CA2425006A1 - Saving and retrieving data based on symmetric key encryption - Google Patents
Saving and retrieving data based on symmetric key encryption Download PDFInfo
- Publication number
- CA2425006A1 CA2425006A1 CA002425006A CA2425006A CA2425006A1 CA 2425006 A1 CA2425006 A1 CA 2425006A1 CA 002425006 A CA002425006 A CA 002425006A CA 2425006 A CA2425006 A CA 2425006A CA 2425006 A1 CA2425006 A1 CA 2425006A1
- Authority
- CA
- Canada
- Prior art keywords
- data
- recited
- calling program
- bit string
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
In accordance with certain aspects, data is received from a calling program.
Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
Claims (85)
1. A method, implemented in a computing device, the method comprising:
receiving data from a calling program; and generating, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
receiving data from a calling program; and generating, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
2. A method as recited in claim 1, wherein the one or more target programs are identified by the calling program.
3. A method as recited in claim 1, further comprising returning the ciphertext to the calling program.
4. A method as recited in claim 1, wherein the data comprises a cryptographic key.
5. A method as recited in claim 1, wherein the one or more target programs comprises a plurality of target programs.
6. A method as recited in claim 1, wherein each of the one or more target programs is identified by a digest value generated by applying a cryptographic hash function to the target program.
7. A method as recited in claim 1, wherein the one or more target programs comprises the calling program.
8. A method as recited in claim 1, wherein receiving the data comprises receiving the data as part of a Seal operation.
9. A method as recited in claim 1, wherein generating the ciphertext composes:
generating an identifier of the calling program;
generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and encrypting the bit string to generate ciphertext.
generating an identifier of the calling program;
generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and encrypting the bit string to generate ciphertext.
10. A method as recited in claim 1, wherein generating the ciphertext comprises:
generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and encrypting the bit string.
generating a bit string which is a combination of the data, the identifier of the calling program, and identifiers of the one or more target programs; and encrypting the bit string.
11. A method as recited in claim 9, wherein encrypting the bit string comprises using a symmetric key and a symmetric cipher to encrypt the bit string.
12. A method as recited in claim 9, further comprising:
generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and returning the ciphertext and the MAC value to the calling program.
generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and returning the ciphertext and the MAC value to the calling program.
13. A method as recited in claim 9, further comprising:
generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and wherein encrypting the bit string comprises including the MAC value in the bit string prior to encrypting the bit string.
generating a message authentication code (MAC) value for the bit string by applying a message authentication code (MAC) to the bit string; and wherein encrypting the bit string comprises including the MAC value in the bit string prior to encrypting the bit string.
14. A method as recited in claim 9, further comprising:
generating a message authentication code (MAC) value for the ciphertext by applying a message authentication code (MAC) to the ciphertext; and returning the ciphertext and the MAC value to the calling program.
generating a message authentication code (MAC) value for the ciphertext by applying a message authentication code (MAC) to the ciphertext; and returning the ciphertext and the MAC value to the calling program.
15. A method as recited in claim 9, wherein the identifier of the calling program comprises a digest value generated by applying a cryptographic hash function to the calling program.
16. A method as recited in claim 9, wherein the combination of the data, the identifier of the calling program, and identifiers of the one or more target programs comprises a concatenation of the data, the identifier of the calling program, and identifiers of the one or more target programs.
17. A method, implemented in a computing device, the method comprising:
receiving a bit string from a calling program;
checking an identifier of the calling program to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string;
verifying the integrity of the data;
decrypting the data using a symmetric key; and returning the data to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
receiving a bit string from a calling program;
checking an identifier of the calling program to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string;
verifying the integrity of the data;
decrypting the data using a symmetric key; and returning the data to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
18. A method as recited in claim 17, further comprising decrypting the data encrypted in the ciphertext using a symmetric key to decrypt the bit string.
19. A method as recited in claim 17, wherein the data comprises a cryptographic key.
20. A method as recited in claim 17, further comprising:
returning, to the calling program, an identifier of a program that previously sealed the data.
returning, to the calling program, an identifier of a program that previously sealed the data.
21. A method as recited in claim 20, wherein the identifier of the program that previously sealed the data comprises a digest value generated by applying a cryptographic hash function to the program that previously sealed the data.
22. A method as recited in claim 17, wherein the checking comprises:
obtaining, from the bit string, an identifier of a target program that is allowed to access the data;
checking whether the identifier of the target program is the same as the identifier of the calling program;
determining that the calling program is allowed to access the data if the identifier of the target program is the same as the identifier of the calling program;
and determining that the calling program is not allowed to access the data if the identifier of the target program is not the same as the identifier of the calling program.
obtaining, from the bit string, an identifier of a target program that is allowed to access the data;
checking whether the identifier of the target program is the same as the identifier of the calling program;
determining that the calling program is allowed to access the data if the identifier of the target program is the same as the identifier of the calling program;
and determining that the calling program is not allowed to access the data if the identifier of the target program is not the same as the identifier of the calling program.
23. A method as recited in claim 17, wherein the checking comprising:
obtaining, from the bit string, identifiers of a plurality of target programs that are allowed to access the data;
checking whether the identifier of the calling program is the same as at least one of the identifiers of the plurality of target programs;
determining that the calling program is allowed to access the data if the identifier of the calling program is the same as at least one of the identifiers of the plurality of target programs; and determining that the calling program is not allowed to access the data if the identifier of the calling program is not the same as any of the identifiers of the plurality of target programs.
obtaining, from the bit string, identifiers of a plurality of target programs that are allowed to access the data;
checking whether the identifier of the calling program is the same as at least one of the identifiers of the plurality of target programs;
determining that the calling program is allowed to access the data if the identifier of the calling program is the same as at least one of the identifiers of the plurality of target programs; and determining that the calling program is not allowed to access the data if the identifier of the calling program is not the same as any of the identifiers of the plurality of target programs.
24. A method as recited in claim 17, wherein the identifier of the calling program comprises a digest value generated by applying a cryptographic hash function to the target program.
25. A method as recited in claim 17, wherein receiving the bit string comprises receiving the bit string as part of an Unseal operation.
26. A method as recited in claim 17, wherein the bit string comprises a combination of the ciphertext and a message authentication code (MAC) value for the ciphertext.
27. A method as recited in claim 17, wherein the bit string comprises a combination of the ciphertext and a message authentication code (MAC) value for the data.
28. A method as recited in claim 17, wherein the bit string comprises a ciphertext generated from a combination of the data and a message authentication code (MAC) value for the data.
29. A method as recited in claim 17, wherein the verifying comprises:
obtaining the data by decrypting the ciphertext;
generating a message authentication code (MAC) value for the obtained data;
comparing the generated MAC value to a MAC value received as part of the bit string; and successfully verifying the integrity of the data only if the generated MAC
value is equal to the MAC value received as part of the bit string.
obtaining the data by decrypting the ciphertext;
generating a message authentication code (MAC) value for the obtained data;
comparing the generated MAC value to a MAC value received as part of the bit string; and successfully verifying the integrity of the data only if the generated MAC
value is equal to the MAC value received as part of the bit string.
30. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or mare processors to:
receive data from a calling program;
generate, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext;
after the ciphertext is generated, receive a bit string from another calling program;
check an identifier of the other calling program to determine whether the other calling program is allowed to access data encrypted in the ciphertext of the bit string;
verify the integrity of the data;
decrypt the data using a symmetric key; and return the data to the other calling program only if the other calling program is allowed to access the data and if the integrity of the data is successfully verified.
receive data from a calling program;
generate, using a symmetric cipher, ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext;
after the ciphertext is generated, receive a bit string from another calling program;
check an identifier of the other calling program to determine whether the other calling program is allowed to access data encrypted in the ciphertext of the bit string;
verify the integrity of the data;
decrypt the data using a symmetric key; and return the data to the other calling program only if the other calling program is allowed to access the data and if the integrity of the data is successfully verified.
31. One or more computer readable media as recited in claim 30, wherein the calling program and the other calling program are the same program.
32. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
obtain an identifier of a calling program;
generate a bit string including the identifier of the calling program, data to be sealed for the calling program, and an identifier of a target program that is allowed to unseal the data;
generate a message authentication code (MAC) value for the bit string;
encrypting the bit stream using a symmetric key and a symmetric cipher;
and returning the MAC value and the encrypted bit string to the calling program.
obtain an identifier of a calling program;
generate a bit string including the identifier of the calling program, data to be sealed for the calling program, and an identifier of a target program that is allowed to unseal the data;
generate a message authentication code (MAC) value for the bit string;
encrypting the bit stream using a symmetric key and a symmetric cipher;
and returning the MAC value and the encrypted bit string to the calling program.
