Saving and retrieving data based on symmetric key encryption
First Claim
1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
- implement a system having a plurality of hierarchical layers including a lowest layer that guards a root resource, wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and
allow access to the root resource only to principals authorized to access the root resource, wherein to allow the access is to;
use a first operation to securely seal the root resource along with identifiers of multiple principals that are allowed to access the root resource; and
use a second operation to retrieve the root resource.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
132 Citations
12 Claims
-
1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
implement a system having a plurality of hierarchical layers including a lowest layer that guards a root resource, wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and allow access to the root resource only to principals authorized to access the root resource, wherein to allow the access is to; use a first operation to securely seal the root resource along with identifiers of multiple principals that are allowed to access the root resource; and use a second operation to retrieve the root resource. - View Dependent Claims (2, 3)
-
-
4. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
implement a system having; a plurality of hierarchical layers including a lowest layer that guards a root resource, the lowest layer using a first operation to securely seal the root resource, and a second operation to retrieve the root resource and allow a principal in another layer of the plurality of hierarchical layers to access the root resource only if an identifier of the principal is included with the root resource as one of multiple identifiers of principals allowed to access the root resource; and a plurality of guards included in each of the plurality of hierarchical layers, wherein each guard is a service guard or a disclosure guard; wherein each service guard allows principals in the next higher layer to request operations to be performed with protected data, and wherein the service guard performs the operation only if a condition is satisfied; and wherein each disclosure guard allows principals in the next higher layer to request protected data to be disclosed to the principals, and wherein the disclosure guard discloses the protected data only if another condition is satisfied. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
a processor; one or more computer storage media to store multiple instructions that, when executed by the processor, cause the processor to; implement a plurality of hierarchical layers including a lowest layer that guards a root resource; wherein the plurality of hierarchical layers further includes one or more intermediate layers that, act as principals that request, from the next lower layer, operations to be performed using the root resource, and act as guards to the root resource toward principals in the next higher layer; and allow the operations to be performed using the root resource only for principals authorized to access the root resource, identifiers of multiple principals authorized to access the root resource being sealed with the root resource. - View Dependent Claims (11, 12)
-
Specification