Saving and retrieving data based on public key encryption

US 8,589,701 B2
Filed: 01/27/2011
Issued: 11/19/2013
Est. Priority Date: 04/17/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of implementing a BoundSign operation, the method comprising:

receiving, as an input, both data to be signed and a bound key blob, wherein the bound key blob is bound to one or more processors;

recovering, from the bound key blob, a private key of a public/private key pair associated with the bound key blob;

generating a digital signature over the data using the private key; and

outputting the digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext.

219 Citations

20 Claims

1. A method of implementing a BoundSign operation, the method comprising:
- receiving, as an input, both data to be signed and a bound key blob, wherein the bound key blob is bound to one or more processors;
  
  recovering, from the bound key blob, a private key of a public/private key pair associated with the bound key blob;
  
  generating a digital signature over the data using the private key; and
  
  outputting the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the bound key blob is bound to the one or more processors by encrypting the bound key blob using a public key of the one or more processors.
  - 3. A method as recited in claim 1, wherein the private key is restricted, by an element that identifies the BoundSign operation and that is included in the bound key blob, to being used only by the BoundSign operation.
  - 4. A method as recited in claim 1, further comprising outputting the digital signature only if one or more bound key usage conditions included in the bound key blob are satisfied.
  - 5. A method as recited in claim 4, the bound key blob further including a migration condition element, the migration condition element identifying one or more conditions under which the one or more bound key usage conditions can be changed.
  - 6. A method as recited in claim 4, the one or more bound key usage conditions including a digest of a program by or on behalf of which the private key can be used.
  - 7. A method as recited in claim 1, the recovering the private key of the public/private key pair associated with the bound key blob comprising obtaining the private key that is contained in the bound key blob.
  - 8. A method as recited in claim 1, the recovering the private key of the public/private key pair associated with the bound key blob comprising obtaining a private key fragment that is contained in the bound key blob and from which the private key can be reconstructed.

9. A method of implementing a BoundDecrypt operation, the method comprising:
- receiving, as an input, both ciphertext and a bound key structure, wherein the bound key structure is bound to one or more processors;
  
  recovering, from the bound key structure, a private key of a public/private key pair associated with the bound key structure;
  
  decrypting the ciphertext using the private key to generate plaintext corresponding to the ciphertext; and
  
  outputting the plaintext.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. A method as recited in claim 9, wherein the bound key structure is bound to the one or more processors by encrypting the bound key structure using a public key of the one or more processors.
  - 11. A method as recited in claim 9, wherein the private key is restricted, based on a key usage element of the bound key structure that identifies the BoundDecrypt operation and that is included in the bound key blob, to being used only by the BoundDecrypt operation.
  - 12. A method as recited in claim 9, further comprising outputting the plaintext only if one or more bound key usage conditions included in the bound key structure are satisfied, the one or more bound key usage conditions included in the bound key structure comprising a time constraint condition that identifies times of the day or days of the week during which the plaintext can be output.
  - 13. A method as recited in claim 9, the recovering the private key of the public/private key pair associated with the bound key structure comprising obtaining the private key that is contained in the bound key structure.
  - 14. A method as recited in claim 9, the recovering the private key of the public/private key pair associated with the bound key structure comprising obtaining a private key fragment that is contained in the bound key structure and from which the private key can be reconstructed.

15. A method of implementing a BoundPkUnseal operation, the method comprising:
- receiving, as an input, both ciphertext and a bound key structure, wherein the bound key structure is bound to one or more processors;
  
  recovering, from the bound key structure, a private key of a public/private key pair associated with the bound key structure;
  
  decrypting the ciphertext using the private key to generate plaintext corresponding to the ciphertext; and
  
  outputting the plaintext.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method as recited in claim 15, wherein the bound key structure is bound to the one or more processors by encrypting the bound key structure using a public key of the one or more processors.
  - 17. A method as recited in claim 15, wherein the private key is restricted, by an element that identifies the BoundPkUnseal operation and that is included in the bound key structure, to being used only by the BoundPkUnseal operation.
  - 18. A method as recited in claim 15, further comprising outputting the plaintext only if one or more bound key usage conditions of the bound key structure are satisfied.
  - 19. A method as recited in claim 18, the one or more bound key usage conditions of the bound key structure comprising one or more bound key usage conditions included in the bound key structure, the one or more bound key usage conditions included in the bound key structure comprising a logical formula condition that identifies a logical formula included in the bound key structure, and the outputting the plaintext comprising outputting the plaintext only if evaluation of the logical formula returns an indication of true.
  - 20. A method as recited in claim 15, the recovering the private key associated with the bound key structure comprising obtaining the private key that is contained in the bound key structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US13/015,403
Publication Number

US 20110119502A1
Time in Patent Office

1,027 Days
Field of Search

713/189, 713/175, 713/180, 713/193, 713/155, 380/287, 380/278
US Class Current

713/193
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Saving and retrieving data based on public key encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

219 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Saving and retrieving data based on public key encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links