System and method for secure storage of data using public and private keys
First Claim
Patent Images
1. A method comprising:
- receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the content comprises an arbitrary block of data, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and
encrypting the content using a public key of a pair of public and private keys of the device that is to decrypt the content.
2 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
-
Citations
49 Claims
-
1. A method comprising:
-
receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the content comprises an arbitrary block of data, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and encrypting the content using a public key of a pair of public and private keys of the device that is to decrypt the content. - View Dependent Claims (2, 3, 4)
-
-
5. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
-
receive a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and encrypt the content using a public key of a pair of public and private keys of a device that is to decrypt the content. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method comprising:
-
decrypting a data structure using a private key of a pair of public and private keys; obtaining a statement of conditions under which content in the data structure can be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device including a processor must have in order for the content to be decrypted, wherein the operating system identity is identified in a signed certificate from an operating system vendor, and wherein the operating system identity is maintained in a software identity register (SIR); testing whether the conditions are satisfied; and returning the decrypted content only if the conditions are satisfied. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by a processor, causes the processor to:
-
decrypt a data structure using a private key of a pair of public and private keys; obtain a statement of conditions under which content in the data structure can be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device including the processor must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; test whether the conditions are satisfied; and return the decrypted content only if the conditions are satisfied. - View Dependent Claims (17, 18, 19)
-
-
20. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
-
obtain content to be encrypted; and invoke a seal operation, inputting both the content and a statement of conditions under which the content may be decrypted, to have the content encrypted using a public key of a pair of public and private keys of a device that may decrypt the data structure, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor. - View Dependent Claims (21, 22, 23)
-
-
24. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by a processor of a device, causes the processor to:
-
make a seal operation and a reveal operation available for invoking; wherein the seal operation causes content to be encrypted with a public key of a pair of public and private keys of the processor along with a statement of the conditions under which it may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and wherein the reveal operation causes the content to be returned to a requester if the conditions are satisfied. - View Dependent Claims (25)
-
-
26. A method comprising:
-
receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device must have in order for the content to be decrypted, wherein the operating system identity is for an operating system that is different than an operating system executing when the data structure to be encrypted is received, and wherein the operating system identity is maintained in a software identity register (SIR); and encrypting the content using a public key of a pair of public and private keys of the device that is to decrypt the content. - View Dependent Claims (27, 28)
-
-
29. A method comprising:
-
receiving a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and encrypting the content using a public key of a pair of public and private keys of a device that is to decrypt the content. - View Dependent Claims (30, 31, 32, 33)
-
-
34. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
-
receive a data structure to be encrypted, wherein the data structure includes content along with a statement of conditions under which the content may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, wherein the operating system identity is for an operating system that is different than an operating system executing when the content to be encrypted is received, and wherein the operating system identity is maintained in a software identity register (SIR); and encrypt the content using a public key of a pair of public and private keys of a device that is to decrypt the content. - View Dependent Claims (35, 36)
-
-
37. A method comprising:
-
decrypting a data structure using a private key of a pair of public and private keys; obtaining a statement of conditions under which content in the data structure can be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on a device including a processor must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; testing whether the conditions are satisfied; and returning the decrypted content only if the conditions are satisfied. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. A method comprising:
-
obtaining content to be encrypted; and invoking a seal operation, inputting both the content and a statement of conditions under which the content may be decrypted, to have the content encrypted using a public key of a pair of public and private keys of a device that may decrypt the data structure, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor. - View Dependent Claims (45, 46, 47)
-
-
48. A method comprising:
-
making a seal operation and a reveal operation available for invoking; wherein the seal operation causes content to be encrypted with a public key of a pair of public and private keys of the processor along with a statement of the conditions under which it may be decrypted, wherein the statement of conditions comprises an operating system identity that an operating system executing on the device must have in order for the content to be decrypted, and wherein the operating system identity is identified in a signed certificate from an operating system vendor; and wherein the reveal operation causes the content to be returned to a requester if the conditions are satisfied. - View Dependent Claims (49)
-
Specification