Saving and retrieving data based on symmetric key encryption
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/14
H04L-009/00
출원번호
US-0557620
(2006-11-08)
등록번호
US-7424612
(2008-09-09)
발명자
/ 주소
England,Paul
Peinado,Marcus
출원인 / 주소
Microsoft Corporation
인용정보
피인용 횟수 :
21인용 특허 :
87
초록▼
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit s
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
대표청구항▼
The invention claimed is: 1. One or more computer storage readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising: invoking an unseal operation in order to have
The invention claimed is: 1. One or more computer storage readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising: invoking an unseal operation in order to have a bit string decrypted, passing the bit string as an input to the unseal operation, the bit string including identifiers of multiple target programs that are allowed to access at least a portion of the decrypted bit string; and receiving, in response to invoking the unseal operation, the at least a portion of the decrypted bit string only if the plurality of instructions are one of the identified multiple target programs, wherein the data is decrypted using a symmetric cipher. 2. One or more computer storage media as recited in claim 1, wherein each of the identifiers of multiple target programs is a digest generated by applying a cryptographic hash function to one of the multiple target programs. 3. One or more computer storage media as recited in claim 1, wherein the input to the unseal operation is a pointer to the bit string. 4. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if a time constraint for when the data can be unsealed is satisfied. 5. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if a logical formula identified in the bit string evaluates to true. 6. One or more computer storage media as recited in claim 1, the receiving the at least a portion of the decrypted bit string further comprising receiving the at least a portion of the decrypted bit string only if execution of a program identified in the bit string returns an indication of true. 7. One or more computer storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to perform acts comprising: invoking an unseal operation in order to obtain data from a sealed bit string, the sealed bit string including identifiers of multiple programs that are allowed to access the data; and receiving, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied, the one or more conditions including the plurality of instructions being one of the identified multiple programs. 8. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed. 9. One or more computer storage media as recited in claim 8, wherein the time constraint comprises one or more times of day when the data can be unsealed. 10. One or more computer storage media as recited in claim 8, wherein the time constraint comprises one or more days of a week when the data can be unsealed. 11. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true. 12. One or more computer storage media as recited in claim 7, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true. 13. A method comprising: invoking an unseal operation in order to obtain data from a sealed bit string, the sealed bit string including identifiers of multiple programs that are allowed to access the data; and receiving, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied, the one or more conditions including the plurality of instructions being one of the identified multiple programs. 14. A method as recited in claim 13, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed. 15. A method as recited in claim 13, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true. 16. A method as recited in claim 13, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true. 17. A method as recited in claim 13, wherein each of the identifiers of multiple programs is a digest generated by applying a cryptographic hash function to one of the multiple programs.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (87)
Hardell ; Jr. William R. (Austin TX) Henson ; Jr. James D. (Austin TX) Mitchell Oscar R. (Pflugerville TX), Apparatus and method for booting a multiple processor system having a global/local memory architecture.
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
Brachtl Bruno O. (Baden-Wuerttenberg NY DEX) Coppersmith Don (Ossining NY) Hyden Myrna M. (Manassas VA) Matyas ; Jr. Stephen M. (Manassas VA) Meyer Carl H. W. (Kingston NY) Oseas Jonathan (Hurley NY), Data authentication using modification detection codes based on a public one way encryption function.
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
Imai Toru,JPX ; Yoshida Hideki,JPX ; Segawa Hideo,JPX, Method and apparatus for data input/output management suitable for protection of electronic writing data.
Gutowitz Howard A. (6395 Claremore La. San Diego CA 92120), Method and apparatus for encryption, decryption and authentication using dynamical systems.
Jeffrey Vinson ; Steig Westerberg ; Jeffrey DeVries, Method and apparatus to allow remotely located computer programs and/or data to be accessed on a local computer in a secure, time-limited manner, with persistent caching.
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Chandra Ashileshwari N. (Mahopac NY) Comerford Liam D. (Carmel NY) White Steve R. (New York NY), Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocess.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Lipner Steven B. (Oakton VA) Balenson David M. (Olney MD) Ellison Carl M. (Baltimore MD) Walker Stephen T. (Glenwood MD), System and method for data recovery.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
Okazaki, Atsuya; Nakanishi, Masaki; Yamashita, Shigeru; Watanabe, Katsumasa, Microprocessor, a node terminal, a computer system and a program execution proving method.
Henry, G. Glenn; Parks, Terry, Processor with non-volatile mode enable register entering secure execution mode and encrypting secure program for storage in secure memory via private bus.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.