Creating and Validating Cryptographically Secured Documents

US 20090019548A1
Filed: 07/13/2007
Published: 01/15/2009
Est. Priority Date: 07/13/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions, which when executed perform actions, comprising:

obtaining a key related to creating documents in a first namespace;

creating a document in the first namespace, the document identifying an encrypted field relating to an entity that is authorized to create documents in a second namespace associated with the document; and

using the key to create indicia that indicates that the document was created by an entity having access to the key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the subject matter described herein relate to creating and validating cryptographically secured documents. In aspects, documents are encrypted to protect them from unauthorized access. An entity having namespace ownership rights may create a document in an authorized namespace and sign the document with a private key. Other entities may validate that the document was created by an authorized namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.

34 Citations

View as Search Results

20 Claims

1. A computer-readable medium having computer-executable instructions, which when executed perform actions, comprising:
- obtaining a key related to creating documents in a first namespace;
  
  creating a document in the first namespace, the document identifying an encrypted field relating to an entity that is authorized to create documents in a second namespace associated with the document; and
  
  using the key to create indicia that indicates that the document was created by an entity having access to the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-readable medium of claim 1, wherein obtaining a key related to creating documents in a first namespace comprises creating a private key.
  - 3. The computer-readable medium of claim 2, wherein using the key to create indicia that indicates that the document was created by an entity having access to the key comprises using the private key to create a signature of a hash of at least a portion of security data, the security data including the encrypted field.
  - 4. The computer-readable medium of claim 3, further comprising creating a public key corresponding to the private key and storing the public key in a service that provides access to the public key to entities seeking to validate that the signature was created via the private key.
  - 5. The computer-readable medium of claim 1, wherein obtaining a key related to creating documents in a first namespace comprises obtaining a private key from data pertaining to another document, the data authorizing a set of one or more entity to create documents in the first namespace, the data being encrypted.
  - 6. The computer-readable medium of claim 5, wherein the data pertaining to the other document also pertains to the document such that the data authorizes the set of one or more entities to create documents in the first and second namespaces.
  - 7. The computer-readable medium of claim 5, wherein a different set of one or more entities is authorized to create documents in the second namespace.
  - 8. The computer-readable medium of claim 5, wherein the other document is a parent of the document.
  - 9. The computer-readable medium of claim 1, wherein the key is encrypted and associated with an authorization field, the authorization field being decryptable by the entity.
  - 10. The computer-readable medium of claim 1, further comprising associating the document with security data of a parent document of the document if all entities authorized to create documents in the first namespace are also allowed to create documents in the second namespace.

11. A method implemented at least in part by a computer, the method comprising:
- obtaining a child document that includes a signature of an entity that created the child document, the signature being created with the use of a private key;
  
  obtaining a parent document, the parent document being a parent of the child document, the parent document associated with data that includes a field that authorizes an entity to create children of the parent document, the field being encrypted, the parent document also including a public key corresponding to the private key;
  
  obtaining the public key; and
  
  determining via the public key that the signature of the entity that created the document was created with the use of the private key.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the parent document includes an identifier that identifies the data, the identifier being a hash of at least a portion of the data.
  - 13. The method of claim 11, wherein the child document also includes an identifier that identifies other data that authorizes an entity to create children of the child document, the other data being encrypted, the other data being decryptable by the entity authorized to create children of the child document.
  - 14. The method of claim 11, wherein the child and parent documents each include an indication of a hierarchy associated with the documents.
  - 15. The method of claim 14, wherein the hierarchy indicates that the parent document is a parent of the child document.
  - 16. The method of claim 11, wherein determining via the public key that the signature of the entity that created the document was created with the use of the private key comprises computing a hash of the child document, applying the public key to the signature to obtain bits, and comparing the hash of the child document to the bits.
  - 17. The method of claim 11, wherein the field that authorizes an entity to create children of the parent document includes a key by which the private key is obtained.

18. In a computing environment, an apparatus, comprising:
- a document locator operable to determine a location of a parent document that includes encrypted data, the parent document identifying security data associated with the parent document, the security data including an encrypted field relating to an entity that is authorized to create children documents of the parent document;
  
  a cryptographic component operable to perform cryptographic operations; and
  
  an creating component operable to use the cryptographic component and the encrypted field to create a child document.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18, further comprising a validating component operable to determine whether the child document was created by an authorized entity.
  - 20. The apparatus of claim 18, wherein the encrypted field includes a private key and wherein the creating component is further operable to use the cryptographic component to sign the child document with the private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reid, Colin Wilson

Granted Patent

US 8,887,297 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/3247   involving digital signatures

Creating and Validating Cryptographically Secured Documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Creating and Validating Cryptographically Secured Documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links