Transferring application secrets in a trusted operating system environment
First Claim
1. A method, implemented on a computing device, the method comprising:
- generating a gatekeeper storage key;
sealing the gatekeeper storage key to a trusted core executing on the computing device;
receiving a request to store an application secret;
receiving a type of the application secret;
selecting an appropriate hive key based at least in part on the type of the application secret;
encrypting the application secret using the hive key; and
encrypting the hive key using the gatekeeper storage key.
1 Assignment
0 Petitions
Accused Products
Abstract
Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
28 Citations
19 Claims
-
1. A method, implemented on a computing device, the method comprising:
-
generating a gatekeeper storage key;
sealing the gatekeeper storage key to a trusted core executing on the computing device;
receiving a request to store an application secret;
receiving a type of the application secret;
selecting an appropriate hive key based at least in part on the type of the application secret;
encrypting the application secret using the hive key; and
encrypting the hive key using the gatekeeper storage key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
-
receive application data to be encrypted and stored;
identify how the application data is to be allowed to be transferred to another computing device if a request to transfer the application data is received; and
select a particular one of a plurality of encryption keys to encrypt the application data, wherein the selecting is based at least in part on how the application data is to be allowed to be transferred to another computing device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a processor; and
a memory, coupled to the processor, to store a plurality of instructions that, when executed by the processor, causes the processor to, receive an application secret to be securely stored, identify a secret type that indicates how the application secret is to be allowed to be transferred to another system if a request to transfer the application secret is received, and select a particular one of a plurality of encryption keys to encrypt the application secret, wherein the selecting is based at least in part on the secret type. - View Dependent Claims (16, 17, 18, 19)
-
Specification