System, Method and Apparatus for Cryptography Key Management for Mobile Devices
First Claim
1. A method comprising binding encryption and decryption keys using a unique user identifier(UID), a unique device identifier(UDID), and a user password(Pswd) to a client mobile device in an enterprise cryptography key management system.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device.
128 Citations
19 Claims
- 1. A method comprising binding encryption and decryption keys using a unique user identifier(UID), a unique device identifier(UDID), and a user password(Pswd) to a client mobile device in an enterprise cryptography key management system.
- 8. A method comprising changing a Pswd in a cryptography key management system via a client mobile device using a UID, a UDID, a unique key identifier, a current Pswd, and a NewPswd.
-
10. An article comprising:
a storage medium having instructions that, when executed by a computing platform, result in execution of a method comprising; binding encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise cryptography key management system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
17. A cryptography key management apparatus, comprising:
-
a cryptography key management system that allows to create a new user account with the system and register the user with the system, allows the registered user to register a new client mobile device with the system, allows the registered user to register a cryptography/data recovery key with the system and associate/bind it with the client mobile device in the system, allows the registered user to request for a cryptography key for encryption for the client mobile device from the system, allows the registered user to request a registered cryptography/data recovery key for decryption for the client mobile device from the system, allows a registered user to change its password/authentication tokens in the system, allows to decrypt the data stored encrypted on a removable media if the mobile device on which the encryption performed is lost or unavailable and allows to create and manage user accounts in the key management system; a secure key database coupled to the cryptography key management system to store the registered user account information, the registered cryptography/data-recovery key information and information binding the cryptography/data-recovery key with a registered client mobile device and a registered user, wherein the user account information comprises of the UID, UDID of the registered client mobile device, Pswd/authentication tokens stored in encrypted format and the account state; and a client mobile device, wherein the client mobile device comprises; a key management application module that allows the intended user to log on to the key management system, register the client mobile device with the key management system, register a cryptography/data-recovery key with the key management system, request a cryptography key for encryption from the key management system, request a registered cryptography/data-recovery key for decryption from the key management system which is bound to the client mobile device, change the Pswd/authentication tokens from the key management system, encrypt and decrypt files on the client mobile device and store the metadata of the encrypted files on the client mobile device. - View Dependent Claims (18, 19)
-
Specification