Deriving a symmetric key from an asymmetric key for file encryption or decryption

US 7,181,016 B2
Filed: 01/27/2003
Issued: 02/20/2007
Est. Priority Date: 01/27/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

accessing a private key of an asymmetric key pair in a key device;

deriving a symmetric master key from the private key of the asymmetric key pair using a single sign-on process, the single sign-on process allowing a user to encrypt or decrypt files in response to a file encryption key, the file encryption key being encrypted or decrypted using the symmetric master key;

storing the symmetric master key in a computer memory location, wherein the files can be encrypted or decrypted in response to the symmetric master key even if the user deactivates the key device;

deactivating the key device; and

following the deactivation of the key device, accessing a process that encrypts or decrypts the file encryption key using the previously stored symmetric master key, wherein accessing the process uses the single sign-on process on a remote computer that is remote from a computer that is used to derive the symmetric master key from the private key of the asymmetric key pair.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.

Citations

19 Claims

1. A method comprising:
- accessing a private key of an asymmetric key pair in a key device;
  
  deriving a symmetric master key from the private key of the asymmetric key pair using a single sign-on process, the single sign-on process allowing a user to encrypt or decrypt files in response to a file encryption key, the file encryption key being encrypted or decrypted using the symmetric master key;
  
  storing the symmetric master key in a computer memory location, wherein the files can be encrypted or decrypted in response to the symmetric master key even if the user deactivates the key device;
  
  deactivating the key device; and
  
  following the deactivation of the key device, accessing a process that encrypts or decrypts the file encryption key using the previously stored symmetric master key, wherein accessing the process uses the single sign-on process on a remote computer that is remote from a computer that is used to derive the symmetric master key from the private key of the asymmetric key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein a handle allows an operating system to identify a key on the key device.
  - 3. The method of claim 1, wherein encrypting or decrypting files based on the symmetric master key reduces a number of times that the key device is accessed to obtain the private key of the asymmetric key pair.
  - 4. The method of claim 1, wherein encrypting or decrypting files based on the symmetric master key improves the file encryption or decryption performance of an encrypting file system which provides the private key of the asymmetric key pair.
  - 5. The method of claim 1, wherein the method is run on a general purpose computer, wherein a file is encrypted or decrypted based on the symmetric master key within the general-purpose computer even though the key device is disconnected from the general purpose computer.
  - 6. The method of claim 1, wherein the method is performed within an encrypting file system (BES).
  - 7. The method of claim 6, wherein the EFS includes a cryptographic service provider (CSP).
  - 8. The method of claim 1, wherein the symmetric master key in a computer memory location includes a first symmetric master key and a second symmetric master key, the first symmetric master key is associated with a first application program to operate under a first security profile, and the second symmetric master key is associated with the second application program to operate under a second security profile.
  - 9. The method of claim 8, wherein the first security profile differs from the second security profile.
  - 10. The method of claim 1, wherein the symmetric master key is associated with a distinct application program.
  - 11. The method of claim 1, wherein the symmetric master key is stored in a symmetric master key cache in the computer memory.
  - 12. The method of claim 1, wherein the symmetric master key is derived from the private key of the asymmetric key pair using a symmetric master key algorithm.
  - 13. The method of claim 1, wherein the symmetric master key encrypts or decrypts files using an cryptographic algorithm.

14. A computer readable storage medium having computer executable instructions for performing steps comprising:
- providing a private key of the asymmetric key pair in a key device;
  
  deriving a symmetric master key from the private key of the asymmetric key pair using a hash function, wherein the deriving act uses a single sign-on process, the single sign-on process allowing a user to encrypt or decrypt files in response to a file encryption key, the file encryption key being encrypted or decrypted using the symmetric master key;
  
  storing the symmetric master key in a computer memory location that encrypts or decrypts the file encryption key, wherein the file encryption key can encrypt or decrypt the files even if the user deactivates the key device;
  
  deactivating the key device; and
  
  following the deactivation of the key device, accessing a process that encrypts or decrypts the file encryption key using the previously stored symmetric master key, wherein accessing the process uses the single sign-on process on a remote computer that is remote from a computer that is used to derive the symmetric master key from the private key of the asymmetric key pair.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer readable storage medium of claim 14, wherein encrypting or decrypting files using the symmetric master key reduces a number of times that the key device is accessed to obtain the private key of the asymmetric key pair.
  - 16. The computer readable storage medium of claim 14, wherein encrypting or decrypting the file encryption key using the symmetric master key improves the file encryption or decryption performance of an encrypting file system which provides a private key of an asymmetric key pair in the key device.
  - 17. The computer readable storage medium of claim 14, wherein the method is run on a general purpose computer, wherein the symmetric master key continues to encrypt or decrypt the file encryption key within the general-purpose computer even though the key device is disconnected from the general purpose computer.
  - 18. The computer readable storage medium of claim 14, wherein the method is performed within an encrypting file system (EFS).
  - 19. The computer readable storage medium of claim 18, wherein the EFS includes a digital rights management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Leach, Paul J., Jones, Thomas C., Benaloh, Josh D., Gu, Jianrong, Cross, David B., Pittaway, Glenn D.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US10/351,683
Publication Number

US 20040146015A1
Time in Patent Office

1,485 Days
Field of Search

380/279, 380/281, 380/277
US Class Current

380/281
CPC Class Codes

G06Q 20/3829   involving key management

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links