Saving and retrieving data based on symmetric key encryption

US 7,424,612 B2
Filed: 11/08/2006
Issued: 09/09/2008
Est. Priority Date: 04/17/2002
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer storage readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising:

invoking an unseal operation in order to have a bit string decrypted, passing the bit string as an input to the unseal operation, the bit string including identifiers of multiple target programs that are allowed to access at least a portion of the decrypted bit string; and

receiving, in response to invoking the unseal operation, the at least a portion of the decrypted bit string only if the plurality of instructions are one of the identified multiple target programs, wherein the data is decrypted using a symmetric cipher.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

148 Citations

17 Claims

1. One or more computer storage readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising:
- invoking an unseal operation in order to have a bit string decrypted, passing the bit string as an input to the unseal operation, the bit string including identifiers of multiple target programs that are allowed to access at least a portion of the decrypted bit string; and
  
  receiving, in response to invoking the unseal operation, the at least a portion of the decrypted bit string only if the plurality of instructions are one of the identified multiple target programs, wherein the data is decrypted using a symmetric cipher.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. One or more computer storage media as recited in claim 1, wherein each of the identifiers of multiple target programs is a digest generated by applying a cryptographic hash function to one of the multiple target programs.
  - 3. One or more computer storage media as recited in claim 1, wherein the input to the unseal operation is a pointer to the bit string.
  - 4. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if a time constraint for when the data can be unsealed is satisfied.
  - 5. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if a logical formula identified in the bit string evaluates to true.
  - 6. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if execution of a program identified in the bit string returns an indication of true.

7. One or more computer storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising:
- invoking an unseal operation in order to obtain data from a sealed bit string, the sealed bit string including identifiers of multiple programs that are allowed to access the data; and
  
  receiving, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied, the one or more conditions including the plurality of instructions being one of the identified multiple programs.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed.
  - 9. One or more computer storage media as recited in claim 8, wherein the time constraint comprises one or more times of day when the data can be unsealed.
  - 10. One or more computer storage media as recited in claim 8, wherein the time constraint comprises one or more days of a week when the data can be unsealed.
  - 11. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true.
  - 12. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true.

13. A method comprising:
- invoking an unseal operation in order to obtain data from a sealed bit string, the sealed bit string including identifiers of multiple programs that are allowed to access the data; and
  
  receiving, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied, the one or more conditions including the plurality of instructions being one of the identified multiple programs.
- View Dependent Claims (14, 15, 16, 17)
- - 14. A method as recited in claim 13, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed.
  - 15. A method as recited in claim 13, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true.
  - 16. A method as recited in claim 13, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true.
  - 17. A method as recited in claim 13, wherein each of the identifiers of multiple programs is a digest generated by applying a cryptographic hash function to one of the multiple programs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus
Primary Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US11/557,620
Publication Number

US 20070088946A1
Time in Patent Office

671 Days
Field of Search

713/167, 713/193
US Class Current

713/167
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Saving and retrieving data based on symmetric key encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Saving and retrieving data based on symmetric key encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links