IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0557641
(2006-11-08)
|
등록번호 |
US-7587589
(2009-09-22)
|
발명자
/ 주소 |
- England, Paul
- Peinado, Marcus
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
10 인용 특허 :
95 |
초록
▼
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit s
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
대표청구항
▼
The invention claimed is: 1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to: implement a system having a plurality of hierarchical layers including a lowest layer
The invention claimed is: 1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to: implement a system having a plurality of hierarchical layers including a lowest layer that guards a root resource, wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and allow access to the root resource only to principals authorized to access the root resource, wherein to allow the access is to: use a first operation to securely seal the root resource along with identifiers of multiple principals that are allowed to access the root resource; and use a second operation to retrieve the root resource. 2. One or more computer storage media as recited in claim 1, wherein the plurality of hierarchical layers comprises four layers, wherein the lowest layer comprises a security kernel layer, wherein a next lowest layer comprises a basic input/output system layer, wherein a next lowest layer comprises an operating system layer, and wherein a highest layer comprises an application layer. 3. One or more computer storage media as recited in claim 1, wherein the root resource comprises a cryptographic key. 4. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to: implement a system having: a plurality of hierarchical layers including a lowest layer that guards a root resource, the lowest layer using a first operation to securely seal the root resource, and a second operation to retrieve the root resource and allow a principal in another layer of the plurality of hierarchical layers to access the root resource only if an identifier of the principal is included with the root resource as one of multiple identifiers of principals allowed to access the root resource; and a plurality of guards included in each of the plurality of hierarchical layers, wherein each guard is a service guard or a disclosure guard; wherein each service guard allows principals in the next higher layer to request operations to be performed with protected data, and wherein the service guard performs the operation only if a condition is satisfied; and wherein each disclosure guard allows principals in the next higher layer to request protected data to be disclosed to the principals, and wherein the disclosure guard discloses the protected data only if another condition is satisfied. 5. One or more computer storage media as recited in claim 4, wherein each of the principals in the next higher layer is a service guard or a disclosure guard. 6. One or more computer storage media as recited in claim 4, wherein one or more guards are implemented by obtaining protected data from a guard in the layer below it. 7. One or more computer storage media as recited in claim 4, wherein one or more guards are implemented by requesting a service from a guard in the layer below it. 8. One or more computer storage media as recited in claim 4, wherein the protected data are cryptographic keys. 9. One or more computer storage media as recited in claim 4, wherein one or more service guards expose, on protected data, one or more of encryption, decryption, digital signing, Message Authentication Code (MAC), and combined digital signing and integrity verification. 10. A computing device comprising: a processor; one or more computer storage media to store multiple instructions that, when executed by the processor, cause the processor to: implement a plurality of hierarchical layers including a lowest layer that guards a root resource; wherein the plurality of hierarchical layers further includes one or more intermediate layers that, act as principals that request, from the next lower layer, operations to be performed using the root resource, and act as guards to the root resource toward principals in the next higher layer; and allow the operations to be performed using the root resource only for principals authorized to access the root resource, identifiers of multiple principals authorized to access the root resource being sealed with the root resource. 11. A computing device as recited in claim 10, wherein the plurality of hierarchical layers comprises four layers, wherein the lowest layer comprises a security kernel layer, wherein a next lowest layer comprises a basic input/output system layer, wherein a next lowest layer comprises an operating system layer, and wherein a highest layer comprises an application layer. 12. A computing device as recited in claim 10, wherein the root resource comprises a cryptographic key.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.