Deriving a symmetric key from an asymmetric key for file encryption or decryption

US 7,382,883 B2
Filed: 12/14/2006
Issued: 06/03/2008
Est. Priority Date: 01/27/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

accessing a private key of an asymmetric key pair in a key device;

deriving a symmetric master key from the private key of the asymmetric key pair;

storing the symmetric master key in a computer storage location outside of the key device;

retrieving the symmetric master key from the computer storage location for encrypting a file encryption key;

encrypting the file encryption key using the symmetric master key retrieved from the computer storage location, the encryption occurring while the key device is deactivated; and

encrypting a file using the file encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.

67 Citations

View as Search Results

19 Claims

1. A method comprising:
- accessing a private key of an asymmetric key pair in a key device;
  
  deriving a symmetric master key from the private key of the asymmetric key pair;
  
  storing the symmetric master key in a computer storage location outside of the key device;
  
  retrieving the symmetric master key from the computer storage location for encrypting a file encryption key;
  
  encrypting the file encryption key using the symmetric master key retrieved from the computer storage location, the encryption occurring while the key device is deactivated; and
  
  encrypting a file using the file encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the method is performed within an encrypting file system (EFS).
  - 3. The method of claim 2, wherein the EFS includes a cryptographic service provider (CSP).
  - 4. The method of claim 1, wherein the symmetric master key is associated with a distinct application program.
  - 5. The method of claim 1, wherein the symmetric master key is associated with a first user, further comprising:
    - decrypting the encrypted file encryption key using the symmetric master key;
      
      decrypting the encrypted file using the file encryption key;
      
      retrieving a public key associated with a second user; and
      
      encrypting the file encryption key with a public key associated with the second user.
  - 6. The method of claim 5, further comprising accessing the file by the second user.
  - 7. The method of claim 6, wherein the private key is associated with the first user, further comprising, decrypting the encrypted file encryption key, using a private key associated with the second user.
  - 8. The method of claim 7, further comprising:
    - deriving an updated symmetric master key using the private key associated with the second user;
      
      updating the file encryption key with the updated symmetric master key.
  - 9. The method of claim 6, wherein the public key associated with the second user is obtained from an operating system.
  - 10. The method of claim 6, wherein the public key associated with the second user is obtained from the file system.
  - 11. The method of claim 6, wherein the public key associated with the second user is obtained from a digital certificate.

12. A method comprising:
- receiving an encrypted file and an encrypted file encryption key;
  
  retrieving a symmetric master key from a computer storage location, wherein the symmetric master key was derived from a private key on a key device and the retrieving of the symmetric master key is performed while the key device is deactivated;
  
  decrypting the encrypted file encryption key using the symmetric master key; and
  
  decrypting the encrypted file using the file encryption key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. A method according to claim 12, further comprising:
    - retrieving the private key from the key device;
      
      deriving the symmetric master key from the private key, wherein the private key is part of an asymmetric key pair; and
      
      storing the symmetric master key in the computer storage location.
  - 14. The method of claim 12, wherein the method is performed within an encrypting file system (EFS).
  - 15. The method of claim 14, wherein the EFS includes a cryptographic service provider (CSP).
  - 16. The method of claim 12, wherein the symmetric master key is associated with a distinct application program.
  - 17. The method of claim 12, wherein the symmetric master key in a computer memory location includes a first symmetric master key and a second symmetric master key, the first symmetric master key is associated with a first application program to operate under a first security profile, and the second symmetric master key is associated with the second application program to operate under a second security profile.

18. A computer-readable storage medium having computer-executable instructions for performing steps comprising:
- accessing a private key associated with a first user, of an asymmetric key pair associated with the first user, the private key of the first user being in a key device;
  
  deriving a symmetric master key associated with the first user from the private key associated with the first user;
  
  storing the symmetric master key associated with the first user in a computer storage location outside of the key device;
  
  retrieving the symmetric master key associated with the first user from the computer storage location for encrypting a file encryption key;
  
  encrypting the file encryption key using the symmetric master key associated with the first user, encrypting the file encryption key is performed while the key device is deactivated;
  
  decrypting the encrypted file encryption key to create a decrypted file encryption key;
  
  encrypting a file using the decrypted file encryption key;
  
  decrypting the encrypted file using the decrypted file encryption key;
  
  obtaining a public key associated with a second user; and
  
  encrypting the file encryption key with the public key associated with the second user.
- View Dependent Claims (19)
- - 19. The computer-readable storage medium of claim 18, further comprising instructions for performing the step of updating file encryption key to be encrypted with a symmetric master key associated with the second user, upon the second user opening the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Pittaway, Glenn D., Leach, Paul J., Jones, Thomas C., Benaloh, Josh D., Gu, Jianrong, Cross, David B.
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US11/611,051
Publication Number

US 20070088947A1
Time in Patent Office

537 Days
Field of Search

380/281, 380/277, 380/284, 713/165, 713/172, 705/71, 726/26
US Class Current

380/281
CPC Class Codes

G06Q 20/3829   involving key management

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Deriving a symmetric key from an asymmetric key for file encryption or decryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links