Distributed cryptographic methods and arrangements

US 7,269,736 B2
Filed: 02/28/2001
Issued: 09/11/2007
Est. Priority Date: 02/28/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

causing a first computing device to provide data to a physically distinct, portable computing device; and

causing the portable computing device to cryptographically modify the data and provide the resulting cryptographically modified data to the first computing device, wherein the first computing device does not cryptographically modify the data and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising;

generating a first hash value using a random value and a portable computing system identifier;

using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and

generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

First and second computing devices are selectively operatively coupled together. The first device provides data to the second device. The second device can be a portable computing device. The second device is configured to encrypt/decrypt the data, as needed by the first device. The second device maintains the cryptographic key data internally. As such, the first device, which, for example, may be a personal computer will only maintain the returned encrypted data following encryption and only temporarily use any returned decrypted data. Thus, by physically and operatively distributing the cryptographic processing/maintenance between the two devices, additional security is provided for protecting private data.

Citations

41 Claims

1. A method comprising:
- causing a first computing device to provide data to a physically distinct, portable computing device; and
  
  causing the portable computing device to cryptographically modify the data and provide the resulting cryptographically modified data to the first computing device, wherein the first computing device does not cryptographically modify the data and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising;
  
  generating a first hash value using a random value and a portable computing system identifier;
  
  using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and
  
  generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as recited in claim 1, wherein causing the portable computing device to cryptographically modify the data includes causing the portable computing device to decrypt the data using at least one cryptographic key.
  - 3. The method as recited in claim 1, wherein causing the portable computing device to cryptographically modify the data and provide the resulting cryptographically modified data to the first computing device further includes maintaining cryptographic key seed data on the portable computing device and preventing the cryptographic key seed data from being identified by the first computing device.
  - 4. The method as recited in claim 3, wherein causing the portable computing device to cryptographically modify the data further includes cryptographically processing the cryptographic key seed data and at least one identifying seed data to generate at least one cryptographic key and using the cryptographic key to cryptographically modify the data.
  - 5. The method as recited in claim 4, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the portable computing device to provide at least one user-defined identifying seed data.
  - 6. The method as recited in claim 5, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the portable computing device to provide at least one portable computing device identifying seed data.
  - 7. The method as recited in claim 4, wherein processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes causing the first computing device to provide at least one identifying seed data to the portable computing device.
  - 8. The method as recited in claim 7, wherein causing the first computing device to provide at least one identifying seed data further includes causing the first computing device to provide an application identifying seed data to the portable computing device.
  - 9. The method as recited in claim 4, wherein cryptographicafly processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes hashing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key.
  - 10. The method as recited in claim 4, wherein cryptographically processing the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key further includes determining the cryptographic key seed data by cryptographically processing at least one random number with at least one second device identifying number to produce a resulting value, locating the resulting value in a file maintained within the portable computing device, wherein the resulting value located within the file is farther associated with the cryptographic key seed data.
  - 11. The method as recited in claim 10, wherein cryptographically processing the at least one random number with the at least one portable computing device identifying number to produce the resulting value further includes hashing the at least one random number with the at least one portable computing device identifying number to produce the resulting value.
  - 12. The method as recited in claim 10, wherein locating the resulting value in the file maintained within the portable computing device further includes initially generating the file within the portable computing device.
  - 13. The method as recited in claim 12, wherein initially generating the file within the portable computing device further includes providing at least one decoy entry in the file.
  - 14. The method as recited in claim 13, wherein providing the at least one decoy entries in the file further includes randomly generating the at least one decoy entry.
  - 15. The method as recited in claim 13, wherein providing at least one decoy entry in the file further includes providing a plurality of decoy entries in the file and randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file.
  - 16. The method as recited in claim 15, wherein randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file farther includes randomly arranging the plurality of decoy entries, the resulting value and associated cryptographic key seed data within a registry file.
  - 17. The method as recited in claim 1, wherein causing the first computing device to provide data to the portable computing device further includes causing the first computing device to provide private data to the portable computing device.
  - 18. The method as recited in claim 1, further comprising selectively operatively coupling the first computing device to the portable computing device.

