Distributed cryptographic methods and arrangements

US 20020118836A1
Filed: 02/28/2001
Published: 08/29/2002
Est. Priority Date: 02/28/2001
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

causing a first device to provide data to a second device; and

causing the second device to cryptographically modify the data and provide the resulting cryptographically modified data to the first device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

First and second computing devices are selectively operatively coupled together. The first device provides data to the second device. The second device can be a portable computing device. The second device is configured to encrypt/decrypt the data, as needed by the first device. The second device maintains the cryptographic key data internally. As such, the first device, which, for example, may be a personal computer will only maintain the returned encrypted data following encryption and only temporarily use any returned decrypted data. Thus, by physically and operatively distributing the cryptographic processing/maintenance between the two devices, additional security is provided for protecting private data.

52 Citations

View as Search Results

43 Claims

1. A method comprising:
- causing a first device to provide data to a second device; and
  
  causing the second device to cryptographically modify the data and provide the resulting cryptographically modified data to the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method as recited in claim 1, wherein causing the second device to cryptographically modify the data includes causing the second device to encrypt the data using at least one cryptographic key.
  - 3. The method as recited in claim 1, wherein causing the second device to cryptographically modify the data includes causing the second device to decrypt the data using at least one cryptographic key.
  - 4. The method as recited in claim 1, wherein causing the second device to cryptographically modify the data and provide the resulting cryptographically modified data to the first device further includes maintaining cryptographic key seed data on the second device and preventing the cryptographic key seed data from being identified by the first device.
  - 5. The method as recited in claim 4, wherein causing the second device to cryptographically modify the data further includes cryptographically processing the cryptographic key seed data and at least one identifying seed data to generate at least one cryptographic key and using the cryptographic key to cryptographically modify the data.
  - 6. The method as recited in claim 5, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the second device to provide at least one user-defined identifying seed data.
  - 7. The method as recited in claim 6, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the second device to provide at least one second device identifying seed data.
  - 8. The method as recited in claim 5, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the first device to provide at least one identifying seed data to the second device.
  - 9. The method as recited in claim 8, wherein causing the first device to provide at least one identifying seed data further includes causing the first device to provide an application identifying seed data to the second device.
  - 10. The method as recited in claim 5, wherein cryptographically processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes hashing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key.
  - 11. The method as recited in claim 5, wherein cryptographically processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes determining the cryptographic key seed data by cryptographically processing at least one random number with at least one second device identifying number to produce a resulting value, locating the resulting value in a file maintained within the second device, wherein the resulting value located within the file is further associated with the cryptographic key seed data.
  - 12. The method as recited in claim 11, wherein cryptographically processing the at least one random number with the at least one second device identifying number to produce the resulting value further includes hashing the at least one random number with the at least one second device identifying number to produce the resulting value.
  - 13. The method as recited in claim 11, wherein locating the resulting value in the file maintained within the second device further includes initially generating the file within the second device.
  - 14. The method as recited in claim 13, wherein initially generating the file within the second device further includes providing at least one decoy entry in the file.
  - 15. The method as recited in claim 14, wherein providing the at least one decoy entry in the file further includes randomly generating the at least one decoy entry.
  - 16. The method as recited in claim 14, wherein providing at least one decoy entry in the file further includes providing a plurality of decoy entries in the file and randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file.
  - 17. The method as recited in claim 16, wherein randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file further includes randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within a registry file.
  - 18. The method as recited in claim 1, wherein causing the first device to provide data to the second device further includes causing the first device to provide private data to the second device.
  - 19. The method as recited in claim 1, further comprising selectively operatively coupling the first device to the second device.

20. A system comprising:
- a first device; and
  
  a second device operatively coupled to the first device, and wherein the first device is configured to output data to the second device and the second device is configured to cryptographically modify the data and output the resulting cryptographically modified data to the first device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 21. The system as recited in claim 20, wherein the second device includes encryption logic that is configured to encrypt the data using at least one cryptographic key.
  - 22. The system as recited in claim 20, wherein the second device includes decryption logic that is configured to decrypt the data using at least one cryptographic key.
  - 23. The system as recited in claim 20, wherein the second device further includes cryptographic key seed data.
  - 24. The system as recited in claim 23, wherein the second device further includes logic that is configured to cryptographically process the cryptographic key seed data and at least one identifying seed data to generate at least one cryptographic key and to use the cryptographic key to cryptographically modify the data.
  - 25. The system as recited in claim 24, wherein the logic is further configured to provide at least one user-defined identifying seed data.
  - 26. The system as recited in claim 25, wherein the logic is further configured to provide at least one second device identifying seed data.
  - 27. The system as recited in claim 24, wherein the first device is further configured to output at least one identifying seed data to the logic in the second device.
  - 28. The system as recited in claim 27, wherein the first device is further configured to output an application identifying seed data to the second device.
  - 29. The system as recited in claim 24, wherein the logic is further configured to hash the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key.
  - 30. The system as recited in claim 24, wherein the second device includes memory operatively coupled to the logic, and wherein the logic is further configured to determine the cryptographic key seed data by cryptographically processing at least one random number with at least one second device identifying number to produce a resulting value, and to locate the resulting value in at least one file maintained within the memory, and wherein the resulting value located within the file is further associated with the cryptographic key seed data.
  - 31. The system as recited in claim 30, wherein the logic is further configured to hash the at least one random number with the at least one second device identifying number to produce the resulting value.
  - 32. The system as recited in claim 30, wherein the logic is further configured to generate the file within the memory.
  - 33. The system as recited in claim 32, wherein the logic is further configured to generate and place at least one decoy entry in the file.
  - 34. The system as recited in claim 33, wherein the logic is further configured to randomly generate the at least one decoy entry.
  - 35. The system as recited in claim 33, wherein the logic is further configured to generate a plurality of decoy entries in the file and randomly arrange the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file.
  - 36. The system as recited in claim 35, wherein the logic is further configured to randomly arrange the plurality of decoy entries, the resulting value and associated cryptographic key seed data within a registry file in the memory.
  - 37. The system as recited in claim 20, wherein the first device is further configured to provide private data to the second device.
  - 38. The system as recited in claim 20, further comprising a coupling mechanism that is configured to selectively operatively couple the first device and the second device together.
  - 39. The system as recited in claim 20, wherein the first device includes a computer.
  - 40. The system as recited in claim 20, wherein the second device includes a portable programmable device.
  - 41. The system as recited in claim 40, wherein the second device includes a portable programmable device selected from a group of portable programmable devices including a personal digital assistant (PDA) device, a Pocket PC device, a Palm Pilot device, a mobile communication device, a mobile telephone device, a paging device, a wearable computing device, a portable computer, and a smart card.

42. An apparatus comprising:
- memory; and
  
  logic operatively coupled to the memory and configurable to receive data from an external source, cryptographically modify the data using at least one internally generated cryptographic key, output the resulting cryptographically modified data without outputting the internally generated cryptographic key.
- View Dependent Claims (43)
- - 43. The apparatus as recited in claim 42, wherein the apparatus includes a portable programmable device selected from a group of portable programmable devices including a personal digital assistant (PDA) device, a Pocket PC device, a Palm Pilot device, a mobile communication device, a mobile telephone device, a paging device, a wearable computing device, a portable computer, and a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garms, Jason, Howard, Michael

Granted Patent

US 7,269,736 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/262
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

Distributed cryptographic methods and arrangements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

43 Claims

Specification

Use Cases

Quick Links

Others

Distributed cryptographic methods and arrangements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

43 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others