Microsoft Assigned Three Patents

Two-party storage of encrypted sensitive information

Microsoft Corp., Redmond, WA, has been assigned a patent (8,335,933) developed by four co-inventors for a "two-party storage of encrypted sensitive information."

The co-inventors are Matthew G. Humphrey, Issaquah, WA, Ashvin J. Mathew, Kirkland, WA, Michael A. Wilde, Bothell, WA, and Costel Radu, Redmond, WA.

The abstract of the patent published by the U.S. Patent and Trademark Office states: "A secure storage system secures information of a client by first encrypting the information with a first key to generate first-key encrypted data. The secure storage system then encrypts with a second key the first-key encrypted data and the first key to generate second-key encrypted data. The system provides the client with a first portion of the second-key encrypted data. The system stores a second portion of the second-key encrypted data and the second key. When the confidential information is needed, the client provides the first portion. The system retrieves the second portion. The system then decrypts with the second key the first portion and the second portion to generate the first-key encrypted data and the first key. The system then decrypts with the first key the first-key encrypted data to generate the unsecure confidential information."

The patent application was filed on Feb. 13, 2009 (12/371,496).

External encryption and recovery management
with hardware encrypted storage devices

Microsoft Corp., Redmond, WA, has been assigned a patent (8,341,430) developed by four co-inventors for an "external encryption and recovery management with hardware encrypted storage devices."

The co-inventors are Octavian T. Ureche, Renton, WA, Scott A. Brender, Kirkland, WA, Karan Mehra, Sammamish, WA, and David Rudolph Wooten, Redmond, WA.

The abstract of the patent published by the U.S. Patent and Trademark Office states: "Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device."

The patent application was filed on Oct. 3, 2008 (12/245,064).

Remote access control of storage devices

Microsoft Corp., Redmond, WA, has been assigned a patent (8,321,956) developed by four co-inventors for a "remote access control of storage devices."

The co-inventors are Vladimir Sadovsky, Redmond, WA, Sompong Paul Olarig, Pleasanton, CA, Chris Lionetti, Duvall, WA, and James Robert Hamilton, Bellevue, WA.

The abstract of the patent published by the U.S. Patent and Trademark Office states: "An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data. In such a case, the access control device can control access by not releasing the storage-related cryptographic information to the storage device."

The patent application was filed on June 17, 2009 (12/486,738).