Transferring application secrets in a trusted operating system environment

US 7,577,840 B2
Filed: 02/28/2005
Issued: 08/18/2009
Est. Priority Date: 11/16/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method, implemented on a computing device, the method comprising:

generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device;

sealing the gatekeeper storage key to the trusted core executing on the computing device;

receiving a request to store an application secret;

receiving a type of the application secret;

selecting an appropriate hive key based at least in part on the type of the application secret, the hive key having been generated by the trusted core for storing application secrets based on the type of application secret;

encrypting the application secret using the hive key; and

encrypting the hive key using the gatekeeper storage key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

102 Citations

View as Search Results

20 Claims

1. A method, implemented on a computing device, the method comprising:
- generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device;
  
  sealing the gatekeeper storage key to the trusted core executing on the computing device;
  
  receiving a request to store an application secret;
  
  receiving a type of the application secret;
  
  selecting an appropriate hive key based at least in part on the type of the application secret, the hive key having been generated by the trusted core for storing application secrets based on the type of application secret;
  
  encrypting the application secret using the hive key; and
  
  encrypting the hive key using the gatekeeper storage key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein selecting the appropriate hive key comprises:
    - checking whether a hive key corresponding to the type of the application secret already exists;
      
      if the hive key does not already exist, then generating, by the trusted core, a hive key corresponding to the type of the application secret and selecting the newly created hive key; and
      
      if the hive key does already exist corresponding to the type of the application secret, then selecting the already existing hive key generated by the trusted core.
  - 3. A method as recited in claim 1, wherein selecting the appropriate hive key comprises:
    - selecting an appropriate hive key based at least in part on both the application from which the request is received and the type of the application secret.
  - 4. A method as recited in claim 1, wherein sealing the gatekeeper storage key to the trusted core further comprises:
    - using a secure storage operation provided by hardware of the computing device for securely storing the gatekeeper storage key, wherein the trusted core is able to retrieve the gatekeeper storage key when the trusted core is booted using an unseal operation provided by the hardware of the computing device.
  - 5. A method as recited in claim 1, wherein the type of the application secret comprises one of:
    - a non-migrateable secret, a user-migrateable secret, and a third party-migrateable secret, wherein at least three hive keys are generated;
      
      a first hive key for use in storing non-migrateable secrets, a second hive key for use in storing user-migrateable secrets, and a third hive key for use in storing third party migrateable secrets.
  - 6. A method as recited in claim 1, further comprising:
    - receiving a request to transfer the encrypted application secret to another computing device; and
      
      determining whether to allow the encrypted application secret to be transferred to another computing device based at least in part on the type of the application secret.
  - 7. A method as recited in claim 6, wherein the determining comprises:
    - if the type of the application secret is non-migrateable, then not allowing the application secret to be transferred;
      
      if the type of the application secret is user-migrateable, then allowing the application secret to be transferred under control of a user; and
      
      if the type of the application secret is third party-migrateable, then allowing the application secret to be transferred under control of a third party.
  - 8. A method as recited in claim 1, wherein receiving the request to store an application secret comprises:
    - receiving, from a trusted application executing on the computing device, a request to store an application secret.

9. One or more computer readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
- generate a gatekeeper key by a trusted core of an operating system on the computing device;
  
  receiving application data to be encrypted and stored;
  
  identify how the application data is to be allowed to be transferred to another computing device if a request to transfer the application data is received;
  
  select a particular one of a plurality of encryption keys to encrypt the application data, wherein the selecting is based at least in part on how the application data is to be allowed to be transferred to another computing device, the plurality of encryption keys being generated by the trusted core;
  
  encrypt the application data by the trusted core using the selected encryption key; and
  
  encrypt the selected encryption key using the gatekeeper key.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. One or more computer storage readable media as recited in claim 9, wherein the plurality of instructions that cause the one or more processors to select the particular one of the plurality of encryption keys comprise instructions to:
    - check whether an encryption key corresponding to a type of the application data already exists;
      
      if the encryption key does not already exist, then generate an encryption key corresponding to the type of the application data and select the newly created encryption key; and
      
      if the encryption key does already exist, then selecting the already existing encryption key previously generated by the one or more processors.
  - 11. One or more computer readable storage media as recited in claim 9, wherein:
    - the application data comprises one of;
      
      non-migrateable data, user-migrateable data, and third party-migrateable data, wherein at least three encryption keys are generated as the plurality of encryption keys;
      