33. One or more computer readable media as recited in claim 32, wherein the instructions that cause the one or more processors to obtain the identifier of the calling program comprises instructions that cause the one or more processors to generate a digest of the calling program using a cryptographic hash function.
34. One or more computer readable media as recited in claim 32, wherein the instructions further cause the one or more processors to receive, from the calling program, the data.
35. One or more computer readable media as recited in claim 32, wherein the instructions further cause the one or more processors to generate a random value to be used as the data.
36. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
receive, from a calling program, a bit string including ciphertext and a message authentication code (MAC) value;
decrypt the ciphertext in the bit string using a symmetric key to generate plaintext data;
generate a message authentication code (MAC) value for at least a portion of the plaintext data;
check whether the MAC value in the bit string is equal to the generated MAC value;
check whether the calling program is allowed to unseal the plaintext data;
and return the plaintext data to the calling program only if the MAC value in the bit string is equal to the generated MAC value and if the calling program is allowed to unseal the plaintext data.
receive, from a calling program, a bit string including ciphertext and a message authentication code (MAC) value;
decrypt the ciphertext in the bit string using a symmetric key to generate plaintext data;
generate a message authentication code (MAC) value for at least a portion of the plaintext data;
check whether the MAC value in the bit string is equal to the generated MAC value;
check whether the calling program is allowed to unseal the plaintext data;
and return the plaintext data to the calling program only if the MAC value in the bit string is equal to the generated MAC value and if the calling program is allowed to unseal the plaintext data.
37. One or more computer readable media as recited in claim 36, wherein the instructions further cause the one or more processors to:
generate a digest of the calling program using a cryptographic hash function;
compare the digest of the calling program to one or ignore digests identified in the bit string; and determine that the calling program is allowed to unseal the plaintext data only if the digest of the calling program is the same as at least one of the one or more digests identified in the bit string.
generate a digest of the calling program using a cryptographic hash function;
compare the digest of the calling program to one or ignore digests identified in the bit string; and determine that the calling program is allowed to unseal the plaintext data only if the digest of the calling program is the same as at least one of the one or more digests identified in the bit string.
38. One or more computer readable media as recited in claim 36, wherein the one or more digests identified in the bit string are part of the ciphertext.
39. A system comprising:
means for receiving data from a calling program; and means for using a symmetric key to generate ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
means for receiving data from a calling program; and means for using a symmetric key to generate ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
40. A system comprising:
means for receiving a bit string from a calling program;
means for checking an identifier of the calling program to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string;
means for verifying the integrity of the data;
means for decrypting the data using a symmetric key; and means for returning the data to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
means for receiving a bit string from a calling program;
means for checking an identifier of the calling program to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string;
means for verifying the integrity of the data;
means for decrypting the data using a symmetric key; and means for returning the data to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
41. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
identify data to be sealed; and invoke a seal operation, passing the data as an input to the seal operation and identifying one or more conditions that are to be satisfied in order for the data to be unsealed.
identify data to be sealed; and invoke a seal operation, passing the data as an input to the seal operation and identifying one or more conditions that are to be satisfied in order for the data to be unsealed.
42. One or more computer readable media as recited in claim 41, wherein the instructions further cause the one or more processors to receive, in response to the seal operation, ciphertext including the data in an encrypted form, wherein the data is encrypted using a symmetric cipher.
43. One or more computer readable media as recited in claim 41, wherein the one or more conditions comprise identifiers of one or more target programs that are allowed to unseal the data.
44. One or more computer readable media as recited in claim 43, wherein the instructions further cause the one or more processors to pass, as another input to the seal operation, identifiers of the one or more target programs.
45. One or more computer readable media as recited in claim 44, wherein for each of the one or more target programs, the identifier of the target program comprises a digest generated by applying a cryptographic hash function to the target program.
46. One or more computer readable media as recited in claim 43, wherein a program that invokes the seal operation is the one or more target programs.
