Ashok Kumar Gandhi - Ramdaspeth Nagpur, IN

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00

US Classification:

713189, 713 2

Abstract:

A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components.

US Patent:

8200952, Jun 12, 2012

Filed:

Oct 25, 2006

Appl. No.:

11/586283

Inventors:

David R. Wooten - Redmond WA, US
Eric Holt - Redmond WA, US
Stefan Thom - Snohomish WA, US
Tony Ureche - Renton WA, US
Dan Sledz - Seattle WA, US
Douglas M. Maclver - Seattle WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

713 2

Abstract:

Firmware of a system is configured to allow secondary devices, such as a smart card, to be used for authentication. In an example embodiment, the secondary device is a CCID smart card in compliance with the ISO 7816 specification. The smart card is inserted into a card reader coupled to the system prior to booting the system. The firmware comprises an emulator and driver configured to allow authentication information from the smart card to be utilized to allow execution of the boot process. In an example embodiment, the smart card comprises external keys for use with BITLOCKER™. The secondary device is compatible with systems implementing a BIOS and with systems implementing EFI. Authentication also can be accomplished via devices that do not provide data storage, such as a biometric device or the like.

US Patent:

8250379, Aug 21, 2012

Filed:

Oct 13, 2009

Appl. No.:

12/577846

Inventors:

Stefan Thom - Snohomish WA, US
Cristian Marius Ilac - Sammamish WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/00

US Classification:

713193

Abstract:

Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.