Who is the assignee on this patent?

Microsoft Technology Licensing Llc, Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification H04L63/061. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Apr 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Updating stored encrypted data with enhanced security

US9942208B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9942208-B2
Application number	US-201414542257-A
Country	US
Kind code	B2
Filing date	Nov 14, 2014
Priority date	Nov 14, 2014
Publication date	Apr 10, 2018
Grant date	Apr 10, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Technologies described herein provide enhanced security for storing and updating secret data, such as a password. Based on one or more conditions, an existing encryption key or a new encryption key may be used to generate encrypted data at a client computing device. The encrypted data may be communicated from the client computing device to a secret store managed by a first entity for storage of the encrypted data in the secret store. Based on one or more conditions, the new encryption key may be communicated from the client computing device to a key store managed by a second entity for storage of the new encryption key in the key store.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method, the method comprising computer-implemented operations for: receiving a data update at a client computing device; determining, at the client computing device, if there is a need to change an existing encryption key; if it is determined that there is the need to change the existing encryption key, encrypting, at the client computing device, the data update to create encrypted data update using a new encryption key, communicating the encrypted data update from the client computing device to a first data store of a first entity for storage of the encrypted data update and a first meta data associated with the encrypted data update in a secret container on the first data store, wherein the encrypted data update is associated with an identifier, wherein the identifier is stored in the first metadata, and communicating the new encryption key from the client computing device to a second data store of a second entity for storage of the new encryption key in a key container of the second data store, wherein the identifier is further associated with the new encryption key, and the identifier is stored in a second metadata associated with the new encryption key, wherein the key container of the second data store further comprises the second metadata, wherein the client computing device is configured to modify a data structure on the second data store, and wherein the data structure on the second data store identifies a first level of access to the second metadata for a first identity and a second level of access to the existing or new encryption key for a second identity, wherein the first level of access and the second level of access are different; wherein determining if there is the need to change the existing encryption key comprises: accessing the second metadata stored in the second data store, wherein the second metadata is associated with the existing encryption key, and wherein the second metadata indicates an attribute associated with the existing encryption key, determining, at the client computing device, if the attribute associated with the existing encryption key meets a condition, determining, based on the condition, that there is the need to change the existing encryption key, and communicating the new encryption key in response to determining that there is the need to change the existing encryption key. 2. The computer-implemented method of claim 1 , wherein the method further comprises: if it is determined that there is not a need to change the existing encryption key, encrypting, at the client computing device, the data update to create the encrypted data update using the existing encryption key, and communicating the encrypted data update from the client computing device to the first data store for storage of the encrypted data update on the first data store, wherein the encrypted data update is associated with the identifier. 3. The computer-implemented method of claim 1 , wherein the attribute indicates a time, wherein the condition defines a period of time, and wherein determining if the attribute associated with the existing encryption key meets the condition is based on the time and the period of time. 4. The computer-implemented method of claim 1 , wherein the client computing device is configured to modify a data structure on the first data store, the data structure on the first data store defining per-record access rights for one or more identities, and wherein the first data store allows the client computing device to retrieve, store, modify or delete the secret container. 5. The computer-implemented method of claim 1 , wherein the client computing device is configured to modify the data structure on the second data store, the data structure on the second data store defines per-record access rights for one or more identities, and wherein the second data store allows the client computing device to retrieve, store, modify or delete the key container. 6. The computer-implemented method of claim 1 , wherein the data structure on the second data store identifies a group of identities with access to the existing or new encryption key of the key container. 7. The computer-implemented method of claim 1 , wherein the secret container of the first data store further comprises the first metadata, wherein the client computing device is configured to modify a data structure on the first data store, wherein the data structure on the first data store identifies a second identity and the second level of access to the encrypted data update for the second identity. 8. A computer, comprising: a processor; and a computer-readable storage medium in communication with the processor, the computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by the processor, cause the computer to receive a new password; determine if there is a need to change an existing encryption key; if it is determined that there is the need to change the existing encryption key, encrypt the new password to create an encrypted new password using a new encryption key, communicate the encrypted new password from the computer to a first data store of a first entity for storage of the encrypted new password and a first metadata associated with the encrypted new password in a secret container on the first data store, wherein the encrypted new password is associated with an identifier, wherein the identifier is stored in the first meta data, and communicate the new encryption key from the computer to a second data store of a second entity for storage of the new encryption key in a key container of the second data store, wherein the identifier is further associated with the new encryption key and the identifier is stored in a second metadata associated with the new encryption key; wherein the key container of the second data store further comprises the second metadata, and modify a data structure on the second data store; the data structure on the second data store identifies a first level of access to the second metadata for a first identity and a second identity and a second level of access to the existing or new encryption key for the second identity, wherein the first level of access and the second level of access are different; wherein determining if there is the need to change the existing encryption key, comprises: accessing the second metadata stored in the second data store, wherein the second metadata is associated with the existing encryption key, and wherein the second metadata indicates an attribute associated with the existing encryption key, determining if the attribute associated with the existing encryption key meets a condition, determining, based on the condition, that there is the need to change the existing encryption key, and communicating the new encryption key in response to determining that there is the need to change the existing encryption key. 9. The computer of claim 8 , wherein the computer-readable storage medium has further computer-executable instructions stored thereupon which, when executed by the processor, cause the computer to: if it is determined that there is not a need to change the existing encryption key, encrypt the new password to create the encrypted new password using the existing encryption key, and communicate the encrypted new password from the computer to the first data store for storage of the encrypted new password on the first data store, wherein the encrypted new password is associated with the identifier. 10. The computer of claim 8 , wherein the attribute indicates a time, wherein the condition defines a period of time, and wherein the attribute associated with the existin

Assignees

Inventors

Classifications

H04L63/083
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/102
Entity profiles · CPC title
H04L63/061Primary
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title

Patent family

Related publications grouped by family.

View patent family 57399275

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9942208B2 cover?: Technologies described herein provide enhanced security for storing and updating secret data, such as a password. Based on one or more conditions, an existing encryption key or a new encryption key may be used to generate encrypted data at a client computing device. The encrypted data may be communicated from the client computing device to a secret store managed by a first entity for storage of…
Who is the assignee on this patent?: Microsoft Technology Licensing Llc, Microsoft Technology Licensing Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/061. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Apr 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).