47. One or more computer readable media as recited in claim 41, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed.
48. One or more computer readable media as recited in claim 41, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true.
49. One or more computer readable media as recited in claim 41, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true.
50. A method, implemented in a computing device, the method comprising:
receiving, from a calling program, a request to generate and seal data;
generating a random value to use as the data; and generating ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
receiving, from a calling program, a request to generate and seal data;
generating a random value to use as the data; and generating ciphertext that includes the data, wherein the ciphertext is generated in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext.
51. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or ignore processors of a computing device, causes the one or more processors to:
invoke a genseal operation, identifying one or more conditions that are to be satisfied in order for data to be unsealed; and have, in response to the genseal operation, the data randomly generated sealed so that the data can be unsealed only if the one or more conditions are satisfied.
invoke a genseal operation, identifying one or more conditions that are to be satisfied in order for data to be unsealed; and have, in response to the genseal operation, the data randomly generated sealed so that the data can be unsealed only if the one or more conditions are satisfied.
52. One or more computer readable media as recited in claim 51, wherein the one or more conditions comprise identifiers of one or more target programs that are allowed to unseal the data.
53. One or more computer readable media as recited in claim 52, wherein the instructions further cause the one or more processors to pass, as an input to the genseal operation, identifiers of the one or more target programs.
54. One or more computer readable media as recited in claim 53, wherein for each of the one or more target programs, the identifier of the target program comprises a digest generated by applying a cryptographic hash function to the target program.
55. One or more computer readable media as recited in claim 52, wherein a program that invokes the genseal operation is the one or more target programs.
56. One or more computer readable media as recited in claim 51, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed.
57. One or more computer readable media as recited in claim 51, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true.
58. One or more computer readable media as recited in claim 51, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true.
59. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
invoke an unseal operation in order to have a bit string decrypted, passing the bit string as an input to the unseal operation; and receive, in response to invoking the unseal operation, at least a portion of the decrypted bit string only if the plurality of instructions are allowed to unseal the bit string, wherein the data is decrypted using a symmetric cipher.
invoke an unseal operation in order to have a bit string decrypted, passing the bit string as an input to the unseal operation; and receive, in response to invoking the unseal operation, at least a portion of the decrypted bit string only if the plurality of instructions are allowed to unseal the bit string, wherein the data is decrypted using a symmetric cipher.
60. One or more computer readable media as recited in claim 59, wherein the plurality of instructions are allowed to unseal the bit string if a digest generated by applying a cryptographic hash function to the plurality of instructions is the same as one or more digests identified by a calling program when data encrypted in the bit string was previously sealed.
61. One or more computer readable media as recited in claim 59, wherein the input to the unseal operation is a pointer to the bit string.
62. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
invoke an unseal operation in order to obtain data from a sealed bit string;
and receive, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied.
invoke an unseal operation in order to obtain data from a sealed bit string;
and receive, in response to invoking the unseal operation, the data from the sealed bit string only if one or more conditions that are to be satisfied in order for the data to be unsealed are satisfied.
63. One or more computer readable media as recited in claim 62, wherein the one or more conditions comprise one or more identifiers of programs that are allowed to unseal the data.
64. One or more computer readable media as recited in claim 62, wherein one of the one or more conditions comprises a time constraint for when the data can be unsealed.
65. One or more computer readable media as recited in claim 62, wherein one of the one or more conditions comprises a logical formula to be evaluated, and wherein the data can be unsealed only if the logical formula evaluates true.
66. One or more computer readable media as recited in claim 62, wherein one of the one or more conditions comprises a program to be executed, and wherein the data can be unsealed only if execution of the program returns an indication of true.
67. A system comprising:
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and allowing access to the root resource only to principals authorized to access the root resource.
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that act as principals that request access to the root resource from the next lower layer and that act as guards to the root resource toward principals in the next higher layer; and allowing access to the root resource only to principals authorized to access the root resource.
68. A system as recited in claim 67, wherein the plurality of hierarchical layers comprises four layers, wherein the lowest layer comprises a security kernel layer, wherein a next lowest layer comprises a basic input/output system layer, wherein a next lowest layer comprises an operating system layer, and wherein a highest layer comprises an application layer.
69. A system as recited in claim 67, wherein the allowing comprises using a Seal operation to securely seal the root resource and an Unseal operation to retrieve the root resource.
