Decrypting encrypted data on an electronic device
First Claim
1. A method of decrypting encrypted data, the method comprising:
- receiving, from an application on an electronic device, a decryption request to decrypt the encrypted data;
generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;
encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key;
decrypting a first portion of the encrypted data using the first secret key;
generating a second secret key from the first secret key;
deleting the first secret key;
decrypting a second portion of the encrypted data using the second secret key;
deleting the second secret key;
deleting the first encrypted secret key; and
sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a decryption request to decrypt the encrypted data is received from an application on an electronic device. A first secret key from a shared secret is generated. The shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data. A first encrypted secret key is generated using the first secret key and a context key. The context key is generated based on the master private key. A first portion of the encrypted data is decrypted using the first secret key. A second secret key is generated from the first secret key. The first secret key is deleted. At least a segment of the decrypted first portion of the encrypted data is sent to the application.
36 Citations
20 Claims
-
1. A method of decrypting encrypted data, the method comprising:
-
receiving, from an application on an electronic device, a decryption request to decrypt the encrypted data; generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data; encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key; decrypting a first portion of the encrypted data using the first secret key; generating a second secret key from the first secret key; deleting the first secret key; decrypting a second portion of the encrypted data using the second secret key; deleting the second secret key; deleting the first encrypted secret key; and sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device, comprising:
-
a memory; and at least one hardware processor communicatively coupled with the memory and configured to; receive, from an application on the electronic device, a decryption request to decrypt encrypted data; generate a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data; encrypt, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key; decrypt a first portion of the encrypted data using the first secret key; generate a second secret key from the first secret key; delete the first secret key; decrypt a second portion of the encrypted data using the second secret key; delete the second secret key; delete the first encrypted secret key; and send at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium containing instructions which, when executed, cause an electronic device to perform operations comprising:
-
receiving, from an application on the electronic device, a decryption request to decrypt encrypted data; generating, by a hardware processor of the electronic device, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data; encrypting, by the hardware processor of the electronic device, the first secret key to generate a first encrypted secret key by using a context key, wherein the context key is generated based on the master private key; decrypting a first portion of the encrypted data using the first secret key; generating a second secret key from the first secret key; deleting the first secret key; decrypting a second portion of the encrypted data using the second secret key; deleting the second secret key; deleting the first encrypted secret key; and sending at least a segment of the decrypted first portion of the encrypted data and at least a segment of the decrypted second portion of the encrypted data to the application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification