IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0068007
(2005-02-28)
|
등록번호 |
US-7577840
(2009-08-31)
|
발명자
/ 주소 |
- England, Paul
- Peinado, Marcus
- Simon, Daniel R.
- Benaloh, Josh D.
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
93 |
초록
▼
Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing de
Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
대표청구항
▼
The invention claimed is: 1. A method, implemented on a computing device, the method comprising: generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device; sealing the gatekeeper storage key to the trusted core executing on the computing device;
The invention claimed is: 1. A method, implemented on a computing device, the method comprising: generating a gatekeeper storage key by a trusted core of an operating system executing on the computing device; sealing the gatekeeper storage key to the trusted core executing on the computing device; receiving a request to store an application secret; receiving a type of the application secret; selecting an appropriate hive key based at least in part on the type of the application secret, the hive key having been generated by the trusted core for storing application secrets based on the type of application secret; encrypting the application secret using the hive key; and encrypting the hive key using the gatekeeper storage key. 2. A method as recited in claim 1, wherein selecting the appropriate hive key comprises: checking whether a hive key corresponding to the type of the application secret already exists; if the hive key does not already exist, then generating, by the trusted core, a hive key corresponding to the type of the application secret and selecting the newly created hive key; and if the hive key does already exist corresponding to the type of the application secret, then selecting the already existing hive key generated by the trusted core. 3. A method as recited in claim 1, wherein selecting the appropriate hive key comprises: selecting an appropriate hive key based at least in part on both the application from which the request is received and the type of the application secret. 4. A method as recited in claim 1, wherein sealing the gatekeeper storage key to the trusted core further comprises: using a secure storage operation provided by hardware of the computing device for securely storing the gatekeeper storage key, wherein the trusted core is able to retrieve the gatekeeper storage key when the trusted core is booted using an unseal operation provided by the hardware of the computing device. 5. A method as recited in claim 1, wherein the type of the application secret comprises one of: a non-migrateable secret, a user-migrateable secret, and a third party-migrateable secret, wherein at least three hive keys are generated: a first hive key for use in storing non-migrateable secrets, a second hive key for use in storing user-migrateable secrets, and a third hive key for use in storing third party migrateable secrets. 6. A method as recited in claim 1, further comprising: receiving a request to transfer the encrypted application secret to another computing device; and determining whether to allow the encrypted application secret to be transferred to another computing device based at least in part on the type of the application secret. 7. A method as recited in claim 6, wherein the determining comprises: if the type of the application secret is non-migrateable, then not allowing the application secret to be transferred; if the type of the application secret is user-migrateable, then allowing the application secret to be transferred under control of a user; and if the type of the application secret is third party-migrateable, then allowing the application secret to be transferred under control of a third party. 8. A method as recited in claim 1, wherein receiving the request to store an application secret comprises: receiving, from a trusted application executing on the computing device, a request to store an application secret. 9. One or more computer readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to: generate a gatekeeper key by a trusted core of an operating system on the computing device; receiving application data to be encrypted and stored; identify how the application data is to be allowed to be transferred to another computing device if a request to transfer the application data is received; select a particular one of a plurality of encryption keys to encrypt the application data, wherein the selecting is based at least in part on how the application data is to be allowed to be transferred to another computing device, the plurality of encryption keys being generated by the trusted core; encrypt the application data by the trusted core using the selected encryption key; and encrypt the selected encryption key using the gatekeeper key. 10. One or more computer storage readable media as recited in claim 9, wherein the plurality of instructions that cause the one or more processors to select the particular one of the plurality of encryption keys comprise instructions to: check whether an encryption key corresponding to a type of the application data already exists; if the encryption key does not already exist, then generate an encryption key corresponding to the type of the application data and select the newly created encryption key; and if the encryption key does already exist, then selecting the already existing encryption key previously generated by the one or more processors. 11. One or more computer readable storage media as recited in claim 9, wherein: the application data comprises one of: non-migrateable data, user-migrateable data, and third party-migrateable data, wherein at least three encryption keys are generated as the plurality of encryption keys: a first encryption key for use in storing the non-migrateable data, a second encryption key for use in storing the user-migrateable data, and a third encryption key for use in storing the third party migrateable data. 12. One or more computer readable storage media as recited in claim 9, further comprising instructions that, when executed by the one or more processors, cause the one or more processors to: receive a request to transfer the encrypted application data to another computing device; and determine whether to allow the encrypted application data to be transferred to the other computing device based at least in part on whether the application data is non-migrateable data, user-migrateable data, or third party-migrateable data. 13. One or more computer readable storage media as recited in claim 12, wherein the instructions to determine whether to allow the encrypted application data to be transferred to the other computing device further comprise instructions that, when executed by the one or more processors, cause the one or more processors to: if the application data is non-migrateable, then not allow the application secret to be transferred; if the application data is user-migrateable, then allow the application secret to be transferred under control of a user; and if the application data is third party-migrateable, then allow the application secret to be transferred under control of a third party. 14. One or more computer readable storage media as recited in claim 9, wherein the application data is received from a trusted application executing on the computing device, wherein the application data is received by the trusted core executing on the computing device, and wherein the trusted core generates the plurality of encryption keys. 15. A system comprising: a computing device including a processor and a memory coupled to the processor; an operating system stored in the memory and executed by the processor on the computing device, the operating system including at least a portion comprising a trusted core; a secret store maintained by the trusted core, wherein secrets passed to and encrypted by the trusted core are securely stored in the secret store; a cryptographic measure of the trusted core, wherein the cryptographic measure is derived from the trusted core and used to verify integrity of the trusted core when the trusted core is loaded for execution on the computing device; a gatekeeper storage key generated by the trusted core, wherein the gatekeeper storage key is sealed using a secure storage operation provided by hardware of the computing device for securely storing the gatekeeper storage key, wherein the trusted core is able to retrieve the gatekeeper storage key when the trusted core is booted using an unseal operation provided by the hardware of the computing device; and a plurality of encryption keys generated by the trusted core, wherein at least three encryption keys are generated according to how the application secret is to be allowed to be transferred to another system: a first encryption key for use in storing application secret classified as non-migrateable secrets, a second encryption key for use in storing application secrets classified as user-migrateable secrets, and a third encryption key for use in storing application secrets classified as third party migrateable secrets, wherein the trusted core is configured to receive a particular application secret to be securely stored, wherein the trusted core is configured to identify a secret type of the particular application secret according to how the particular application secret is to be allowed to be transferred to another system, wherein the trusted core is configured to select a particular one of the plurality of encryption keys to encrypt the particular application secret, wherein the selecting is based at least in part on the identified secret type, and wherein the trusted core is configured to encrypt the particular encryption key using the gate keeper storage key following encryption of the particular application secret. 16. A system as recited in claim 15, wherein the trusted core is further configured to: check whether an encryption key corresponding to the type of the application secret already exists; if the encryption key does not already exist, then create an encryption key corresponding to the type of the application secret and select the newly created encryption key; and if the encryption key does already exist, then selecting the already existing encryption key. 17. A system as recited in claim 15, wherein: the cryptographic measure is derived from the trusted core so that any changes to the trusted core are reflected in the cryptographic measure so that an altered trusted core will produce a different cryptographic measure. 18. A system as recited in claim 15, wherein the trusted core is further configured to: receive a request to transfer the encrypted application secret to another system; and determine whether to allow the encrypted application data to be transferred to the other system based at least in part on the secret type. 19. A system as recited in claim 18, wherein the trusted core is further configured to: if the secret type is non-migrateable, then not allow the application secret to be transferred; if the secret type is user-migrateable, then allow the application secret to be transferred under control of a user; and if the secret type is third party-migrateable, then allow the application secret to be transferred under control of a third party. 20. A system as recited in claim 15, wherein the trusted core is further configured to store policy information in association with the particular application secret, wherein the policy information identifies a migration policy imposed on the particular application secret.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.