70. A system as recited in claim 67, wherein the root resource comprises a cryptographic key.
71. A system comprising:
a plurality of hierarchical layers including a lowest layer that guards a root resource;
a plurality of guards included in each of the plurality of hierarchical layers, wherein each guard is a service guard or a disclosure guard;
wherein each service guard allows principals in the next higher layer to request operations to be performed with protected data, and wherein the service guard performs the operation only if a condition is satisfied; and wherein each disclosure guard allows principals in the next higher layer to request protected data to be disclosed to the principals, and wherein the disclosure guard discloses the protected data only if another condition is satisfied.
a plurality of hierarchical layers including a lowest layer that guards a root resource;
a plurality of guards included in each of the plurality of hierarchical layers, wherein each guard is a service guard or a disclosure guard;
wherein each service guard allows principals in the next higher layer to request operations to be performed with protected data, and wherein the service guard performs the operation only if a condition is satisfied; and wherein each disclosure guard allows principals in the next higher layer to request protected data to be disclosed to the principals, and wherein the disclosure guard discloses the protected data only if another condition is satisfied.
72. A system as recited in claim 71, wherein each of the principals in the next higher layer is a service guard or a disclosure guard.
73. A system as recited in claim 71, wherein one or more guards are implemented by obtaining protected data from a guard in the layer below it.
74. A system as recited in claim 71, wherein one or more guards are implemented by requesting a service from a guard in the layer below it.
75. A system as recited in claim 71, wherein the protected data are cryptographic keys.
76. A system as recited in claim 71, wherein one or more service guards expose, on protected data, one or more of encryption, decryption, digital signing, Message Authentication Code (MAC), and combined digital signing and integrity verification.
77. A system comprising:
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that, act as principals that request, from the next lower layer, operations to be performed using the root resource, and act as guards to the root resource toward principals in the next higher layer; and allowing the operations to be performed using the root resource only for principals authorized to access the root resource.
a plurality of hierarchical layers including a lowest layer that guards a root resource;
wherein the plurality of hierarchical layers further includes one or more intermediate layers that, act as principals that request, from the next lower layer, operations to be performed using the root resource, and act as guards to the root resource toward principals in the next higher layer; and allowing the operations to be performed using the root resource only for principals authorized to access the root resource.
78. A system as recited in claim 77, wherein the plurality of hierarchical layers comprises four layers, wherein the lowest layer comprises a security kernel layer, wherein a next lowest layer comprises a basic input/output system layer, wherein a next lowest layer comprises an operating system layer, and wherein a highest layer comprises an application layer.
79. A system as recited in claim 77, wherein the root resource comprises a cryptographic key.
80. One or more computer readable media having stored thereon a plurality of instructions to implement a BoundMAC operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
receive, as an input, both data and a bound key blob, wherein the bound key blob is bound to the one or more processors;
recover, from the bound key blob, a bound symmetric key associated with the bound key blob;
generate a message authentication code (MAC) over the data using the bound symmetric key; and output the digital signature.
receive, as an input, both data and a bound key blob, wherein the bound key blob is bound to the one or more processors;
recover, from the bound key blob, a bound symmetric key associated with the bound key blob;
generate a message authentication code (MAC) over the data using the bound symmetric key; and output the digital signature.
81. One or more computer readable media as recited in claim 80, wherein the bound symmetric key is restricted, by an element of the bound key blob, to being used by the BoundMAC operation.
82. One or more computer readable media having stored thereon a plurality of instructions to implement a BoundEncrypt operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
receive, as an input, both data to be encrypted and a bound key blob, wherein the bound key blob is bound to the one or more processors;
recover, based on data in the bound key blob, a bound symmetric key associated with the bound key blob;
encrypt the data using the bound symmetric key to generate ciphertext; and output the ciphertext.
receive, as an input, both data to be encrypted and a bound key blob, wherein the bound key blob is bound to the one or more processors;
recover, based on data in the bound key blob, a bound symmetric key associated with the bound key blob;
encrypt the data using the bound symmetric key to generate ciphertext; and output the ciphertext.
83. One or more computer readable media as recited in claim 82, wherein the bound symmetric key is restricted to being used by the BoundEncrypt operation.
