Tamper-resistant service management for enterprise systems

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Matthew Shadbolt · Redmond, US
• Michael Healy · Redmond, US
• Shweta Jha · Issaquah, US
• Gokhan Ozhan · Redmond, US
• Adrian Marinescu · Sammamish, US
• Alemeshet Yismaw Alemu · Redmond, US
• Karthik Selvaraj · Kirkland, US
• Milind Pawar · Sammamish, US
• Vladimir Soroka · Carmiel, IL
• Hayk Hovsepyan · Redmond, US
• Chaohong Ou · Bellevue, US
• Patanjal Digant Vyas · Bothell, US
• David Torosyan · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/205
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.