Transferring application secrets in a trusted operating system environment

US 7,243,230 B2
Filed: 11/16/2001
Issued: 07/10/2007
Est. Priority Date: 11/16/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a request to transfer application data from a source computing device to a destination computing device;

determining if the requested application data is unconditionally non-migrateable to another computing device, the determination based at least in part on a non-migrateable encryption key stored on the source computing device, and not transferring the requested application data in response to that determination; and

determining if the requested application data is user-migrateable and in response thereto;

receiving input identifying a user-defined passphrase;

identifying an encryption key previously used to encrypt the application data,encrypting the encryption key based at least in part on the user-defined passphrase, andtransferring the encrypted encryption key to be copied to the destination computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

145 Citations

View as Search Results

14 Claims

1. A method comprising:
- receiving a request to transfer application data from a source computing device to a destination computing device;
  
  determining if the requested application data is unconditionally non-migrateable to another computing device, the determination based at least in part on a non-migrateable encryption key stored on the source computing device, and not transferring the requested application data in response to that determination; and
  
  determining if the requested application data is user-migrateable and in response thereto;
  
  receiving input identifying a user-defined passphrase;
  
  identifying an encryption key previously used to encrypt the application data,encrypting the encryption key based at least in part on the user-defined passphrase, andtransferring the encrypted encryption key to be copied to the destination computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, and further comprising transferring the encrypted application data to the destination computing device.
  - 3. A method as recited in claim 1, further comprising:
    - receiving other application data to be stored on the source computing device;
      
      determining if the other application data is non-migrateable and in response to that determination;
      
      encrypting the other application data using a non-migrateable encryption key; and
      
      storing the encrypted other application data on the source computing device.
  - 4. A method as recited in claim 3, further comprising:
    - receiving a request to transfer the other application data from the source computing device to a destination computing device; and
      
      determining that the other application data is non-migrateable and not transferring the other application data in response to that determination.
  - 5. A method as recited in claim 3, further comprising:
    - determining if the other application data is user-migrateable in accordance with a user-defined passphrase and in response to that determination;
      
      encrypting the other application data using an other encryption key; and
      
      storing the encrypted other application data on the source computing device.
  - 6. A method as recited in claim 5, further comprising:
    - receiving a request to transfer the other application data from the source computing device to a destination computing device, the request including the user-defined passphrase;
      
      encrypting the other encryption key using the user-defined passphrase, andtransferring the encrypted other encryption key to the destination computing device.
  - 7. A method as recited in claim 6, and further comprising transferring the encrypted other application data to the destination computing device.

8. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a source computing device, causes the one or more processors to:
- receive a request to transfer application data from a source computing device to a destination computing device;
  
  determine if the requested application data is unconditionally non-migrateable to another computing device, the determination based at least in part on a non-migrateable encryption key stored on the source computing device, and not transfer the requested application data in response to that determination;
  
  receive input identifying a user-defined passphrase;
  
  identify an encryption key previously used to encrypt the application data,encrypt the encryption key based at least in part on the user-defined passphrase, andtransfer the encrypted encryption key to be copied to the destination computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. One or more computer readable media as recited in claim 8, wherein the plurality of instructions further causes the one or more processors to transfer the encrypted application data to the destination computing device.
  - 10. One or more computer readable media as recited in claim 8, wherein the plurality of instructions further causes the one or more processors to:
    - receive other application data to be stored on the source computing device; and
      
      determine if the other application data is non-migrateable and in response to that determination;
      
      encrypt the other application data using a non-migrateable encryption key; and
      
      store the encrypted other application data on the source computing device.
  - 11. One or more computer readable media as recited in claim 10, wherein the plurality of instructions further causes the one or more processors to:
    - receive a request to transfer the other application data from the source computing device to a destination computing device; and
      
      determine that the requested other application data is non-migrateable and not transfer the requested application data in response to that determination.
  - 12. One or more computer readable media as recited in claim 10, wherein the plurality of instructions further causes the one or more processors to:
    - determine if the other application data is user-migrateable in accordance with a user-defined passphrase and in response to that determination;
      
      encrypt the other application data using an other encryption key; and
      
      store the encrypted other application data on the source computing device.
  - 13. One or more computer readable media as recited in claim 12, wherein the plurality of instructions further causes the one or more processors to:
    - receive a request to transfer the other application data from the source computing device to a destination computing device, the request including the user-defined passphrase;
      
      encrypt the other encryption key using the user-defined passphrase, andtransfer the encrypted other encryption key to the destination computing device.
  - 14. One or more computer readable media as recited in claim 13, wherein the plurality of instructions further causes the one or more processors to transfer the encrypted other application data to the destination computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
LEMMA, SAMSON B

Application Number

US09/993,340
Publication Number

US 20030097558A1
Time in Patent Office

2,062 Days
Field of Search

713164-168, 713/2, 713/200, 713/171, 380/201, 380/30, 705/26
US Class Current

713/168
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/606 by securing the transmissio...

Transferring application secrets in a trusted operating system environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Transferring application secrets in a trusted operating system environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others