Fire locker and mechanisms for providing and using same

US 20050257048A1
Filed: 04/23/2004
Published: 11/17/2005
Est. Priority Date: 04/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method of using a file management component to protect a file, the method comprising:

receiving a file from an object;

using a data storage system to seal the file to the file management component, said data storage system being enabled to receive data from a specified category of components and to seal received data to one or more of said components such that the data cannot be unsealed by any component to which the data is not sealed, the file management component being one of said specified category of components;

restricting access to said file based on whether an object that issues a request for the file is authorized to open said file, a determination as to whether said object that issues the request is authorized being made by the file management component which causes the file to be unsealed from said data storage system if said object that issues the request is authorized to open the file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment'"'"'s sealing functionality to seal data items for the file locker'"'"'s exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the requestor'"'"'s trustworthiness, authenticity, and/or identity. The file locker may be used to extend the protected environment'"'"'s sealing functionality to legacy applications, without the legacy applications having to implement agents that can run in the protected environment and access the sealing functionality directly.

Citations

33 Claims

1. A method of using a file management component to protect a file, the method comprising:
- receiving a file from an object;
  
  using a data storage system to seal the file to the file management component, said data storage system being enabled to receive data from a specified category of components and to seal received data to one or more of said components such that the data cannot be unsealed by any component to which the data is not sealed, the file management component being one of said specified category of components;
  
  restricting access to said file based on whether an object that issues a request for the file is authorized to open said file, a determination as to whether said object that issues the request is authorized being made by the file management component which causes the file to be unsealed from said data storage system if said object that issues the request is authorized to open the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - monitoring and/or controlling the behavior of said object during the time that said file is in use by said object.
  - 3. The method of claim 1, wherein said object is associated with an attestation vector that identifies said object, and wherein said act of restricting access is based on a check of said object'"'"'s associated attestation vector.
  - 4. The method of claim 1, wherein said object comprises a program that open said file through a file-opening interface call, and wherein said file-opening interface call has been configured to request said file through said file management component, whereby the use of said file management component is transparent to said object.
  - 5. The method of claim 1, wherein said object comprises a first operating environment in which a program is runnable.
  - 6. The method of claim 1, wherein the method is performed on a computing arrangement that provides two or more operating environments concurrently, a first of the environments being a high-assurance environment that provides a first level of assurance that it will conform to the first environment'"'"'s expected behavior, a second of the environments being a relatively lower-assurance environment that provides a second level of assurance that the second environment will conform to the second environment'"'"'s expected behavior, the second level of assurance being relatively lower than the first level of assurance, wherein the ability to seal data in the data storage facility is a feature of the first environment, wherein the file management component runs in the first environment, and wherein the object runs in the second environment.
  - 7. The method of claim 6, wherein said specified category is limited to components that run in said first environment.
  - 8. The method of claim 1, wherein the object that issues a request for the file is different from the object from which the file was received, the object that issues the request being authorized to open the file.
  - 9. The method of claim 1, wherein the object from which the file was received imposes a rule on the use of the file.
  - 10. The method of claim 9, wherein the rule is at least one of the following:
    - a requirement that all prior versions of the file be logged, whereby prior versions of filed that have been saved in the file locker can be recovered; and
      
      a requirement that the user engage in an input session with the file locker prior to storage of the file by the file locker, the session being performed in a manner that ensures that the user affirmatively express a desire to save the file, and that offers the user a chance to view any changes to the file under circumstances that provide a relatively high degree of assurance that view of the file seen by the user correctly shows the file and any changes that have been made.
  - 11. The method of claim 9, further comprising:
    - storing summary information about the file, wherein the file management components permits access to the summary information under at least one circumstance in which access to the file would be disallowed.

