Saving and Retrieving Data Based on Symmetric Key Encryption
First Claim
1. A system comprising:
- a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and
allowing access to the root resource only to principals authorized to access the root resource.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
133 Citations
13 Claims
-
1. A system comprising:
-
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and
allowing access to the root resource only to principals authorized to access the root resource. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
a plurality of hierarchical layers including a lowest layer that guards a root resource;
a plurality of guards included in each of the plurality of hierarchical layers, wherein each guard is a service guard or a disclosure guard;
wherein each service guard allows principals in the next higher layer to request operations to be performed with protected data, and wherein the service guard performs the operation only if a condition is satisfied; and
wherein each disclosure guard allows principals in the next higher layer to request protected data to be disclosed to the principals, and wherein the disclosure guard discloses the protected data only if another condition is satisfied. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that, act as principals that request, from the next lower layer, operations to be performed using the root resource, and act as guards to the root resource toward principals in the next higher layer; and
allowing the operations to be performed using the root resource only for principals authorized to access the root resource. - View Dependent Claims (12, 13)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsEngland, Paul, Peinado, Marcus
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/164
-
CPC Class CodesG06F 21/6218 to a system of files or obj...
