Transferring application secrets in a trusted operating system environment
First Claim
1. A method, implemented on a computing device, the method comprising:
- generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device;
sealing the gatekeeper storage key to the trusted core executing on the computing device;
receiving a request to store an application secret;
receiving a type of the application secret;
selecting an appropriate hive key based at least in part on the type of the application secret, the hive key having been generated by the trusted core for storing application secrets based on the type of application secret;
encrypting the application secret using the hive key; and
encrypting the hive key using the gatekeeper storage key.
1 Assignment
0 Petitions
Accused Products
Abstract
Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
102 Citations
20 Claims
-
1. A method, implemented on a computing device, the method comprising:
-
generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device; sealing the gatekeeper storage key to the trusted core executing on the computing device; receiving a request to store an application secret; receiving a type of the application secret; selecting an appropriate hive key based at least in part on the type of the application secret, the hive key having been generated by the trusted core for storing application secrets based on the type of application secret; encrypting the application secret using the hive key; and encrypting the hive key using the gatekeeper storage key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
-
generate a gatekeeper key by a trusted core of an operating system on the computing device; receiving application data to be encrypted and stored; identify how the application data is to be allowed to be transferred to another computing device if a request to transfer the application data is received; select a particular one of a plurality of encryption keys to encrypt the application data, wherein the selecting is based at least in part on how the application data is to be allowed to be transferred to another computing device, the plurality of encryption keys being generated by the trusted core; encrypt the application data by the trusted core using the selected encryption key; and encrypt the selected encryption key using the gatekeeper key. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a computing device including a processor and a memory coupled to the processor; an operating system stored in the memory and executed by the processor on the computing device, the operating system including at least a portion comprising a trusted core; a secret store maintained by the trusted core, wherein secrets passed to and encrypted by the trusted core are securely stored in the secret store; a cryptographic measure of the trusted core, wherein the cryptographic measure is derived from the trusted core and used to verify integrity of the trusted core when the trusted core is loaded for execution on the computing device; a gatekeeper storage key generated by the trusted core, wherein the gatekeeper storage key is sealed using a secure storage operation provided by hardware of the computing device for securely storing the gatekeeper storage key, wherein the trusted core is able to retrieve the gatekeeper storage key when the trusted core is booted using an unseal operation provided by the hardware of the computing device; and a plurality of encryption keys generated by the trusted core, wherein at least three encryption keys are generated according to how the application secret is to be allowed to be transferred to another system;
a first encryption key for use in storing application secret classified as non-migrateable secrets, a second encryption key for use in storing application secrets classified as user-migrateable secrets, and a third encryption key for use in storing application secrets classified as third party migrateable secrets,wherein the trusted core is configured to receive a particular application secret to be securely stored, wherein the trusted core is configured to identify a secret type of the particular application secret according to how the particular application secret is to be allowed to be transferred to another system, wherein the trusted core is configured to select a particular one of the plurality of encryption keys to encrypt the particular application secret, wherein the selecting is based at least in part on the identified secret type, and wherein the trusted core is configured to encrypt the particular encryption key using the gate keeper storage key following encryption of the particular application secret. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification