06272631 is referenced by 146 patents and cites 10 patents.

The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can, if desired, be limited to the current computer user. Access can similarly be limited to specified application programs or to certain classes of application programs. The storage server authenticates requesting application programs before returning data to them. A default authentication provider authenticates users based on their computer or network logon. A default storage provider allows storage of data items on magnetic media such as a hard disk or a floppy disk. Data items are encrypted before they are stored. The encryption optionally uses a key that is derived from the previous authentication of the user. Specifically, the key is derived from the user's password, supplied during logon. In addition, an application program or the user can specify that certain items require another password that is entered whenever access to the data is requested. The default storage provider implements a multi-level encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. Each data item is encrypted using an item key that is generated randomly by the system. The item key is in turn encrypted with a master key that is itself encrypted with a key derived from the user-supplied password (such as the user's logon password).

Title
Protected storage of core data secrets
Application Number
8/884864
Publication Number
6272631 (B1)
Application Date
June 30, 1997
Publication Date
August 7, 2001
Inventor
Allan Cooper
Bellevue
WA, US
Scott Field
Renton
WA, US
Matthew W Thomlinson
Bellevue
WA, US
Agent
Lee & Hayes PLLC
US
Assignee
Microsoft Corporation
WA, US
IPC
G11C 11/00
View Original Source