Multi-token seal and unseal
First Claim
1. A method comprisingrequesting a first token to unseal a sealed first portion of a multi-token sealed object to obtain a first portion of the multi-token sealed object,receiving the first portion in response to the first token unsealing the sealed first portion only if the first token determines that a current device environment satisfies environment criteria specified for the sealed first portion,requesting a second token to unseal a sealed second portion of a multi-token sealed object to obtain a second portion of the multi-token sealed object, andusing the first portion and the second portion to obtain an object from the multi-token sealed object.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatus and computer readable medium are described for sealing objects to two or more tokens. Further, methods, apparatus and computer readable medium are described for unsealing objects that have been sealed to two or more tokens.
237 Citations
43 Claims
-
1. A method comprising
requesting a first token to unseal a sealed first portion of a multi-token sealed object to obtain a first portion of the multi-token sealed object, receiving the first portion in response to the first token unsealing the sealed first portion only if the first token determines that a current device environment satisfies environment criteria specified for the sealed first portion, requesting a second token to unseal a sealed second portion of a multi-token sealed object to obtain a second portion of the multi-token sealed object, and using the first portion and the second portion to obtain an object from the multi-token sealed object.
-
10. A method comprising
requesting a plurality of tokens to unseal a plurality sealed portions of a multi-token sealed object, receiving a plurality of unsealed portions of the multi-token sealed object only if a current device environment satisfies device criteria specified for the plurality of sealed portions, and obtaining an object that has been sealed to the plurality of tokens using the plurality of unsealed portions of the multi-token sealed object.
-
14. A method comprising
requesting a first token of a computing device to seal a first portion of a multi-token sealed object to first environment criteria, and requesting a second token of a computing device to seal a second portion of the multi-token sealed object to second environment criteria.
-
26. A device comprising
a virtual token comprising one or more configuration registers that record metrics of a device environment and one or more processing units to generate a sealed first key that comprises a first key sealed to first environment criteria, a physical token comprising one or more configuration registers that record metrics of the device environment, and one or more processing units to generate a sealed second key that comprises a second key sealed to second environment criteria, and a sealing component to generate a third key based upon the first key and the second key, encrypt an object using the third key to obtain an encrypted object, request the virtual token to seal the first key to obtain the sealed first key, and request the physical token to seal the second key to obtain the sealed second key.
-
34. A machine readable medium comprising a plurality of instructions that, in response to being executed, result in a computing device
sealing a first portion of a multi-token sealed object to first environment criteria using a first public key of a first token to obtain a sealed first portion, and sealing a second portion of the multi-token sealed object to second environment criteria using a second public key of a second token to obtain a sealed second portion.
-
40. A device comprising
a chipset, a processor coupled to the chipset, memory coupled to the chipset, the memory comprising a plurality of instructions that, when executed by the processor, result in the processor implementing a virtual token that records metrics of a device environment, that receives a first key used to generate a decryption key, and that seals the first key to one or more metrics recorded by the virtual token in response to receiving a seal operation request, and a physical token coupled to the chipset, the physical token to record metrics of the device environment, to receive a second key used to generate the decryption key, and to seal the second key to one or more metrics recorded by the physical token in response to receiving a seal operation request.
Specification