CRYPTOGRAPHIC KEY CONTAINERS ON A USB TOKEN

US 20080181412A1
Filed: 01/26/2007
Published: 07/31/2008
Est. Priority Date: 01/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method for accessing a cryptographic key, the method comprising:

receiving, by a processor, an indication to access a cryptographic key;

searching for a universal serial bus (USB) compatible storage device; and

if a USB compatible storage device is found, accessing the cryptographic key on the USB compatible storage device, wherein accessing comprises at least one of storing and retrieving.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Universal Serial Bus (USB) compatible storage device is utilized as a security token for storage of cryptographic keys. A cryptographic subsystem of a processor accesses cryptographic keys in containers on the USB compatible storage device. Accessing includes storing and/or retrieving. The processor does not include an infrastructure dedicated to the USB compatible storage device. Cryptographic key storage is redirected from an in-processor container to the USB compatible storage device. No password or PIN is required to access the cryptographic keys, yet enhanced security is provided. Utilizing a USB compatible storage device for a cryptographic key container provides a convenient, portable, mechanism for carrying the cryptographic key, and additional security is provided via physical possession of the device.

48 Citations

View as Search Results

20 Claims

1. A method for accessing a cryptographic key, the method comprising:
- receiving, by a processor, an indication to access a cryptographic key;
  
  searching for a universal serial bus (USB) compatible storage device; and
  
  if a USB compatible storage device is found, accessing the cryptographic key on the USB compatible storage device, wherein accessing comprises at least one of storing and retrieving.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1, further comprising:
    - if no USB compatible storage device is found, accessing the cryptographic key in a memory of the processor.
  - 3. A method in accordance with claim 1, further comprising:
    - if no USB compatible storage device is found;
      
      rendering a prompt to provide a USB compatible storage device;
      
      determining if a USB compatible storage has been provided;
      
      if a USB compatible storage has been provided, accessing the cryptographic key on the provided USB compatible storage device; and
      
      if no USB compatible storage device has been provided, accessing the cryptographic key in a memory of the processor.
  - 4. A method in accordance with claim 1, wherein the cryptographic key is isolated in a protected execution environment of the processor.
  - 5. A method in accordance with claim 1, wherein the USB compatible storage device comprises a portable device.
  - 6. A method in accordance with claim 1, wherein no infrastructure dedicated to the USB compatible storage device is implemented on the processor.
  - 7. A method in accordance with claim 1, wherein the cryptographic key is accessed via a cryptographic programming interface.

8. A system for implementing a cryptographic key on a universal serial bus (USB) compatible storage device, the system comprising:
- an input/output portion configured to;
  
  receive an indication to access a cryptographic key; and
  
  a processing portion configured to;
  
  search and index for an indication of the USB compatible storage device; and
  
  if an indication of the USB compatible storage device is found, access, via a cryptographic programming interface, the cryptographic key on the USB compatible storage device, wherein accessing comprises at least one of storing and retrieving.
- View Dependent Claims (9, 10, 11, 12, 13, 15)
- - 9. A system in accordance with claim 8, further comprising a memory portion, wherein:
    - if no indication of the USB compatible storage device is found, access, via the cryptographic programming interface, the cryptographic key in the memory portion.
  - 10. A system in accordance with claim 8, further comprising a memory portion, the processing portion further configured to:
    - if no indication of the USB compatible storage device is found;
      
      render a prompt to provide a USB compatible storage device;
      
      determine if a USB compatible storage has been provided;
      
      if a USB compatible storage has been provided, access, via the cryptographic programming interface, the cryptographic key on the provided USB compatible storage device; and
      
      if no USB compatible storage device has been provided, access, via the cryptographic programming interface, the cryptographic key in the memory portion.
  - 11. A system in accordance with claim 8, wherein the cryptographic key is isolated in a protected execution environment of the system.
  - 12. A system in accordance with claim 8, wherein the USB compatible storage device comprises a portable device.
  - 13. A system in accordance with claim 8, wherein the system comprises no infrastructure dedicated to the USB compatible storage device.
  - 15. A computer-readable medium in accordance with claim 13, the computer-executable instructions further for accessing the cryptographic key via a cryptographic programming interface.

14. A computer-readable medium having stored thereon computer-executable instructions for accessing a cryptographic key on a universal serial bus (USB) compatible storage device by performing the steps of:
- receiving, by a processor, an indication to access a cryptographic key;
  
  searching for a USB compatible storage device; and
  
  if a USB compatible storage device is found, accessing the cryptographic key on the USB compatible storage device, wherein accessing comprises at least one of storing and retrieving.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A computer-readable medium in accordance with claim 14, the computer-executable instructions further for:
    - if no USB compatible storage device is found, accessing the cryptographic key in a memory of the processor.
  - 17. A computer-readable medium in accordance with claim 14, the computer-executable instructions further for:
    - if no USB compatible storage device is found;
      
      rendering a prompt to provide a USB compatible storage device;
      
      determining if a USB compatible storage has been provided;
      
      if a USB compatible storage has been provided, accessing the cryptographic key on the provided USB compatible storage device; and
      
      if no USB compatible storage device has been provided, accessing the cryptographic key in a memory of the processor.
  - 18. A computer-readable medium in accordance with claim 14, wherein the cryptographic key is isolated in a protected execution environment of the processor.
  - 19. A computer-readable medium in accordance with claim 14, wherein the USB compatible storage device comprises a portable device.
  - 20. A computer-readable medium in accordance with claim 14, wherein no infrastructure dedicated to the USB compatible storage device is implemented on the processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ellison, Carl M., Acar, Tolga

Granted Patent

US 8,588,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/79   in semiconductor storage me...

H04L 9/0897   involving additional device...

CRYPTOGRAPHIC KEY CONTAINERS ON A USB TOKEN

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

CRYPTOGRAPHIC KEY CONTAINERS ON A USB TOKEN

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others