Transferring application secrets in a trusted operating system environment
First Claim
1. One or more computer readable storage media having stored thereon a plurality of instructions for backing up data on a computing device, wherein the plurality of instructions, when executed by one or more processors of the computing device, causes the one or more processors to:
- check, for an application secret to be backed up, a type of the application secret;
when the application secret type is user-migrateable, then encrypt a first encryption key previously used to encrypt the application secret, wherein encrypting the first encryption key is based at least in part on a user passphrase, and allow the encrypted application secret and the encrypted first encryption key to be transferred to a backup medium; and
when the application secret type is third-party-migrateable, then encrypt a second encryption key previously used to encrypt the application secret, wherein the second encryption key is encrypted based at least in part on a third party key and allow the encrypted application secret and the encrypted second encryption key to be transferred to the backup medium.
1 Assignment
0 Petitions
Accused Products
Abstract
Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
-
Citations
20 Claims
-
1. One or more computer readable storage media having stored thereon a plurality of instructions for backing up data on a computing device, wherein the plurality of instructions, when executed by one or more processors of the computing device, causes the one or more processors to:
-
check, for an application secret to be backed up, a type of the application secret; when the application secret type is user-migrateable, then encrypt a first encryption key previously used to encrypt the application secret, wherein encrypting the first encryption key is based at least in part on a user passphrase, and allow the encrypted application secret and the encrypted first encryption key to be transferred to a backup medium; and when the application secret type is third-party-migrateable, then encrypt a second encryption key previously used to encrypt the application secret, wherein the second encryption key is encrypted based at least in part on a third party key and allow the encrypted application secret and the encrypted second encryption key to be transferred to the backup medium. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, implemented on a computing device by one or more processors executing processor-executable instructions stored in a memory, the method comprising:
-
encrypting data, by the one or more processors, using one of a plurality of different encryption keys to produce encrypted data, wherein different encryption keys are used based at least in part on a data type of the data, wherein the data type is determined by how the encrypted data is allowed to be transferred to another computing device, wherein a first encryption key is used for encrypting data haying a data type that is user-migrateable and a second encryption key is used for encrypting data having a data type that is third-party-migrateable; backing up the encrypted data by determining the data type of the encrypted data to be backed up; wherein, when the data type to be backed up is user-migrateable, then transferring the encrypted data encrypted with the first encryption key to the backup medium along with an encrypted first encryption key that was used to encrypt the encrypted data; and wherein when the data type is third-party-migrateable, then transferring the encrypted data that was encrypted with the second encryption key to the backup medium along with an encrypted second encryption key that was used to encrypt the encrypted data. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a computing device including a processor and a memory coupled to the processor; and an operating system stored in the memory and executed by the processor on the first computing device, the operating system including at least a portion comprising a trusted core, wherein the trusted core is configured to backup application secrets to a backup medium, wherein the trusted core is configured to check for a data type of the application secrets to be backed up, wherein, when the data type is user-migrateable, the trusted core allows the corresponding application secret to be transferred to the backup medium in encrypted form along with a corresponding encrypted first encryption key that was used to encrypt the application secret, wherein the first key is encrypted based at least in part on a user passphrase, and wherein, when the data type is third-party-migrateable, the trusted core allows the corresponding application secret to be transferred to the backup medium in encrypted form along with a corresponding encrypted second encryption key that was used to encrypt the application secret, wherein the corresponding encrypted second encryption key is encrypted using a public key of a third party. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification