Protected storage of core data secrets

Assignee

• Microsoft Corporation · US

Inventors

• Matthew W. Thomlinson · Seattle, US
• Scott A. Field · Redmond, US
• Allan Cooper · Bellevue, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can, if desired, be limited to the current computer user. Access can similarly be limited to specified application programs or to certain classes of application programs. The storage server authenticates requesting application programs before returning data to them. A default authentication provider authenticates users based on their computer or network logon. A default storage provider allows storage of data items on magnetic media such as a hard disk or a floppy disk. Data items are encrypted before they are stored. The encryption optionally uses a key that is derived from the previous authentication of the user. Specifically, the key is …