Sealing secret data with a policy that includes a sensor-based constraint

US 9,411,970 B2
Filed: 08/19/2011
Issued: 08/09/2016
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A method executed at a mobile computing device, the method comprising:

at a processor on a mobile computing device;

receiving, from an application executing on the mobile computing device, a request to access secret data retained on computer-readable storage of the mobile computing device;

responsive to receiving the request, retrieving an encrypted policy from the computer-readable storage on the mobile computing device and decrypting the encrypted policy, the policy comprising a sensor-based constraint, the sensor-based constraint tied to a sensor on the mobile computing device, the policy defines a value from the sensor that satisfies the sensor-based constraint;

responsive to retrieving and decrypting the encrypted policy, requesting a sensor reading from the sensor on the mobile computing device;

receiving the sensor reading;

determining whether the policy is satisfied based upon a comparison between the value defined in the policy and the sensor reading from the sensor; and

when and only when the policy is satisfied, providing the application with the secret data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Citations

20 Claims

1. A method executed at a mobile computing device, the method comprising:
- at a processor on a mobile computing device;
  
  receiving, from an application executing on the mobile computing device, a request to access secret data retained on computer-readable storage of the mobile computing device;
  
  responsive to receiving the request, retrieving an encrypted policy from the computer-readable storage on the mobile computing device and decrypting the encrypted policy, the policy comprising a sensor-based constraint, the sensor-based constraint tied to a sensor on the mobile computing device, the policy defines a value from the sensor that satisfies the sensor-based constraint;
  
  responsive to retrieving and decrypting the encrypted policy, requesting a sensor reading from the sensor on the mobile computing device;
  
  receiving the sensor reading;
  
  determining whether the policy is satisfied based upon a comparison between the value defined in the policy and the sensor reading from the sensor; and
  
  when and only when the policy is satisfied, providing the application with the secret data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the sensor is a global positioning system sensor.
  - 3. The method of claim 1, wherein the sensor is one of a thermometer, an accelerometer, a velocity sensor, a proximity sensor, or a gyroscope.
  - 4. The method of claim 1, wherein the policy defines that the secret data is inaccessible to any device other than the mobile computing device.
  - 5. The method of claim 1, further comprising:
    - receiving a request to generate the policy;
      
      generating the policy responsive to receipt of the request; and
      
      sealing the secret data with the policy responsive to receipt of the request, such that the application is unable to access the secret data unless the policy is satisfied by the sensor reading.
  - 6. The method of claim 5, wherein the generating of the policy and the sealing of the secret data with the policy is undertaken on the mobile computing device.
  - 7. The method of claim 5, wherein the generating of the policy and the sealing of the secret data with the policy is undertaken on a server that is in communication with the mobile computing device.
  - 8. The method of claim 1, wherein the mobile computing device is one of a portable telephone, a tablet, a netbook, or a laptop, and the at least one sensor is a global positioning system sensor.
  - 9. The method of claim 1, the application being a text messaging application, the secret data being a key, wherein the application is configured to send and receive text messages responsive to receipt of the key.
  - 10. The method of claim 1, wherein the secret data is encrypted, the method further comprising decrypting the secret data when and only when the policy is satisfied, wherein decrypting the secret data is undertaken in a hardware trusted platform module.
  - 11. The method of claim 1, further comprising:
    - executing the application on a first core of the processor; and
      
      determining that the policy is satisfied on a second core of the processor.

12. A computing device, comprising:
- a processor; and
  
  computer-readable storage that stores instructions that, when executed by the processor, cause the processor to perform acts comprising;
  
  receiving, from an application executing on the computing device, a request to unseal secret data from a policy, the policy encrypted and stored in the computer-readable storage, the policy comprises a sensor-based constraint that is tied to a sensor on the computing device, the policy defining a sensor value that satisfies the sensor-based constraint, the sensor-based constraint satisfiable only by data output by the sensor;
  
  responsive to receiving the request, decrypting the policy;
  
  responsive to decrypting the policy, identifying the sensor that is tied to the sensor-based constraint;
  
  responsive to identifying the sensor, retrieving a sensor reading from the sensor; and
  
  unsealing the secret data from the policy and outputting the secret data to the application when and only when the sensor reading from the sensor corresponds to the sensor value and satisfies the sensor-based constraint.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computing device of claim 12, the secret data being a password.
  - 14. The computing device of claim 12, the acts further comprising:
    - receiving the policy from the application;
      
      receiving the secret data;
      
      receiving a request to seal the secret data with the policy; and
      
      sealing the secret data with the policy responsive to receiving the request to seal the secret data with the policy, wherein sealing the secret data with the policy comprises;
      
      encrypting the policy and storing the encrypted policy in the computer-readable storage; and
      
      encrypting the secret data and storing the encrypted secret data in the computer-readable storage.
  - 15. The computing device of claim 12, the processor being a hardware trusted platform module.
  - 16. The computing device of claim 12 comprising a first virtual machine and a second virtual machine, wherein the application executes in the second virtual machine and the acts are performed in the first virtual machine.
  - 17. The computing device of claim 12, the application being a text messaging application, the secret data being a key, wherein the application is configured to send and receive text messages responsive to receipt of the key.
  - 18. The computing device of claim 12, the policy identifies the sensor of the sensor-based constraint.

19. A computer-readable medium comprising instructions that, when executed by a processor, cause the processor to perform acts comprising:
- receiving a request to transmit a text message by way of a text messaging application installed on a mobile computing device;
  
  responsive to receiving the request, retrieving a policy retained in computer-readable storage on the mobile computing device, the policy defines whether transmittal of text messages is authorized, the policy comprising a sensor-based constraint that is tied to a sensor on the mobile computing device, the policy defines a value that satisfies the sensor-based constraint;
  
  retrieving a sensor reading from the sensor on the mobile computing device;
  
  determining whether the sensor-based constraint has been satisfied based upon a comparison between the value defined in the policy and the sensor reading from the sensor; and
  
  when and only when the sensor-based constraint is satisfied, transmitting the text message.
- View Dependent Claims (20)
- - 20. The computer-readable medium of claim 19, wherein a hardware trusted platform module performs at least determining whether the sensor-based constraint has been satisfied based at least in part upon a comparison between the value defined in the policy and the sensor reading from the sensor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Saroiu, Stefan, Wolman, Alastair, Raj, Himanshu, Liu, He
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US13/213,085
Publication Number

US 20130047197A1
Time in Patent Office

1,817 Days
Field of Search

726/1, 726/2, 726/4, 726/27, 380/258
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/6209   to a single file or object,...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 9/45558   Hypervisor-specific managem...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/168   above the transport layer

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

H04W 12/68   Gesture-dependent or behavi...

H04W 4/021 : Services related to particu...

View All

Sealing secret data with a policy that includes a sensor-based constraint

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Sealing secret data with a policy that includes a sensor-based constraint

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links