Protecting user identity by sharing a secret between personal IoT devices

US 10,498,715 B2
Filed: 08/21/2017
Issued: 12/03/2019
Est. Priority Date: 11/21/2014
Status: Active Grant

First Claim

Patent Images

1. A programmable wearable device for use in a body area network, the device comprising:

at least one memory including computer-executable instructions;

a protected personal data area of a trusted execution environment; and

a programmable processor to execute the instructions to cause the programmable processor to;

receive a request for a fragmental key;

validate the request;

encrypt the fragmental key with a session key;

transmit the fragmental key responsive to the request;

erase the protected personal data area unless a life pulse is received within a threshold time period; and

disconnect from a personal cloud service unless the life pulse is received within the threshold time period.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Citations

14 Claims

1. A programmable wearable device for use in a body area network, the device comprising:
- at least one memory including computer-executable instructions;
  
  a protected personal data area of a trusted execution environment; and
  
  a programmable processor to execute the instructions to cause the programmable processor to;
  
  receive a request for a fragmental key;
  
  validate the request;
  
  encrypt the fragmental key with a session key;
  
  transmit the fragmental key responsive to the request;
  
  erase the protected personal data area unless a life pulse is received within a threshold time period; and
  
  disconnect from a personal cloud service unless the life pulse is received within the threshold time period.
- View Dependent Claims (2, 3, 4)
- - 2. The programmable wearable device of claim 1, wherein the request is a broadcast request.
  - 3. The programmable wearable device of claim 1, wherein the instructions, when executed, cause the programmable processor to validate the request and encrypt the fragmental key with a session key occur in the trusted execution environment.
  - 4. The programmable wearable device of claim 1, wherein the instructions, when executed, cause the programmable processor tovalidate the life pulse.

5. A method of protecting personal information in a body area network, comprising:
- receiving, by executing an instruction with a programmable wearable device, a request for a fragmental key;
  
  validating the request by executing an instruction with the programmable wearable device;
  
  encrypting, by executing an instruction with the programmable wearable device, the fragmental key with a session key;
  
  transmitting, by executing an instruction with the programmable wearable device, the fragmental key responsive to the request, wherein the fragmental key is a fragment of an encryption key used for encrypting personal identity information;
  
  storing, by executing an instruction with the programmable wearable device, a protected personal data area of a trusted execution environment;
  
  erasing, by executing an instruction with the programmable wearable device, the protected personal data area unless a life pulse is received within a threshold time period; and
  
  disconnecting, by executing an instruction with the programmable wearable device, from a personal cloud service unless the life pulse is received within the threshold time period.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein receiving the request for the fragmental key includes receiving a broadcast request for the fragmental key.
  - 7. The method of claim 5, where validating the request and encrypting the fragmental key with a session key are performed in the trusted execution environment.
  - 8. The method of claim 5, further including validating the life pulse by the programmable wearable device.
  - 9. The method of claim 5, further including provisioning the programmable wearable device by receiving and storing the fragmental key on the programmable wearable device.

10. A machine readable storage device or storage disk comprising instructions to protect personal information in a body area network, the instructions, when executed, cause a programmable wearable device to:
- receive a request for a fragmental key;
  
  validate the request;
  
  encrypt the fragmental key with a session key;
  
  transmit the fragmental key responsive to the requeststore a protected personal data area of a trusted execution environment;
  
  erase the protected personal data area unless a life pulse is received within a threshold time period; and
  
  disconnect from a personal cloud service unless the life pulse is received within the threshold time period.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The machine readable storage device or storage disk of claim 10, wherein the request is a broadcast request.
  - 12. The machine readable storage device or storage disk of claim 10, wherein the instructions, when executed, cause the programmable wearable device to validate the request and encrypt the fragmental key within the trusted execution environment of the programmable wearable device.
  - 13. The machine readable medium of claim 10, wherein the instructions, when executed, cause the programmable wearable device tovalidate the life pulse.
  - 14. The machine readable storage device or storage disk of claim 10, wherein the instructions, when executed, cause the programmable wearable device to:
    - receive a public key of an identity query responding to the programmable wearable device, andvalidate the request using the public key of the identity query responding to the programmable wearable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Pogorelik, Oleg, Nayshtut, Alex, Muttik, Igor, Lipman, Justin
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/682,384
Publication Number

US 20170346799A1
Time in Patent Office

834 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04B 13/005   Transmission systems in whi...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 9/085   Secret sharing or secret sp...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/33   using wearable devices, e.g...

H04W 4/38   for collecting sensor infor...

H04W 4/80   Services using short range ...

Protecting user identity by sharing a secret between personal IoT devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting user identity by sharing a secret between personal IoT devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links