12. A file locker comprising logic that receives a file, causes said file to be sealed to the file locker such that the file is unsealable only by the file locker, receives a request from an object for said file, verifies that said object is entitled to receive said file, and either provides or fails to provide said file to said object according to whether said object is entitled to receive said file.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The file locker of claim 12, wherein said file locker operates on a computing arrangement that provides two or more operating environments, said file locker operating in a first one of said environments.
  - 14. The file locker of claim 13, wherein said object is a second environment.
  - 15. The file locker of claim 13, wherein said object operates in a second of said environments.
  - 16. The file locker of claim 15, wherein said first environment provides a relatively higher level of protection from a threat than said second environment.
  - 17. The file locker of claim 16, wherein a component executes in said first environment that monitors and/or controls the behavior of said object during the time that said file is in use by said object.
  - 18. The file locker of claim 16, wherein there is a cryptographic key that is needed to unseal said file, and wherein said first environment provides a level of assurance that said cryptographic key cannot be used outside of said first environment.
  - 19. The file locker of claim 12, wherein said object is associated with an attestation vector that identifies said object, and wherein said logic validates said attestation vector and denies access to said object if said attestation vector fails to validate.
  - 20. The file locker of claim 12, wherein said object from which said request is received is different from an object from which said file is received, and wherein said object from which said request is received is entitled to receive said file.
  - 21. The file locker of claim 12, wherein said file locker logs all versions of said file that have been received or stored by said file locker.
  - 22. The file locker of claim 12, wherein said file locker engages in an interactive session with a user at the time that said file is received, said session requesting that the user affirm a desire to store a current version of said file, said session comprising a communication between said file locker and said user that takes place under circumstances that provide a relatively high level of assurance that the communication between said file locker and said user is uncompromised.

23. A computer-readable medium encoded with computer-executable instructions to perform a method comprising:
- receiving a file at a file management component;
  
  sealing the file to said file management component;
  
  receiving, from a requester, a request for said file;
  
  verifying that said requestor is entitled to receive said file;
  
  if said requestor is entitled to receive said file then unsealing said file and providing said file to said requestor, and otherwise not unsealing said file and not providing said file to said requestor.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The computer-readable medium of claim 23, further comprising:
    - protecting said file from being accessed except when a request from said requester is received and said requestor is verified to be entitled to receive said file.
  - 25. The computer-readable medium of claim 23, wherein said file is received at said file management component from said requestor.
  - 26. The computer-readable medium of claim 23, wherein said requestor is a software object that generates or manipulates said file.
  - 27. The computer-readable medium of claim 26, wherein said requester provides said file to said file management component through an interface that makes the existence of, or use of, said file management component transparent to said requestor.
  - 28. The computer-readable medium of claim 26, wherein said file management component operates in a first environment, wherein said requestor operates in a second environment, and wherein said first environment provides a relatively higher level of isolation, or protection from a defined set of threats, than said second environment.
  - 29. The computer-readable medium of claim 28, wherein said file management component seals said file to said file management component by using a data storage facility that is available to entities that operate in said first environment and not to entities that operate in any environment other than said first environment.
  - 30. The computer-readable medium of claim 28, wherein said method further comprises:
    - using a component in said first environment to monitor and/or control a behavior of said requester while said file is in use by said requester, whereby said file is protected from misuse during the time that said file is unsealed.
  - 31. The computer-readable medium of claim 23, further comprising:
    - imposing a rule on the use of said file, said rule comprising at least one of the following;
      
      a requirement that every version of the file be logged prior to saving a new version of the file in the file management component, whereby a prior version of the file can be retrieved; and
      
      a requirement that said file management component and a user engage in a communication prior to saving a new version of the file in the file management component, wherein the communication takes place under circumstances that provide a relatively high degree of assurance that said communication is not being compromised.
  - 32. The computer-readable medium of claim 31, wherein said communication comprises displaying to the user a new version of said file that is about to be saved in said file management component, and asking the user to confirm that the new version is acceptable to the user.
  - 33. The computer-readable medium of claim 23, further comprising:
    - verifying that said file conforms to a pre-determined standard prior to saving said file in said file management component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Willman, Bryan Mark

Granted Patent

US 7,330,981 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Fire locker and mechanisms for providing and using same

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Fire locker and mechanisms for providing and using same

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links