Policy bound key creation and re-wrap service

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Stefan Thom · Snohomish, US
• Robert Karl Spiger · Seattle, US
• Valerie Kathleen Bays · Redmond, US
• Bo Gustaf Magnus Nyström · Sammamish, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/127
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.