19. A system comprising:
- a first computing system; and
  
  a physically distinct portable computing system operatively coupled to the first computing system, and wherein the first computing system is configured to output data to the portable computing system and the portable computing system is configured to cryptographically modify the data and output the resulting cryptographically modified data to the first computing system, and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising;
  
  generating a first hash value using a random value and a portable computing system identifier;
  
  using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and
  
  generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 20. The system as recited in claim 19, wherein the portable computing system comprises decryption logic that is configured to decrypt the data using at least one cryptographic key.
  - 21. The system as recited in claim 19, wherein the portable computing system further comprises cryptographic key seed data.
  - 22. The system as recited in claim 21, wherein the portable computing system further comprises logic that is configured to cryptographically process the cryptographic key seed data and at least one identifying seed data to generate at least one cryptographic key and to use the cryptographic key to cryptographically modify the data.
  - 23. The system as recited in claim 22, wherein the logic is further configured to provide at least one user-defined identifying seed data.
  - 24. The system as recited in claim 23, wherein the logic is further configured to provide at least one portable computing system identifying seed data.
  - 25. The system as recited in claim 22, wherein the first computing system is further configured to output at least one identifying seed data to the logic in the portable computing system.
  - 26. The system as recited in claim 25, wherein the first computing system is further configured to output an application identifying seed data to the portable computing system.
  - 27. The system as recited in claim 22, wherein the logic is further configured to hash the cryptographic key seed data and the at least one identifying seed data to generate the at least one cryptographic key.
  - 28. The system as recited in claim 22, wherein the portable computing system comprises memory operatively coupled to the logic, and wherein the logic is further configured to determine the cryptographic key seed data by cryptographically processing at least one random number with at least one portable computing system identifying number to produce a resulting value, and to locate the resulting value in at least one file maintained within the memory, and wherein the resulting value located within the file is further associated with the cryptographic key seed data.
  - 29. The system as recited in claim 28, wherein the logic is further configured to hash the at least one random number with the at Least one portable computing system identifying number to produce the resulting value.
  - 30. The system as recited in claim 28, wherein the logic is further configured to generate the file within the memory.
  - 31. The system as recited in claim 30, wherein the logic is further configured to generate and place at least one decoy entry in the file.
  - 32. The system as recited in claim 31, wherein the logic is further configured to randomly generate the at least one decoy entry.
  - 33. The system as recited in claim 31, wherein the logic is further configured to generate a plurality of decoy entries in the file and randomly arrange the plurality of decoy entries, the resulting value and associated cryptographic key seed data within the file.
  - 34. The system as recited in claim 33, wherein the logic is further configured to randomly arrange the plurality of decoy entries, the resulting value and associated cryptographic key seed data within a registry file in the memory.
  - 35. The system as recited in claim 19, wherein the first computing system is further configured to provide private data to the portable computing system.
  - 36. The system as recited in claim 19, further comprising a coupling mechanism that is configured to selectively operatively couple the first computing system and the portable computing system together.
  - 37. The system as recited in claim 19, wherein the first computing system comprises a computer.
  - 38. The system as recited in claim 19, wherein the portable computing system comprises a portable programmable device.
  - 39. The system as recited in claim 38, wherein the portable computing system comprises a portable programmable device selected from a group of portable programmable devices including a personal digital assistant (PDA) device, a Pocket PC device, a Palm Pilot device, a mobile communication device, a mobile telephone device, a paging device, a wearable computing device, a portable computer, and a smart card.

40. An apparatus comprising:
- memory; and
  
  logic operatively coupled to the memory and configurable to receive data from a separate, external computer system, cryptographically modify the data using at least one internally generated cryptographic key, and output the resulting cryptographically modified data to the external computer system without outputting the internally generated cryptographic key, wherein the logic is further configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising;
  
  generating a first hash value using a random value and a portable computing system identifier;
  
  using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and
  
  generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key.
- View Dependent Claims (41)
- - 41. The apparatus as recited in claim 40, wherein the apparatus comprises a portable programmable device selected from a group of portable programmable devices including a personal digital assistant (PDA) device, a Pocket PC device, a Palm Pilot device, a mobile communication device, a mobile telephone device, a paging device, a wearable computing device, a portable computer, and a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garms, Jason, Howard, Michael
Primary Examiner(s)
Revak; Christopher
Assistant Examiner(s)
Chen; Shin-Hon

Application Number

US09/797,210
Publication Number

US 20020118836A1
Time in Patent Office

2,386 Days
Field of Search

713/168, 713/189, 713/200, 713/182, 713/190, 713/201, 713/165, 713/166, 713/193, 713/176, 713/179, 713/180, 713/194, 380/29, 380/277, 380/4, 380/52, 380/25, 380262-280, 380/44, 380/47, 705/56
US Class Current

713/179
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

Distributed cryptographic methods and arrangements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed cryptographic methods and arrangements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links