Decrypting encrypted data on an electronic device

US 10,341,102 B2
Filed: 09/02/2016
Issued: 07/02/2019
Est. Priority Date: 09/02/2016
Status: Active Grant

First Claim

Patent Images

1. A method of decrypting encrypted data, the method comprising:

receiving, from an application on an electronic device, a decryption request to decrypt the encrypted data;

generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;

encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key;

decrypting a first portion of the encrypted data using the first secret key;

generating a second secret key from the first secret key;

deleting the first secret key;

decrypting a second portion of the encrypted data using the second secret key;

deleting the second secret key;

deleting the first encrypted secret key; and

sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a decryption request to decrypt the encrypted data is received from an application on an electronic device. A first secret key from a shared secret is generated. The shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data. A first encrypted secret key is generated using the first secret key and a context key. The context key is generated based on the master private key. A first portion of the encrypted data is decrypted using the first secret key. A second secret key is generated from the first secret key. The first secret key is deleted. At least a segment of the decrypted first portion of the encrypted data is sent to the application.

36 Citations

View as Search Results

20 Claims

1. A method of decrypting encrypted data, the method comprising:
- receiving, from an application on an electronic device, a decryption request to decrypt the encrypted data;
  
  generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;
  
  encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key;
  
  decrypting a first portion of the encrypted data using the first secret key;
  
  generating a second secret key from the first secret key;
  
  deleting the first secret key;
  
  decrypting a second portion of the encrypted data using the second secret key;
  
  deleting the second secret key;
  
  deleting the first encrypted secret key; and
  
  sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first secret key is generated from the shared secret using a key derivation function, and the second secret key is generated from the first secret key using the key derivation function.
  - 3. The method of claim 1, further comprising:
    - prior to deleting the second secret key, generating a third secret key from the second secret key.
  - 4. The method of claim 1, further comprising:
    - detecting a lock event; and
      
      in response to detecting the lock event, deleting the context key and the master private key.
  - 5. The method of claim 1, further comprising:
    - detecting an unlock event while in a locked state;
      
      determing a current portion of the encrypted data for decrypting;
      
      retrieving a current encrypted secret key;
      
      generating, by the hardware processor, the context key based on the master private key;
      
      generating, by the hardware processor, a current secret key by decrypting the current encrypted secret key using the context key; and
      
      decrypting the current portion of the encrypted data using the current secret key.
  - 6. The method of claim 1, wherein the decryption request indicates one or more segements in the encrypted data to be decrypted, and the method further comprising storing a last encrypted secret key that is used to decrypt a last segment of one or more segments indicated in the decryption request.
  - 7. The method of claim 6, further comprising:
    - receiving a second decryption request, wherein the second decryption request indicates a different segment in the encrypted data to be decrypted;
      
      generating, by the hardware processor, the context key based on the master private key;
      
      generating, by the hardware processor, a last secret key by decrypting the last encrypted secret key using the context key; and
      
      decrypting the different segment using the last secret key.

8. An electronic device, comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  receive, from an application on the electronic device, a decryption request to decrypt encrypted data;
  
  generate a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;
  
  encrypt, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key;
  
  decrypt a first portion of the encrypted data using the first secret key;
  
  generate a second secret key from the first secret key;
  
  delete the first secret key;
  
  decrypt a second portion of the encrypted data using the second secret key;
  
  delete the second secret key;
  
  delete the first encrypted secret key; and
  
  send at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The electronic device of claim 8, wherein the first secret key is generated from the shared secret using a key derivation function, and the second secret key is generated from the first secret key using the key derivation function.
  - 10. The electronic device of claim 8, wherein the at least one hardware processor is further configured to:
    - prior to deleting the second secret key, generate a third secret key from the second secret key.
  - 11. The electronic device of claim 8, wherein the at least one hardware processor is further configured to:
    - detect a lock event; and
      
      in response to detecting the lock event, delete the context key and the master private key.
  - 12. The electronic device of claim 8, wherein the at least one hardware processor is further configured to:
    - detect an unlock event while in a locked state;
      
      determine a current portion of the encrypted data for decrypting;
      
      retrieve a current encrypted secret key;
      
      generate the context key based on the master private key;
      
      generate a current secret key by decrypting the current encrypted secret key using the context key; and
      
      decrypt the current portion of the encrypted data using the current secret key.
  - 13. The electronic device of claim 8, wherein the decryption request indicates one or more segements in the encrypted data to be decrypted, and the at least one hardware processor is further configured to store a last encrypted secret key that is used to decrypt a last segment of one or more segments indicated in the decryption request.
  - 14. The electronic device of claim 13, wherein the at least one hardware processor is further configured to:
    - receive a second decryption request, wherein the second decryption request indicates a different segment in the encrypted data to be decrypted;
      
      generate the context key based on the master private key;
      
      generate a last secret key by decrypting the last encrypted secret key using the context key; and
      
      decrypt the different segment using the last secret key.

15. A non-transitory computer-readable medium containing instructions which, when executed, cause an electronic device to perform operations comprising:
- receiving, from an application on the electronic device, a decryption request to decrypt encrypted data;
  
  generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;
  
  encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key;
  
  decrypting a first portion of the encrypted data using the first secret key;
  
  generating a second secret key from the first secret key;
  
  deleting the first secret key;
  
  decrypting a second portion of the encrypted data using the second secret key;
  
  deleting the second secret key;
  
  deleting the first encrypted secret key; and
  
  sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the first secret key is generated from the shared secret using a key derivation function, and the second secret key is generated from the first secret key using the key derivation function.
  - 17. The non-transitory computer-readable medium of claim 15, the operations further comprising:
    - prior to deleting the second secret key, generating a third secret key from the second secret key.
  - 18. The non-transitory computer-readable medium of claim 15, the operations further comprising:
    - detecting a lock event; and
      
      in response to detecting the lock event, deleting the context key and the master private key.
  - 19. The non-transitory computer-readable medium of claim 15, the operations further comprising:
    - detecting an unlock event while in a locked state;
      
      determing a current portion of the encrypted data for decrypting;
      
      retrieving a current encrypted secret key;
      
      generating, by the hardware processor, the context key based on the master private key;
      
      generating, by the hardware processor, a current secret key by decrypting the current encrypted secret key using the context key; and
      
      decrypting the current portion of the encrypted data using the current secret key.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the decryption request indicates one or more segements in the encrypted data to be decrypted, and the operations further comprising storing a last encrypted secret key that is used to decrypt a last segment of one or more segments indicated in the decryption request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bowman, Roger Paul, Pechkin, Dmitri
Primary Examiner(s)
Holder, Bradley W

Application Number

US15/255,960
Publication Number

US 20180069699A1
Time in Patent Office

1,033 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/002   Countermeasures against att...

H04L 9/006   involving public key infras...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/3066   involving algebraic varieti...

Decrypting encrypted data on an electronic device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Decrypting encrypted data on an electronic device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others