Saving and retrieving data based on public key encryption

US 9,183,406 B2
Filed: 01/24/2011
Issued: 11/10/2015
Est. Priority Date: 04/17/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

obtaining a pair of inputs to be encrypted, the pair of inputs including data to be sealed and one or more conditions that are to be satisfied in order for the data to be unsealed; and

encrypting by a first device the pair of inputs using public key encryption and a same public key of a public/private key pair, the encrypting generating a ciphertext that includes both the encrypted data and the encrypted one or more conditions, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed, the time constraint comprising particular days of the week during which the data can be unsealed, and wherein the data is not unsealed if the one or more conditions are not satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.

Citations

20 Claims

1. A method comprising:
- obtaining a pair of inputs to be encrypted, the pair of inputs including data to be sealed and one or more conditions that are to be satisfied in order for the data to be unsealed; and
  
  encrypting by a first device the pair of inputs using public key encryption and a same public key of a public/private key pair, the encrypting generating a ciphertext that includes both the encrypted data and the encrypted one or more conditions, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed, the time constraint comprising particular days of the week during which the data can be unsealed, and wherein the data is not unsealed if the one or more conditions are not satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the data comprises a cryptographic key.
  - 3. A method as recited in claim 1, wherein obtaining the data comprises receiving the data as part of a PKSeal operation.
  - 4. A method as recited in claim 1, wherein the time constraint further comprises a particular time of day during which the data can be unsealed.
  - 5. A method as recited in claim 1, the public key comprising a public key of a guard that is intended to be able to decrypt the ciphertext.
  - 6. A method as recited in claim 5, the guard comprising a component implemented on a second device that is different than the first device.
  - 7. A method as recited in claim 5, the obtaining comprising obtaining the pair of inputs from a component of the first device implemented in an operating system layer on the first device, and the encrypting comprising encrypting the pair of inputs by a component implemented in a basic input/output system layer on the first device.
  - 8. A method as recited in claim 5, the guard comprising a component implemented in a hardware layer of the first device, the obtaining comprising obtaining, by the guard, the pair of inputs from a component of the first device implemented in a basic input/output system layer on the first device, and the encrypting comprising encrypting the pair of inputs by the guard.

9. A computing device having one or more components implemented at least in part in hardware and that performs acts comprising:
- invoking, in the computing device, an operation to seal data; and
  
  receiving, in response to invoking the operation, a ciphertext including both encrypted data and encrypted one or more conditions that are to be satisfied in order for the data to be unsealed, the encrypted data as well as the encrypted one or more conditions having been generated by encrypting a pair of inputs including both data and one or more conditions using a same public key of a public/private key pair, wherein one of the one or more conditions comprises a time constraint identifying particular days of the week during which the data can be unsealed, wherein the data is not unsealed if the one or more conditions are not satisfied, and wherein the data and the one or more conditions are encrypted using public key encryption.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. A computing device as recited in claim 9, wherein the operation comprises a PKSeal operation.
  - 11. A computing device as recited in claim 9, wherein invoking the operation comprises passing the data as an input to the operation.
  - 12. A computing device as recited in claim 9, wherein invoking the operation comprises passing at least one of the one or more conditions as an input to the operation.
  - 13. A computing device as recited in claim 9, wherein the data comprises a cryptographic key.
  - 14. A computing device as recited in claim 9, wherein the time constraint further comprises a particular time of day during which the data can be unsealed.

15. A method comprising:
- invoking, in a device, an operation to have ciphertext decrypted; and
  
  receiving, in response to invoking the operation, decrypted data from the ciphertext only if an encrypted one or more conditions included in the ciphertext are satisfied, the encrypted data as well as the encrypted one or more conditions in the ciphertext having been decrypted using a same private key of a public/private key pair, wherein the one or more conditions comprises a time constraint for when the data can be unsealed, wherein the one or more conditions are satisfied only if a current day of the week is one of one or more particular days of the week identified by the time constraint, and wherein the ciphertext is decrypted using public key decryption.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method as recited in claim 15, wherein the operation comprises a PKUnseal operation.
  - 17. A method as recited in claim 15, wherein invoking the operation comprises passing the ciphertext as an input to the operation.
  - 18. A method as recited in claim 15, wherein invoking the operation comprises passing a pointer to the ciphertext as an input to the operation.
  - 19. A method as recited in claim 15, wherein the data comprises a cryptographic key.
  - 20. A method as recited in claim 15, wherein the time constraint further comprises a particular time of day during which the data can be unsealed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
England, Paul, Peinado, Marcus
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US13/012,573
Publication Number

US 20110154057A1
Time in Patent Office

1,751 Days
Field of Search

713/189, 713/193
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Saving and retrieving data based on public key encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Saving and retrieving data based on public key encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links