SG11201407985WA - Network based management of protected data sets - Google Patents

Abstract

(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 27 December 2013 (27.12.2013) WIPOIPCT (10) International Publication Number WO 2013/192016 A1 (51) International Patent Classification: G06F 21/57 (2013.01) G06F 21/60 (2013.01) (21) International Application Number: (22) International Filing Date: (25) Filing Language: (26) Publication Language: PCT/US2013/045725 13 June 2013 (13.06.2013) English English (30) Priority Data: 13/527,439 19 June 2012 (19.06.2012) (71) Applicant: MICROSOFT CORPORATION [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventors: NOVAK, Mark F.; c/o Microsoft Corporation, LCA - International Patents, One Microsoft Way, Red­ mond, Washington 98052-6399 (US). LAYMAN, An­ drew John; c/o Microsoft Corporation, LCA - Internation­ al Patents, One Microsoft Way, Redmond, Washington 98052-6399 (US). NYSTROM, Magnus; c/o Microsoft Corporation, LCA - International Patents, One Microsoft Way, Redmond, Washington 98052-6399 (US). THOM, Stefan; c/o Microsoft Corporation, LCA - International Patents, One Microsoft Way, Redmond, Washington 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available)'. AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IS, JP, KE, KG, KN, KP, KR, KZ, LA, LC, LK, LR, LS, LT, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. Ug (84) Designated States (unless otherwise indicated, for every kind of regional protection available)'. ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: — as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(H)) — as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3)) [Continued on next page] (54) Title: NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS i-H o CJ 0\ , 201B 201B -201C -~20W -- -- 201E h 202E 201E -201F Figure 2 i-H o CJ o & (57) Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes protected a data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. WO 2013/192016 A11 lllll llllllll II llllll III lllll lllll lllll III III III lllll lllll lllll lllll llll llll lllllll llll llll — before the expiration of the time limit for amending the claims and to be republished in the event of receipt of amendments (Rule 48.2(h))