News Column

Patent Application Titled "Offline Data Access Using Trusted Hardware" Published Online

July 1, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Kotla, Ramakrishna R. (Sunnyvale, CA); Rodeheffer, Thomas L. (Mountain View, CA), filed on December 12, 2012, was made available online on June 19, 2014.

The assignee for this patent application is Microsoft Corporation.

Reporters obtained the following quote from the background information supplied by the inventors: "Mobile experiences are enriched by applications that support offline data access. Decentralized databases, file systems, storage systems, and email applications support disconnected operation to provide better mobility and availability. With the increasing use of mobile devices, such as laptops, tablets, and smart phones, a use should have access to data despite being offline.

"However, support for such offline operation is at odds with security when the user is not trusted. An offline untrusted user (in full control of the user device) could perform arbitrary actions on whatever data was available and subsequently lie about it. This tension between mobility and security limits the use of disconnected operation in many potentially useful scenarios."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "A cryptographically-secure component is used to provide access-undeniability and verifiable revocation for clients with respect to downloaded content items from a content item server even where the clients access the downloaded content items while offline. A cryptographically-secure component is implemented in a client of the content item server. When the client wants to purchase and download a content item (e.g., a movie) from the content item server, the server requests an encryption key from the client. The cryptographically-secure component of the client generates an encryption key that is bound to a state of the client that is associated with decrypting the content item. The server encrypts the content item using the encryption key and sends the encrypted content item to the client. Because the encryption key used to encrypt the content item is bound to the state associated with the client decrypting the content item, if the client wants to decrypt and view the content item, the client may advance its state to the bound state in the cryptographically-secure component to retrieve the decryption key. Alternatively, if the receiving client wants to delete the content item without viewing it, the client may advance its state to a deletion state associated with the encrypted content item, after which the decryption key will no longer be available. The client may then request a refund for the purchased content item from the server.

"In an implementation, a request for a content item is received at a content item server from a client device. A request for an encryption key is sent from the content item server to the client device. The encryption key is received by the content item server from the client device. The encryption key is bound to a state associated with the client device accessing a decryption key corresponding to the encryption key. It is verified by the content item server that the state that the encryption key is bound to is the state associated with the client device accessing the corresponding decryption key. If the state that the encryption key is bound to is the state associated with the client device accessing the corresponding decryption key, the requested content item is encrypted using the encryption key, and the encrypted content item is sent to the client device.

"In an implementation, a content item is requested by a client device from a content item server. A request for an encryption key is received from the content item server by the client device. An encryption key is generated by the client device. The encryption key is generated by a cryptographically-secure component of the client device and is bound to a state associated with accessing a decryption key corresponding to the encryption key. The generated encryption key is sent to the content item server by the client device. An encrypted content item is received by the client device from the content item server. The encrypted content item was encrypted by the content item server using the encryption key.

"This summary is provided to introduce a selection of concepts in a simplified form that is further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

"The foregoing summary, as well as the following detailed description of illustrative embodiments, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the embodiments, there is shown in the drawings example constructions of the embodiments; however, the embodiments are not limited to the specific methods and instrumentalities disclosed. In the drawings:

"FIG. 1 is an illustration of an example environment for providing access-undeniability and verifiable revocation with respect to content items;

"FIG. 2 is a block diagram of an implementation of an example cryptographically-secure component;

"FIG. 3 is an operational flow of an implementation of a method for sending an encrypted content item;

"FIG. 4 is an operational flow of an implementation of a method for receiving a content item and responding to an audit;

"FIG. 5 is an operational flow of another implementation of a method for receiving a content item and responding to an audit; and

"FIG. 6 is a block diagram of an exemplary computing environment in which example embodiments and aspects may be implemented."

For more information, see this patent application: Kotla, Ramakrishna R.; Rodeheffer, Thomas L. Offline Data Access Using Trusted Hardware. Filed December 12, 2012 and posted June 19, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=478&p=10&f=G&l=50&d=PG01&S1=20140612.PD.&OS=PD/20140612&RS=PD/20140612

Keywords for this news article include: Microsoft Corporation, Information Technology, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters