Saving and Retrieving Data Based on Public Key Encryption
First Claim
1. One or more computer readable media having stored thereon a plurality of instructions to implement a GenBoundKey operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
- generate a data structure for a new bound key that is to be bound to the one or more processors, wherein the new bound key includes data that allows a private key of a public/private key pair to be recovered from the data structure; and
cryptographically protect the data structure.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.
118 Citations
18 Claims
-
1. One or more computer readable media having stored thereon a plurality of instructions to implement a GenBoundKey operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
-
generate a data structure for a new bound key that is to be bound to the one or more processors, wherein the new bound key includes data that allows a private key of a public/private key pair to be recovered from the data structure; and
cryptographically protect the data structure. - View Dependent Claims (2)
-
-
3. One or more computer readable media having stored thereon a plurality of instructions to implement a BoundKeyMigrate operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
-
receive, as an input, a bound key, wherein the bound key is bound to a program;
verify that a usage condition associated with the key can be changed by the program; and
change the usage condition if the verification is successful. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more computer readable media having stored thereon a plurality of instructions to implement a BoundKeyExport operation, wherein the plurality of instructions, when executed by a processor of a computing device, causes the processor to:
-
receive, as an input, a bound key, wherein the bound key is bound to a guard;
verify that the key can be re-bound to a different guard; and
re-bind the key to the different guard if the verification is successful. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsEngland, Paul, Peinado, Marcus
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/167
-
CPC Class CodesG06F 21/6218 to a system of files or obj...
