Key-based secure storage
First Claim
1. A computer system comprising:
- means for downloading information and an access predicate that specifies requirements for an application to access the information;
means for generating a seed value;
means for producing a hash seed value based on the seed value using a one-way hash function;
means for generating an application storage key from the hash seed value;
means for encrypting the information using the application storage key; and
means for associating the access predicate with the encrypted information.
1 Assignment
0 Petitions
Accused Products
Abstract
A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
-
Citations
4 Claims
-
1. A computer system comprising:
-
means for downloading information and an access predicate that specifies requirements for an application to access the information; means for generating a seed value; means for producing a hash seed value based on the seed value using a one-way hash function; means for generating an application storage key from the hash seed value; means for encrypting the information using the application storage key; and means for associating the access predicate with the encrypted information.
-
-
2. One or more computer-readable media having stored thereon computer-executable instructions that, when executed by one or more processors of a computer, cause the computer to perform acts comprising:
-
downloading information and an access predicate that specifies requirements for an application to access the information; obtaining a storage key; encrypting the information using the storage key; associating the access predicate with the encrypted information; obtaining an operating system storage key; encrypting the access predicate with the operating system storage key; and encrypting a plurality of other storage keys using the operating system storage key, wherein the other storage keys are selected from the group consisting of application storage keys and user storage keys.
-
-
3. One or more computer-readable media having stored thereon computer-executable instructions that, when executed by one or more processors of a computer, cause the computer to perform acts comprising:
-
downloading information and an access predicate that specifies requirements for an application to access the information; obtaining a storage key; encrypting the information using the storage key; associating the access predicate with the encrypted information; selecting either a key vault from a plurality of key vaults provided by a trusted operating system or a key vault designated by a provider of the information; storing the storage key in the key vault provided by a third-party; and recovering the storage key from the key vault. - View Dependent Claims (4)
-
Specification