84. One or more computer readable media having stored thereon a plurality of instructions to implement a BoundDecrypt operation, wherein the plurality of instructions, when executed by one or more processors of a computing device, causes the one or more processors to:
receive, as an input, both ciphertext and a bound key structure, wherein the bound key structure is bound to the one or more processors;
recover, from the bound key structure, a symmetric key associated with the bound key structure;
decrypt the ciphertext using the symmetric key to generate plaintext corresponding to the ciphertext; and output the plaintext.
receive, as an input, both ciphertext and a bound key structure, wherein the bound key structure is bound to the one or more processors;
recover, from the bound key structure, a symmetric key associated with the bound key structure;
decrypt the ciphertext using the symmetric key to generate plaintext corresponding to the ciphertext; and output the plaintext.
85. One or more computer readable media as recited in claim 84, wherein the symmetric key is restricted, based on a key usage element of the bound key structure, to being used by the BoundDecrypt operation.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US37350502P | 2002-04-17 | 2002-04-17 | |
US60/373,505 | 2002-04-17 |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2425006A1 true CA2425006A1 (en) | 2003-10-17 |
CA2425006C CA2425006C (en) | 2012-06-05 |
Family
ID=29270506
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2778805A Expired - Fee Related CA2778805C (en) | 2002-04-17 | 2003-04-09 | Saving and retrieving data based on public key encryption |
CA2425006A Expired - Fee Related CA2425006C (en) | 2002-04-17 | 2003-04-09 | Saving and retrieving data based on symmetric key encryption |
CA2425010A Expired - Fee Related CA2425010C (en) | 2002-04-17 | 2003-04-09 | Saving and retrieving data based on public key encryption |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2778805A Expired - Fee Related CA2778805C (en) | 2002-04-17 | 2003-04-09 | Saving and retrieving data based on public key encryption |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2425010A Expired - Fee Related CA2425010C (en) | 2002-04-17 | 2003-04-09 | Saving and retrieving data based on public key encryption |
Country Status (2)
Country | Link |
---|---|
CN (6) | CN100351815C (en) |
CA (3) | CA2778805C (en) |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
US7673345B2 (en) * | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
US7747024B2 (en) * | 2007-02-09 | 2010-06-29 | Lenovo (Singapore) Pte. Ltd. | System and method for generalized authentication |
CN101561815B (en) * | 2009-05-19 | 2010-10-13 | 华中科技大学 | Distributed cryptograph full-text retrieval system |
US9904803B2 (en) * | 2015-03-25 | 2018-02-27 | Intel Corporation | Technologies for hardening data encryption with secure enclaves |
WO2018057479A1 (en) * | 2016-09-21 | 2018-03-29 | Mastercard International Incorporated | Method and system for double anonymization of data |
CN108111587B (en) * | 2017-12-15 | 2020-11-06 | 中山大学 | Cloud storage searching method based on time release |
CN109829294B (en) * | 2019-01-31 | 2021-07-13 | 云丁网络技术(北京)有限公司 | Firmware verification method, system, server and electronic equipment |
WO2020007339A1 (en) | 2018-07-04 | 2020-01-09 | Yunding Network Technology (Beijing) Co., Ltd. | Method and system for operating an electronic device |
CN109284585B (en) * | 2018-08-17 | 2020-12-22 | 网宿科技股份有限公司 | Script encryption method, script decryption operation method and related device |
CN110365490B (en) * | 2019-07-25 | 2022-06-21 | 中国工程物理研究院电子工程研究所 | Information system integration security policy method based on token encryption authentication |
CN112434711B (en) * | 2020-11-27 | 2023-10-13 | 杭州海康威视数字技术股份有限公司 | Data management method and device and electronic equipment |
CN112558019B (en) * | 2020-12-14 | 2023-08-15 | 北京遥感设备研究所 | Extraterrestrial celestial body landing measurement radar receiving and transmitting isolation system based on pseudo code modulation |
CN112738219B (en) * | 2020-12-28 | 2022-06-10 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
CN112667586B (en) * | 2021-01-26 | 2023-04-25 | 浪潮通用软件有限公司 | Method, system, equipment and medium for synchronizing data based on stream processing |
CN113609510B (en) * | 2021-09-28 | 2021-12-24 | 武汉泰乐奇信息科技有限公司 | Big data encryption transmission method and device based on distributed storage |
CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
