Protecting user identity by sharing a secret between personal IoT devices
First Claim
1. A programmable wearable device for use in a body area network, the device comprising:
- at least one memory including computer-executable instructions;
a protected personal data area of a trusted execution environment; and
a programmable processor to execute the instructions to cause the programmable processor to;
receive a request for a fragmental key;
validate the request;
encrypt the fragmental key with a session key;
transmit the fragmental key responsive to the request;
erase the protected personal data area unless a life pulse is received within a threshold time period; and
disconnect from a personal cloud service unless the life pulse is received within the threshold time period.
4 Assignments
0 Petitions
Accused Products
Abstract
A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.
-
Citations
14 Claims
-
1. A programmable wearable device for use in a body area network, the device comprising:
-
at least one memory including computer-executable instructions; a protected personal data area of a trusted execution environment; and a programmable processor to execute the instructions to cause the programmable processor to; receive a request for a fragmental key; validate the request; encrypt the fragmental key with a session key; transmit the fragmental key responsive to the request; erase the protected personal data area unless a life pulse is received within a threshold time period; and disconnect from a personal cloud service unless the life pulse is received within the threshold time period. - View Dependent Claims (2, 3, 4)
-
-
5. A method of protecting personal information in a body area network, comprising:
-
receiving, by executing an instruction with a programmable wearable device, a request for a fragmental key; validating the request by executing an instruction with the programmable wearable device; encrypting, by executing an instruction with the programmable wearable device, the fragmental key with a session key; transmitting, by executing an instruction with the programmable wearable device, the fragmental key responsive to the request, wherein the fragmental key is a fragment of an encryption key used for encrypting personal identity information; storing, by executing an instruction with the programmable wearable device, a protected personal data area of a trusted execution environment; erasing, by executing an instruction with the programmable wearable device, the protected personal data area unless a life pulse is received within a threshold time period; and disconnecting, by executing an instruction with the programmable wearable device, from a personal cloud service unless the life pulse is received within the threshold time period. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A machine readable storage device or storage disk comprising instructions to protect personal information in a body area network, the instructions, when executed, cause a programmable wearable device to:
-
receive a request for a fragmental key; validate the request; encrypt the fragmental key with a session key; transmit the fragmental key responsive to the request store a protected personal data area of a trusted execution environment; erase the protected personal data area unless a life pulse is received within a threshold time period; and disconnect from a personal cloud service unless the life pulse is received within the threshold time period. - View Dependent Claims (11, 12, 13, 14)
-
Specification