      a first encryption key for use in storing the non-migrateable data, a second encryption key for use in storing the user-migrateable data, and a third encryption key for use in storing the third party migrateable data.
  - 12. One or more computer readable storage media as recited in claim 9, further comprising instructions that, when executed by the one or more processors, cause the one or more processors to:
    - receive a request to transfer the encrypted application data to another computing device; and
      
      determine whether to allow the encrypted application data to be transferred to the other computing device based at least in part on whether the application data is non-migrateable data, user-migrateable data, or third party-migrateable data.
  - 13. One or more computer readable storage media as recited in claim 12, wherein the instructions to determine whether to allow the encrypted application data to be transferred to the other computing device further comprise instructions that, when executed by the one or more processors, cause the one or more processors to:
    - if the application data is non-migrateable, then not allow the application secret to be transferred;
      
      if the application data is user-migrateable, then allow the application secret to be transferred under control of a user; and
      
      if the application data is third party-migrateable, then allow the application secret to be transferred under control of a third party.
  - 14. One or more computer readable storage media as recited in claim 9,wherein the application data is received from a trusted application executing on the computing device,wherein the application data is received by the trusted core executing on the computing device, andwherein the trusted core generates the plurality of encryption keys.

15. A system comprising:
- a computing device including a processor anda memory coupled to the processor;
  
  an operating system stored in the memory and executed by the processor on the computing device, the operating system including at least a portion comprising a trusted core;
  
  a secret store maintained by the trusted core, wherein secrets passed to and encrypted by the trusted core are securely stored in the secret store;
  
  a cryptographic measure of the trusted core, wherein the cryptographic measure is derived from the trusted core and used to verify integrity of the trusted core when the trusted core is loaded for execution on the computing device;
  
  a gatekeeper storage key generated by the trusted core, wherein the gatekeeper storage key is sealed using a secure storage operation provided by hardware of the computing device for securely storing the gatekeeper storage key, wherein the trusted core is able to retrieve the gatekeeper storage key when the trusted core is booted using an unseal operation provided by the hardware of the computing device; and
  
  a plurality of encryption keys generated by the trusted core, wherein at least three encryption keys are generated according to how the application secret is to be allowed to be transferred to another system;
  
  a first encryption key for use in storing application secret classified as non-migrateable secrets, a second encryption key for use in storing application secrets classified as user-migrateable secrets, and a third encryption key for use in storing application secrets classified as third party migrateable secrets,wherein the trusted core is configured to receive a particular application secret to be securely stored,wherein the trusted core is configured to identify a secret type of the particular application secret according to how the particular application secret is to be allowed to be transferred to another system,wherein the trusted core is configured to select a particular one of the plurality of encryption keys to encrypt the particular application secret, wherein the selecting is based at least in part on the identified secret type, andwherein the trusted core is configured to encrypt the particular encryption key using the gate keeper storage key following encryption of the particular application secret.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A system as recited in claim 15, wherein the trusted core is further configured to:
    - check whether an encryption key corresponding to the type of the application secret already exists;
      
      if the encryption key does not already exist, then create an encryption key corresponding to the type of the application secret and select the newly created encryption key; and
      
      if the encryption key does already exist, then selecting the already existing encryption key.
  - 17. A system as recited in claim 15, wherein:
    - the cryptographic measure is derived from the trusted core so that any changes to the trusted core are reflected in the cryptographic measure so that an altered trusted core will produce a different cryptographic measure.
  - 18. A system as recited in claim 15, wherein the trusted core is further configured to:
    - receive a request to transfer the encrypted application secret to another system; and
      
      determine whether to allow the encrypted application data to be transferred to the other system based at least in part on the secret type.
  - 19. A system as recited in claim 18, wherein the trusted core is further configured to:
    - if the secret type is non-migrateable, then not allow the application secret to be transferred;
      
      if the secret type is user-migrateable, then allow the application secret to be transferred under control of a user; and
      
      if the secret type is third party-migrateable, then allow the application secret to be transferred under control of a third party.
  - 20. A system as recited in claim 15, wherein the trusted core is further configured to store policy information in association with the particular application secret, wherein the policy information identifies a migration policy imposed on the particular application secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lemma; Samson B

Application Number

US11/068,007
Publication Number

US 20050144448A1
Time in Patent Office

1,632 Days
Field of Search

713/193, 713/189, 713/165, 713/164
US Class Current

713/165
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/606 by securing the transmissio...

Transferring application secrets in a trusted operating system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transferring application secrets in a trusted operating system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links