Transferring application secrets in a trusted operating system environment

US 7,577,839 B2
Filed: 02/28/2005
Issued: 08/18/2009
Est. Priority Date: 11/16/2001
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer readable storage media having stored thereon a plurality of instructions for backing up data on a computing device, wherein the plurality of instructions, when executed by one or more processors of the computing device, causes the one or more processors to:

check, for an application secret to be backed up, a type of the application secret;

when the application secret type is user-migrateable, then encrypt a first encryption key previously used to encrypt the application secret, wherein encrypting the first encryption key is based at least in part on a user passphrase, and allow the encrypted application secret and the encrypted first encryption key to be transferred to a backup medium; and

when the application secret type is third-party-migrateable, then encrypt a second encryption key previously used to encrypt the application secret, wherein the second encryption key is encrypted based at least in part on a third party key and allow the encrypted application secret and the encrypted second encryption key to be transferred to the backup medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

Citations

20 Claims

1. One or more computer readable storage media having stored thereon a plurality of instructions for backing up data on a computing device, wherein the plurality of instructions, when executed by one or more processors of the computing device, causes the one or more processors to:
- check, for an application secret to be backed up, a type of the application secret;
  
  when the application secret type is user-migrateable, then encrypt a first encryption key previously used to encrypt the application secret, wherein encrypting the first encryption key is based at least in part on a user passphrase, and allow the encrypted application secret and the encrypted first encryption key to be transferred to a backup medium; and
  
  when the application secret type is third-party-migrateable, then encrypt a second encryption key previously used to encrypt the application secret, wherein the second encryption key is encrypted based at least in part on a third party key and allow the encrypted application secret and the encrypted second encryption key to be transferred to the backup medium.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. One or more computer readable storage media as recited in claim 1, wherein the instructions to encrypt the application secret based at least in part on the user passphrase and allow the encrypted application secret to be transferred to the backup medium, cause the one or more processors to:
    - identify the user passphrase;
      
      identify the first encryption key previously used to encrypt the application secret, wherein the first encryption key corresponds to the user-migrateable type;
      
      encrypt the first encryption key based at least in part on the user passphrase identified; and
      
      allow the encrypted first encryption key to be transferred to the backup medium.
  - 3. One or more computer readable storage media as recited in claim 1, wherein the instructions to encrypt the application secret based at least in part on the third party key and allow the encrypted application secret to be transferred to the backup medium, cause the one or more processors to:
    - identify a public key of a public-private key pair associated with the third party;
      
      identify the second encryption key previously used to encrypt the application secret, wherein the second encryption key corresponds to the third-party-migrateable type;
      
      encrypt the second encryption key based at least in part on the public key identified; and
      
      allow the encrypted second encryption key to be transferred to the backup medium.
  - 4. One or more computer readable storage media as recited in claim 1, wherein the plurality of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - receive, from another computing device, a plurality of additional application secrets, wherein each of the additional application secrets is encrypted;
      
      identify a first group of the plurality of additional application secrets that are to be decrypted under user control;
      
      obtain, from the user, a passphrase; and
      
      use the passphrase to decrypt each encrypted application secret of the first group.
  - 5. One or more computer readable storage media as recited in claim 4, wherein the plurality of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - identify a second group of the plurality of additional application secrets that are to be decrypted under third party control; and
      
      communicate with a third party to have each encrypted application secret of the second group decrypted.
  - 6. One or more computer readable storage media as recited in claim 1, wherein the plurality of instructions, when executed by the one or more processors, further causes the one or more processors to not allow the application secret to be transferred to a backup medium when the application secret type is non-migrateable.

