Deriving a symmetric key from an asymmetric key for file encryption or decryption

US 20040146015A1
Filed: 01/27/2003
Published: 07/29/2004
Est. Priority Date: 01/27/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing a private key of an asymmetric key pair in a key device;

deriving a symmetric master key from the private key of the asymmetric key pair; and

storing the symmetric master key in a computer memory location, wherein files can be encrypted or decrypted in response to the symmetric master key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.

Citations

42 Claims

1. A method comprising:
- accessing a private key of an asymmetric key pair in a key device;
  
  deriving a symmetric master key from the private key of the asymmetric key pair; and
  
  storing the symmetric master key in a computer memory location, wherein files can be encrypted or decrypted in response to the symmetric master key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein a handle allows an operating system to identify a key on a key device.
  - 3. The method of claim 1, wherein the symmetric master key is used to encrypt or decrypt a file encryption key, and wherein the file encryption key is used to encrypt or decrypt the file.
  - 4. The method of claim 3, wherein a single sign-on process is used to derive the symmetric master key from the private key of the asymmetric key pair.
  - 5. The method of claim 4, wherein the single sign-on process allows a user to encrypt or decrypt a file encryption key, wherein the files are encrypted or decrypted with the file encryption key.
  - 6. The method of claim 4, wherein the single sign-on process is used to encrypt or decrypt files based on a symmetric master key.
  - 7. The method of claim 1, wherein encrypting or decrypting files based on the symmetric master key reduces the number of times that the key device is accessed to obtain the private key of the asymmetric key pair.
  - 8. The method of claim 1, wherein encrypting or decrypting files based on the symmetric master key improves the file encryption or decryption performance of an encrypting file system which provides the private key of the asymmetric key pair.
  - 9. The method of claim 1, wherein the method is run on a general purpose computer, wherein a file is encrypted or decrypted based on the symmetric master key within the general-purpose computer even though the key device is disconnected from the general purpose computer.
  - 10. The method of claim 1, wherein the method is performed within an encrypting file system (EFS).
  - 11. The method of claim 10, wherein the EFS includes a cryptographic service provider (CSP).
  - 12. The method of claim 1, wherein the symmetric master key in a computer memory location includes a first symmetric master key and a second symmetric master key, the first symmetric master key is associated with a first application program to operate under a first security profile, and the second symmetric master key is associated with the second application program to operate under a second security profile.
  - 13. The method of claim 12, wherein the first security profile differs from the second security profile.
  - 14. The method of claim 1, wherein the symmetric master key is associated with a distinct application program.
  - 15. The method of claim 1, wherein the symmetric master key is stored in a symmetric master key cache in the computer memory.
  - 16. The method of claim 1, wherein the symmetric master key is derived from the private key of the asymmetric key pair using a symmetric master key algorithm.
  - 17. The method of claim 1, wherein the symmetric master key encrypts or decrypts files using an cryptographic algorithm.

18. A computer readable medium having computer executable instructions for performing steps comprising:
- providing a private key of the asymmetric key pair in a key device;
  
  deriving a symmetric master key from the private key of the asymmetric key pair using a hash function; and
  
  storing the symmetric master key in a computer memory location that encrypts or decrypts a file encryption key, wherein the file encryption key can encrypt or decrypt files.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The method of claim 18, wherein even if a user deactivates the key device, the user can still can encrypt or decrypt the files.
  - 20. The method of claim 19, wherein a single sign-on process is used to derive the symmetric master key from the private key of the asymmetric key pair.
  - 21. The method of claim 20, wherein the single sign-on process allows a user to encrypt or decrypt files in response to the file encryption key, wherein the file encryption key can be encrypted or decrypted using the symmetric master key.
  - 22. The method of claim 21, wherein the user can access a process that encrypts or decrypts the file encryption key using the single sign-on process on a remote computer that is remote from the computer that is used to derive the symmetric master key from the private key of the asymmetric key pair.
  - 23. The method of claim 18, wherein encrypting or decrypting files using the symmetric master key reduces the number of times that the key device is accessed to obtain the private key of the asymmetric key pair.
  - 24. The method of claim 18, wherein encrypting or decrypting the file encryption key using the symmetric master key improves the file encryption or decryption performance of an encrypting file system which provides a private key of an asymmetric key pair in a key device.
  - 25. The method of claim 18, wherein the method is run on a general purpose computer, wherein the symmetric master key continues to encrypt or decrypt the file encryption key within the general-purpose computer even though the key device is disconnected from the general purpose computer.
  - 26. The method of claim 18, wherein the method is performed within an encrypting file system (EFS).
  - 27. The method of claim 26, wherein the EFS includes a digital rights management system.

28. An apparatus comprising:
- a signature memory space;
  
  a signature device that signs the data with the signature; and
  
  a symmetric master key device for creating the symmetric master key using prescribed bits of the signature.

29. A method comprising:
- accessing a known string;
  
  deriving a symmetric master key from the known string; and
  
  storing the symmetric master key in a computer memory location, wherein files can be encrypted or decrypted using the symmetric master key.
- View Dependent Claims (30, 31, 32)
- - 30. The method of claim 29, wherein the known string includes the private key of the asymmetric key pair.
  - 31. The method of claim 29, wherein the known string includes a file encryption key.
  - 32. The method of claim 29, wherein a general purpose computer can derive the symmetric key.

33. A file sharing method, comprising:
- a first user encrypting or decrypting a file based on a file encryption key, wherein the file encrypting key is encrypted or decrypted based on a symmetric master key model;
  
  the first user requesting to add a second user to the file;
  
  the first user adding a second user by obtaining the second user'"'"'s public key, and then encrypting of decrypting the file encryption key using the second users public key.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
- - 34. The file sharing method of claim 33, wherein following the first user adding the second user, the second user can thereupon access the file.
  - 35. The file sharing method of claim 34, wherein the second user is able to decrypt the (FEK) using the second user'"'"'s private key.
  - 36. The file sharing method of claim 34, wherein the second user derives the symmetric master key using the second user'"'"'s private key.
  - 37. The file sharing method of claim 34, further comprising updating the file using the symmetric master key.
  - 38. The file sharing method of claim 34, wherein the second user'"'"'s public key can be obtained from a directory.
  - 39. The file sharing method of claim 34, wherein the second user'"'"'s public key can be obtained from an operating system.
  - 40. The file sharing method of claim 34, wherein the second user'"'"'s public key can be obtained from the file system.
  - 41. The file sharing method of claim 34, wherein the second user'"'"'s public key can be obtained from a digital certificate.

42. One or more electronically-accessible media comprising electronically-executable instructions that, when executed, direct an electronic device to perform actions comprising deriving, from a private key of an asymmetric key pair, a symmetric key to be used for file encryption or decryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leach, Paul J., Jones, Thomas C., Benaloh, Josh D., Gu, Jianrong, Cross, David B., Pittaway, Glenn D.

Granted Patent

US 7,181,016 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/328
CPC Class Codes

G06Q 20/3829   involving key management

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links