Saving and Retrieving Data Based on Symmetric Key Encryption

US 20070086588A1
Filed: 11/08/2006
Published: 04/19/2007
Est. Priority Date: 04/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method, implemented in a computing device, the method comprising:

receiving data from a calling program; and

generating, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

117 Citations

View as Search Results

18 Claims

1. A method, implemented in a computing device, the method comprising:
- receiving data from a calling program; and
  
  generating, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1, wherein the one or more target 11 programs are identified by the calling program.
  - 3. A method as recited in claim 1, further comprising returning the ciphertext to the calling program.
  - 4. A method as recited in claim 1, wherein the data comprises a cryptographic key.
  - 5. A method as recited in claim 1, wherein the one or more target programs comprises a plurality of target programs.
  - 6. A method as recited in claim 1, wherein each of the one or more target programs is identified by a digest value generated by applying a cryptographic hash function to the target program.
  - 7. A method as recited in claim 1, wherein the one or more target programs comprises the calling program.
  - 8. A method as recited in claim 1, wherein receiving the data comprises receiving the data as part of a Seal operation.
  - 9. A method as recited in claim 1, wherein generating the ciphertext comprises:
    - generating an identifier of the calling program;
      
      generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and
      
      encrypting the bit string to generate ciphertext.
  - 10. A method as recited in claim 1, wherein generating the ciphertext comprises:
    - generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and
      
      encrypting the bit string.
  - 11. A method as recited in claim 9, wherein encrypting the bit string comprises using a symmetric key and a symmetric cipher to encrypt the bit string.
  - 12. A method as recited in claim 9, further comprising:
    - generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and
      
      returning the ciphertext and the MAC value to the calling program.
  - 13. A method as recited in claim 9, further comprising:
    - generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and
      
      wherein encrypting the bit string comprises including the MAC value in the bit string prior to encrypting the bit string.
  - 14. A method as recited in claim 9, further comprising:
    - generating a message authentication code (MAC) value for the ciphertext by applying a message authentication code (MAC) to the ciphertext; and
      
      returning the ciphertext and the MAC value to the calling program.
  - 15. A method as recited in claim 9, wherein the identifier of the calling program comprises a digest value generated by applying a cryptographic hash function to the calling program.
  - 16. A method as recited in claim 9, wherein the combination of the data, the identifier of the calling program, and identifiers of the one or more target programs comprises a concatenation of the data, the identifier of the calling program, and identifiers of the one or more target programs.

17. A system comprising:
- means for receiving data from a calling program; and
  
  means for using a symmetric key to generate ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.

18. A method, implemented in a computing device, the method comprising:
- receiving, from a calling program, a request to generate and seal data;
  
  generating a random value to use as the data; and
  
  generating ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus

Granted Patent

US 7,752,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Saving and Retrieving Data Based on Symmetric Key Encryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Saving and Retrieving Data Based on Symmetric Key Encryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links