7. A method, implemented on a computing device by one or more processors executing processor-executable instructions stored in a memory, the method comprising:
- encrypting data, by the one or more processors, using one of a plurality of different encryption keys to produce encrypted data, wherein different encryption keys are used based at least in part on a data type of the data, wherein the data type is determined by how the encrypted data is allowed to be transferred to another computing device, wherein a first encryption key is used for encrypting data haying a data type that is user-migrateable and a second encryption key is used for encrypting data having a data type that is third-party-migrateable;
  
  backing up the encrypted data by determining the data type of the encrypted data to be backed up;
  
  wherein, when the data type to be backed up is user-migrateable, then transferring the encrypted data encrypted with the first encryption key to the backup medium along with an encrypted first encryption key that was used to encrypt the encrypted data; and
  
  wherein when the data type is third-party-migrateable, then transferring the encrypted data that was encrypted with the second encryption key to the backup medium along with an encrypted second encryption key that was used to encrypt the encrypted data.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method as recited in claim 7, further comprising:
    - when the data type is non-migrateable, then not allowing the data to be transferred to a backup medium.
  - 9. The method as recited in claim 7, further comprising:
    - encrypting the second encryption key previously used to encrypt the encrypted data by encrypting the second encryption key with a third party public key that is part of a public key-private key pair of the third party.
  - 10. The method as recited in claim 7, wherein the first encryption key is encrypted based at least in part on a user passphrase before the first encryption key is transferred to the backup medium, the method further comprising:
    - identifying the user passphrase;
      
      identifying the first encryption key previously used to encrypt the encrypted data, wherein the first encryption key corresponds to the user-migrateable data type;
      
      encrypting the first encryption key based at least in part on the user passphrase; and
      
      allowing the encrypted first encryption key to be transferred to the backup medium.
  - 11. The method as recited in claim 7, wherein the backup medium is a removable storage medium or a remote device.
  - 12. The method as recited in claim 7, further comprising:
    - as recited in claim 7, further comprising;
      
      identifying a public key of a public-private key pair associated with a third party;
      
      identifying the second encryption key previously used to encrypt the encrypted data, wherein the second encryption key corresponds to the third-party-migrateable data type;
      
      encrypting the second encryption key based at least in part on the public key; and
      
      allowing the encrypted second encryption key to be transferred to the backup medium.
  - 13. The method as recited in claim 7, wherein the data comprises an operating system secret.
  - 14. The method as recited in claim 7, wherein the data comprises a trusted core secret.

15. A system comprising:
- a computing device including a processor and a memory coupled to the processor; and
  
  an operating system stored in the memory and executed by the processor on the first computing device, the operating system including at least a portion comprising a trusted core,wherein the trusted core is configured to backup application secrets to a backup medium,wherein the trusted core is configured to check for a data type of the application secrets to be backed up,wherein, when the data type is user-migrateable, the trusted core allows the corresponding application secret to be transferred to the backup medium in encrypted form along with a corresponding encrypted first encryption key that was used to encrypt the application secret, wherein the first key is encrypted based at least in part on a user passphrase, andwherein, when the data type is third-party-migrateable, the trusted core allows the corresponding application secret to be transferred to the backup medium in encrypted form along with a corresponding encrypted second encryption key that was used to encrypt the application secret, wherein the corresponding encrypted second encryption key is encrypted using a public key of a third party.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A system as recited in claim 15, wherein when the application secret type is non-migrateable, then the trusted core does not allow the application secret to be transferred to the backup medium.
  - 17. A system as recited in claim 15, wherein the first key is encrypted based at least in part on the user passphrase by:
    - identifying the user passphrase;
      
      identifying the first encryption key used to encrypt the application secret, wherein the first encryption key corresponds to the user-migrateable type;
      
      encrypting the first encryption key based at least in part on the user passphrase; and
      
      allowing the encrypted first encryption key to be transferred to the backup medium.
  - 18. A system as recited in claim 15, wherein the backup medium is a removable storage medium.
  - 19. A system as recited in claim 15, wherein the backup medium is a remote device.
  - 20. A system as recited in claim 15, wherein a different computing device decrypts the encrypted first or second encryption key and uses the decrypted first or second encryption key to decrypt the corresponding application secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lemma; Samson B

Application Number

US11/068,006
Publication Number

US 20050144447A1
Time in Patent Office

1,632 Days
Field of Search

713/193, 713/189, 713/168, 713/165
US Class Current

713/165
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/606 by securing the transmissio...

Transferring application secrets in a trusted operating system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transferring application secrets in a trusted operating system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links