System and method for secure storage of data using a key

US 20050289067A1
Filed: 08/19/2005
Published: 12/29/2005
Est. Priority Date: 10/26/1998
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted; and

encrypting the content using a key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.

Citations

15 Claims

1. A method comprising:
- receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted; and
  
  encrypting the content using a key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, wherein the key comprises a symmetric key.
  - 3. A method as recited in claim 1, wherein the key comprises a symmetric key of a processor of the device.
  - 4. A method as recited in claim 1, wherein the operating system identity is maintained in a software identity register (SIR).
  - 5. A method as recited in claim 1, wherein the operating system identity is identified in a signed certificate from an operating system vendor.
  - 6. A method as recited in claim 1, wherein the operating system identity is for an operating system that is different than an operating system executing when the content to be encrypted is received.
  - 7. A method as recited in claim 1, wherein encrypting the content comprises encrypting the data structure.

8. A system comprising:
- means for obtaining a block of data to be encrypted, a current operating system identity, and a target operating system identity; and
  
  means for invoking a seal operation to have the block of data encrypted by a processor of the system using a symmetric key of the processor.
- View Dependent Claims (9)
- - 9. A system as recited in claim 8, further comprising means for invoking the seal operation so that only an operating system having the target operating system identity can decrypt the encrypted block of data.

10. A system comprising:
- means for invoking an unseal operation in order to have a data block decrypted using a key; and
  
  means for receiving, in response to invoking the unseal operation, the decrypted data block only if conditions under which content in the data block can be decrypted are satisfied.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A system as recited in claim 10, wherein the key comprises a symmetric key.
  - 12. A system as recited in claim 10, wherein the key comprises a symmetric key of a processor of the device.
  - 13. A system as recited in claim 10, wherein the conditions comprise an operating system identity that an operating system invoking the unseal operation must have in order for the content to be decrypted.
  - 14. A system as recited in claim 13, wherein the operating system identity of the operating system invoking the unseal operation is different than an operating system identity of an operating system that previously had the data block encrypted.
  - 15. A system as recited in claim 10, further comprising means for receiving, in response to invoking the unseal operation, an error indication if the conditions are not satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
De Treville, John D., England, Paul, Lampson, Butler W.

Application Number

US11/207,917
Publication Number

US 20050289067A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/575   Secure boot

G06F 2221/2113   Multi-level security, e.g. ...

G06F 9/4406   Loading of operating system

G06F 9/468   Specific access rights for ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/166   at the transport layer

System and method for secure storage of data using a key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure storage of data using a key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links