Cryptography – Key management – Having particular key generator
Reexamination Certificate
2002-04-12
2009-06-09
Moise, Emmanuel L (Department: 2437)
Cryptography
Key management
Having particular key generator
Reexamination Certificate
active
07545931
ABSTRACT:
A method and system for securely storing, managing, and sending critical application data (application secrets) are disclosed. The invention provides an application program interface (API) through which applications (code components) can request a secure store component (SSC) store an application secret, retrieve an application secret, and send an application secret from one code component to another. The SSC encrypts and stores the application secrets using a symmetric cipher algorithm with a key derived by combining machine-specific entropy and evidence associated with the application (or code component), using a mechanism such as a hashing function. When an application requests the SSC to return a stored application secret, the SSC decrypts the secret using a key derived from machine-specific entropy and evidence associated with the application requesting the secret. A secret owning application can also request the SSC to create an object storing the encrypted secret, evidence associated with an intended recipient, and evidence associated with the owning application, in order to send the application secret to another code component.
REFERENCES:
patent: 6044155 (2000-03-01), Thomlinson et al.
patent: 6044388 (2000-03-01), DeBellis et al.
patent: 6330670 (2001-12-01), England et al.
patent: 6658567 (2003-12-01), Barton et al.
patent: 6694434 (2004-02-01), McGee et al.
patent: 6760441 (2004-07-01), Ellison et al.
patent: 7152165 (2006-12-01), Maheshwari et al.
patent: 2002/0172359 (2002-11-01), Saarinen
“ATIS Telecom Glossary 2000, T1.523-2001”, Feb. 28, 2001, pp. 1, obtained from http://www.atis.org/tg2k/—initialization—vector.html.
Pratschner, “Simplifying Deployment and Solving DLL Hell with the .NET Framework”, Sep. 2000, pp. 1-12, obtained from http://www.coldrooster.com/favsample/NETdll.asp.
Schneier, Bruce, “Applied Cryptography, Second Edition”, 1996, pp. 194, 294-295, and 436-445.
Alvestrand, H., “Tags for Identification of Languages”, RFC 1766, Mar. 1995, pp. 1-9.
Daemen et al., “AES Proposal: Rijndael”, Mar. 9, 1999, pp. 1-45.
Microsoft Corporation, “.NET Framework Tools: Strong Name Tool (Sn.exe)”, printed from http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfstrongnameutilitysnexe.asp on Apr. 1, 2002, 3 pages.
Microsoft Corporation, “How to: Create an Assembly with a Strong Name in .NET Framework SDK”, printed from http://support.microsoft.com/directory/article.asp?ID=kb;en-us;Q302340&SD=MSDN on Apr. 1, 2002, 2 pages.
Microsoft Corporation, “Authenticode”, printed from http://msdn.microsoft.com/workshop/security/authcode/authenticode—node—entry.asp on Apr. 1, 2002, 1 page.
C. Blundo et al., “Generalized Beimel-Chor Schemes for Broadcast Encryption and Interactive Key Distribution”, Theoretical Computer Science, vol. 200, pp. 313-334, 1998.
Siaw-Lynn Ng and Michael Walker, “On the Composition of Matroids and Ideal Secret Sharing Schemes”, Designs, Codes, and Cryptography, vol. 24, pp. 49-67, 2001.
Koji Okada et al., “Analysis on Secret Sharing Schemes with Non-Graphical Access Structures”, IEICE Transactions on Fundamentals of Electronics, Communications, and Computer Sciences, vol. E80-A, No. 1, pp. 85-89, Jan. 1997.
Taekyoung Kwon and Jooseok Song, “A Study on the Generalized Key Agreement and Password Authentication Protocol”, IEICE Transactions on Communications, vol. E83-B, No. 9, pp. 2044-2050, Sep. 2000.
Carlo Blundo et al., “New Bounds on the Information Rate of Secret Sharing Schemes”, IEICE Transactions on Information Theory, vol. 41, No. 2, pp. 549-554, Mar. 1995.
Carl Ellison et al., “Protecting Secret Keys with Personal Entropy”, Oct. 28, 1999, 13 pages.
R. Pereira and R. Adams, “RFC 2451: The ESP CBC-Mode Cipher Algorithms”, Nov. 1998, 14 pages.
C. Kaufman, “RFC 1507: Distributed Authentication Security Service”, §§ 1.2.6, 1.3.6, and 1.3.7, printed from http://www.ietf.org/rfc/rfc1507.txt?number=1507, Sep. 1993, 100 pages.
Birch & Stewart Kolasch & Birch, LLP
Microsoft Corporation
Moise Emmanuel L
Popham Jeffrey D
LandOfFree
Protection of application secrets does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protection of application secrets, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protection of application secrets will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4066714