Method and system for securing data utilizing redundant secure key storage

US 20060005049A1
Filed: 04/05/2005
Published: 01/05/2006
Est. Priority Date: 06/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:

a. generating a first encryption key, b. storing the first encryption key in a first location in a memory, c. generating at least one additional encryption key, d. storing each additional encryption key in a memory in a different location from the location of each other encryption key, and e. creating a register storing the location of each encryption key, wherein to encrypt or decrypt data the first encryption key is retrieved but upon the occurrence of a particular event one of the additional encryption keys is retrieved.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.

Citations

20 Claims

1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:
- a. generating a first encryption key, b. storing the first encryption key in a first location in a memory, c. generating at least one additional encryption key, d. storing each additional encryption key in a memory in a different location from the location of each other encryption key, and e. creating a register storing the location of each encryption key, wherein to encrypt or decrypt data the first encryption key is retrieved but upon the occurrence of a particular event one of the additional encryption keys is retrieved.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the event is the determination that the first encryption key may be corrupted.
  - 3. The method of claim 2 including the step of determining that the first encryption key may be corrupted.
  - 4. The method of claim 3 wherein the step of determining that the first encryption key may be corrupted comprises detecting a faulty data signature in the data.
  - 5. The method of claim 3 wherein the step of determining that the first encryption key may be corrupted comprises detecting a faulty java script execution.
  - 6. The method of claim 1 wherein the first encryption key is used for encrypting data from a first source, and the event is the receipt of data from a second source designated for encryption by one of the additional encryption keys.
  - 7. The method of claim 1 wherein each encryption key is stored in its respective memory location with an associated password as a key-password pair.
  - 8. The method of claim 6 wherein each encryption key is stored in its respective memory location with an associated password as a key-password pair.

9. A data processing device comprising a system for securing data, comprising an encryption device for encrypting and decrypting data using an encryption key-password pair, at least one key generating device for generating a plurality of encryption keys, and at least one memory for storing the encryption keys in separate locations and for storing a register identifying the location of each encryption key, wherein to encrypt or decrypt data a first encryption key is retrieved but upon the occurrence of a particular event a different encryption key is retrieved.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The device of claim 9 wherein the event is the determination that the first encryption key may be corrupted.
  - 11. The device of claim 10 including software for determining that the first encryption key may be corrupted.
  - 12. The device of claim 11 including software for detecting a faulty data signature in the data.
  - 13. The device of claim 11 including software for detecting a faulty java script execution.
  - 14. The device of claim 9 wherein the first encryption key is used for encrypting data from a first source, and the event is the receipt of data from a second source designated for encryption by one of the additional encryption keys.
  - 15. The device of claim 9 wherein each encryption key is stored in its respective memory location with an associated password as a key-password pair.
  - 16. The device of claim 15 wherein each encryption key is stored in its respective memory location with an associated password as a key-password pair.

17. A mobile communications system, comprising a communications subsystem, for receiving and transmitting data, a processor for processing data, having a system for securing data communicated to and from the device comprising an encryption device for encrypting and decrypting data received and transmitted using an encryption key-password pair, comprising at least one key generating device for generating a plurality of encryption keys, and at least one memory for storing the encryption keys in separate locations and for storing a register identifying the location of each encryption key, wherein to encrypt or decrypt data a first encryption key is retrieved but upon the occurrence of a particular event a different encryption key is retrieved.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17 comprising software for determining that the first encryption key may be corrupted, and in response retrieving a redundant encryption key from a different memory location.
  - 19. The system of claim 17 wherein the first encryption key is used for encrypting data from a first source, and when encrypting or decrypting data from a second source designated for encryption by one of the additional encryption keys the.
  - 20. The system of claim 17 wherein each encryption key is stored in its respective memory location with an associated password as a key-password pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Randell, Jerrold R.

Granted Patent

US 7,653,202 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6209   to a single file or object,...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links