System and method for secure storage data using a key
First Claim
Patent Images
1. A method, implemented in a system, the method comprising:
- receiving a block of data, a current operating system identity, and a target operating system identity;
encrypting the block of data using a key;
subsequently receiving a request to decrypt the encrypted block of data; and
returning the encrypted block of data to the requester only if the target operating system identity is equal to an operating system identity when the request to decrypt is received.
2 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
173 Citations
75 Claims
-
1. A method, implemented in a system, the method comprising:
-
receiving a block of data, a current operating system identity, and a target operating system identity;
encrypting the block of data using a key;
subsequently receiving a request to decrypt the encrypted block of data; and
returning the encrypted block of data to the requester only if the target operating system identity is equal to an operating system identity when the request to decrypt is received. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, implemented in a device, the method comprising:
-
receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted; and
encrypting the content using a key. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
receive a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted; and
encrypt the content using a key. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
means for receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted; and
means for encrypting the data structure using a symmetric key of the system. - View Dependent Claims (28, 29)
-
-
30. A method comprising:
-
decrypting a data structure using a key;
obtaining a statement of conditions under which content in the data structure can be decrypted;
testing whether the conditions are satisfied; and
returning the decrypted content only if the conditions are satisfied. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
decrypt a data structure using a key;
obtain a statement of conditions under which content in the data structure can be decrypted;
test whether the conditions are satisfied; and
return the decrypted content only if the conditions are satisfied. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. A system comprising:
-
means for decrypting a data structure using a symmetric key;
means for obtaining a statement of conditions under which content in the data structure can be decrypted;
means for testing whether the conditions are satisfied; and
means for returning the decrypted content only if the conditions are satisfied. - View Dependent Claims (46, 47)
-
-
48. A method, implemented in a device, the method comprising:
-
obtaining a block of data to be encrypted, a current operating system identity, and a target operating system identity; and
invoking a seal operation to have the block of data encrypted by a processor of the device using a symmetric key of the processor. - View Dependent Claims (49)
-
-
50. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
obtain content to be encrypted; and
invoke a seal operation, inputting the content to have the content encrypted using a key so that the content can be decrypted only if a statement of conditions under which the content may be decrypted is satisfied. - View Dependent Claims (51, 52, 53, 54, 55, 56)
-
-
57. A method, implemented in a device, the method comprising:
-
invoking an unseal operation in order to have a data block decrypted using a key; and
receiving, in response to invoking the unseal operation, the decrypted data block only if conditions under which content in the data block can be decrypted are satisfied. - View Dependent Claims (58, 59, 60, 61, 62)
-
-
63. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
invoke an unseal operation in order to have a data block decrypted using a key; and
receive, in response to invoking the unseal operation, the decrypted data block only if conditions under which content in the data block can be decrypted are satisfied. - View Dependent Claims (64, 65, 66, 67, 68)
-
-
69. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
make a seal operation and an unseal operation available for invoking;
wherein the seal operation causes content to be encrypted using a symmetric key along with a statement of the conditions under which it may be decrypted; and
wherein the unseal operation causes the content to be returned to a requester if the conditions are satisfied. - View Dependent Claims (70, 71, 72, 73)
-
-
74. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
receive, upon invocation of a seal operation, content to be encrypted;
encrypt the content using a symmetric key so that the encrypted content can be decrypted only by the one or more processors running a specified operating system. - View Dependent Claims (75)
-
Specification