Device-based PIN authentication process to protect encrypted data
First Claim
1. A computer-implemented method for securely storing encrypted data on a computing device that includes a microprocessor and memory, the method comprising:
- receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device;
encrypting the data encryption key using a first encryption key;
storing the encrypted data encryption key on the computing device;
encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device, and wherein the user-supplied value is different from the password; and
sending the encrypted first encryption key to a remote server.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value.
-
Citations
20 Claims
-
1. A computer-implemented method for securely storing encrypted data on a computing device that includes a microprocessor and memory, the method comprising:
- receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device;
encrypting the data encryption key using a first encryption key;
storing the encrypted data encryption key on the computing device;
encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device, and wherein the user-supplied value is different from the password; and
sending the encrypted first encryption key to a remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device;
-
8. A non-transitory computer-readable storage medium storing instructions, which, when executed on a microprocessor, performs an operation for securely storing encrypted data on a computing device that includes memory and the microprocessor, the operation comprising:
- receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device;
encrypting the data encryption key using a first encryption key;
storing the encrypted data encryption key on the computing device;
encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device, and wherein the user-supplied value is different from the password; and
sending the encrypted first encryption key to a remote server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
- receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device;
-
15. A computing device, comprising:
- a microprocessor and a memory hosting an application, which, when executed on the microprocessor, performs an operation for securely storing encrypted data on the computing device, the operation comprising;
receiving a data encryption key derived from a password, wherein the data encryption key is used to encrypt data on the computing device, encrypting the data encryption key using a first encryption key, storing the encrypted data encryption key on the computing device, encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device and the user-supplied value is different from the password, and sending the encrypted first encryption key to a remote server. - View Dependent Claims (16, 17, 18, 19, 20)
- a microprocessor and a memory hosting an application, which, when executed on the microprocessor, performs an operation for securely storing encrypted data on the computing device, the operation comprising;
Specification