IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0557581
(2006-11-08)
|
등록번호 |
US-7765397
(2010-08-13)
|
발명자
/ 주소 |
- England, Paul
- Peinado, Marcus
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
8 인용 특허 :
103 |
초록
▼
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a b
In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.
대표청구항
▼
The invention claimed is: 1. One or more computer storage media having stored thereon a plurality of instructions to implement a GenBoundKey operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to: generat
The invention claimed is: 1. One or more computer storage media having stored thereon a plurality of instructions to implement a GenBoundKey operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to: generate, in response to a program calling the GenBoundKey operation, a data structure for a new bound key that is to be bound to the one or more processors, wherein the data structure includes: data that allows a private key of a public/private key pair to be recovered from the data structure; a key usage element that identifies a key operation that can be performed with the private key, the key operation being one of a decrypt operation that decrypts additional data using the private key, a sign operation that digitally signs additional data using the private key, and a quote operation that digitally signs both additional data and an identifier of a program invoking the quote operation; and a condition element that specifies one or more conditions under which the private key can be used; cryptographically protect the data structure; and return the cryptographically protected data structure generated by the GenBoundKey operation to the calling program. 2. One or more computer storage media as recited in claim 1, wherein the instructions that cause the one or more processors to cryptographically protect the data structure comprise instructions that cause the one or more processors to encrypt the data structure using a public key of the public/private key pair. 3. One or more computer storage media having stored thereon a plurality of instructions to implement a BoundKeyMigrate operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to: receive, as an input, a data structure including both a bound key and a usage condition that specifies under what conditions the bound key can be used, wherein the bound key is bound to a program calling the BoundKeyMigrate operation; verify that the usage condition can be changed by the program calling the BoundKeyMigrate operation, wherein to verify that the usage condition can be changed by the program calling the BoundKeyMigrate operation is to verify that the program calling the BoundKeyMigrate operation is permitted to migrate the bound key; and if the verification is successful, then change the usage condition and produce a new data structure including both the bound key and the changed usage condition. 4. One or more computer storage media as recited in claim 3, wherein the usage condition comprises an identifier of a program to which the key is bound. 5. One or more computer storage media as recited in claim 3, wherein the instructions that cause the one or more processors to verify that the usage condition can be changed by the program further comprise instructions that cause the one or more processors to verify that the bound key is marked as being migrateable. 6. One or more computer storage media as recited in claim 3, wherein the instructions that cause the one or more processors to verify that the usage condition can be changed by the program further comprise instructions that cause the one or more processors to verify that a logical formula evaluates true. 7. One or more computer storage media as recited in claim 3, wherein the instructions that cause the one or more processors to verify that the usage condition can be changed by the program further comprise instructions that cause the one or more processors to verify that execution of a particular program returns an indication of true. 8. One or more computer storage media as recited in claim 3, wherein the instructions that cause the one or more processors to verify that the usage condition can be changed by the program further comprise instructions that cause the one or more processors to verify that a time constraint is satisfied. 9. One or more computer storage media having stored thereon a plurality of instructions to implement a BoundKeyExport operation, wherein the plurality of instructions, when executed by a processor of a computing device, causes the processor to: receive, as an input, a data structure including a bound key, wherein the bound key is bound to a secure service processor via a cryptographic operation based on a key of the secure service processor; verify that the bound key can be re-bound to a different secure service processor, wherein to verify that the bound key can be re-bound to a different secure service processor is to verify that a program calling the BoundKeyExport operation is permitted to export the bound key; and re-bind the bound key to the different secure service processor if the verification is successful, wherein the bound key is re-bound to the different secure service processor via a cryptographic operation based on a key of the different secure service processor. 10. One or more computer storage media as recited in claim 9, wherein the secure service processor comprises the processor and the different secure service processor comprises another processor. 11. One or more computer storage media as recited in claim 9, wherein the different secure service processor is identified as an input to the BoundKeyExport operation. 12. One or more computer storage media as recited in claim 9, wherein the instructions that cause the processor to verify that the bound key can be re-bound to a different secure service processor further comprise instructions that cause the processor to verify that the bound key is marked as being exportable. 13. One or more computer storage media as recited in claim 9, wherein the instructions that cause the processor to verify that the bound key can be re-bound to a different secure service processor further comprise instructions that cause the processor to verify that a logical formula evaluates true. 14. One or more computer storage media as recited in claim 9, wherein the instructions that cause the processor to verify that the bound key can be re-bound to a different secure service processor further comprise instructions that cause the processor to verify that execution of a particular program returns an indication of true. 15. One or more computer storage media as recited in claim 9, wherein the instructions that cause the processor to verify that the bound key can be re-bound to a different secure service processor further comprise instructions that cause the processor to verify that a time constraint is satisfied.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.