CN115277259B (en) * | 2022-09-27 | 2023-02-28 | 南湖实验室 | Method for supporting large-scale cross-platform migration of persistent data through privacy calculation |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557765A (en) * | 1994-08-11 | 1996-09-17 | Trusted Information Systems, Inc. | System and method for data recovery |
NZ337060A (en) * | 1997-02-07 | 2000-02-28 | Salbu Res & Dev Pty Ltd | Secure packet radio network, newly activated user stations pass key request to network operator station |
US6229894B1 (en) * | 1997-07-14 | 2001-05-08 | Entrust Technologies, Ltd. | Method and apparatus for access to user-specific encryption information |
US6032260A (en) * | 1997-11-13 | 2000-02-29 | Ncr Corporation | Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same |
US6560706B1 (en) * | 1998-01-26 | 2003-05-06 | Intel Corporation | Interface for ensuring system boot image integrity and authenticity |
US6263431B1 (en) * | 1998-12-31 | 2001-07-17 | Intle Corporation | Operating system bootstrap security mechanism |
KR100684056B1 (en) * | 1999-01-28 | 2007-02-16 | 코닌클리케 필립스 일렉트로닉스 엔.브이. | Synchronisation of decryption keys in a data packet transmission system |
-
2003
- 2003-04-09 CA CA2778805A patent/CA2778805C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2425006A patent/CA2425006C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2425010A patent/CA2425010C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB03131208XA patent/CN100351815C/en not_active Expired - Lifetime
- 2003-04-17 CN CN 200710152963 patent/CN101166096B/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152961 patent/CN101166095B/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200610059598 patent/CN100547598C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB031307744A patent/CN1322431C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200610059571 patent/CN100543759C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101166096A (en) | 2008-04-23 |
CN101166096B (en) | 2012-01-11 |
CN1322431C (en) | 2007-06-20 |
CA2778805C (en) | 2015-01-20 |
CA2425010C (en) | 2013-11-19 |
CA2425010A1 (en) | 2003-10-17 |
CN101166095A (en) | 2008-04-23 |
CN101166095B (en) | 2013-01-16 |
CN100543759C (en) | 2009-09-23 |
CN1493996A (en) | 2004-05-05 |
CN1822015A (en) | 2006-08-23 |
CA2425006C (en) | 2012-06-05 |
CN100547598C (en) | 2009-10-07 |
CA2778805A1 (en) | 2003-10-17 |
CN100351815C (en) | 2007-11-28 |
CN1487422A (en) | 2004-04-07 |
CN1822016A (en) | 2006-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2425006A1 (en) | Saving and retrieving data based on symmetric key encryption | |
KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
Yun et al. | On protecting integrity and confidentiality of cryptographic file system for outsourced storage | |
US7215771B1 (en) | Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network | |
CN101369889B (en) | Method for electronic endorsement of document | |
JP2017139811A5 (en) | ||
US20140223580A1 (en) | Method of and apparatus for processing software using hash function to secure software, and computer-readable medium storing executable instructions for performing the method | |
KR20030082485A (en) | Saving and retrieving data based on symmetric key encryption | |
CN103797489A (en) | System and method for securely binding and node-locking program execution to a trusted signature authority | |
WO2011083343A2 (en) | System and method of enforcing a computer policy | |
CN104573549A (en) | Credible method and system for protecting confidentiality of database | |
CN101142599A (en) | Digital rights management system based on hardware identification | |
KR20040094724A (en) | Multi-token seal and unseal | |
US10924282B2 (en) | System and method for measuring and reporting IoT boot integrity | |
JP2019517080A5 (en) | ||
CN106452764A (en) | Method for automatically updating identification private key and password system | |
CN105740725A (en) | File protection method and system | |
KR101269089B1 (en) | Software modulation prevention method using own encryption | |
CN105320895A (en) | High performance autonomous hardware engine for online encryption processing | |
US8774407B2 (en) | System and method for executing encrypted binaries in a cryptographic processor | |
US9571273B2 (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
Alzomai et al. | The mobile phone as a multi OTP device using trusted computing | |
CN110798306A (en) | Safe and credible data hosting method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20220301 |
|
MKLA | Lapsed |
Effective date: 20200831 |