Method and system to maintain application data secure and authentication token for use therein
First Claim
1. A system to maintain application data stored on a portable computer secure, the system comprising:
- an authorization client for use on the portable computer for making requests, the portable computer being capable of providing in-memory portions of address space for an application program;
a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;
a communication subsystem for wirelessly communicating the requests and the responses to the server and the client, respectively, within a range; and
a cryptographic subsystem for encrypting data located in the in-memory portions of the address space to obtain corresponding encrypted data when the security device is outside the range of the communication subsystem and for decrypting the encrypted data when the security device is back within the range.
3 Assignments
0 Petitions
Accused Products
Abstract
Two embodiments of a method and system to maintain application data secure and authentication token for use therein are provided. The present invention uses transient authentication, in which a small hardware token continuously authenticates the user'"'"'s presence over a short-range, wireless link. Four principles underlying transient authentication are described as well as the two embodiments for securing applications. In the first embodiment, applications are protected transparently by encrypting in-memory state when the user departs and decrypting this state when the user returns. This technique is effective, requiring just seconds to protect and restore an entire machine. In the second embodiment, applications utilize an API for transient authentication, protecting only sensitive state. Ports of three applications, PGP, SSH, and Mozilla are described with respect to this API.
169 Citations
25 Claims
-
1. A system to maintain application data stored on a portable computer secure, the system comprising:
-
an authorization client for use on the portable computer for making requests, the portable computer being capable of providing in-memory portions of address space for an application program;
a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;
a communication subsystem for wirelessly communicating the requests and the responses to the server and the client, respectively, within a range; and
a cryptographic subsystem for encrypting data located in the in-memory portions of the address space to obtain corresponding encrypted data when the security device is outside the range of the communication subsystem and for decrypting the encrypted data when the security device is back within the range. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method to maintain application data stored on a portable computer secure, the method comprising:
-
providing an authorization client for use on the portable computer for making requests, the portable computer being capable of providing in-memory portions of address space for an application program;
providing a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;
wirelessly communicating the requests and the responses to the server and the client, respectively, within a range;
encrypting data located in the in-memory portions of the address space to obtain corresponding encrypted data when the security device is outside the range; and
decrypting the encrypted data when the security device is back within the range. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. An authorization token for use in a system to maintain application data stored in in-memory portions of address space on a portable computer secure, the token comprising:
-
an authorization server for supplying encrypted responses to encrypted requests; and
a transceiver for receiving the requests and transmitting the responses to the portable computer. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification