METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE

US 20100119065A1
Filed: 01/25/2010
Published: 05/13/2010
Est. Priority Date: 06/14/2004
Status: Active Grant

First Claim

Patent Images

1. A data processing device, comprising:

an encryption device for encrypting and decrypting data using an encryption key;

a key generating device adapted to generate a first encryption key associated with a first password, and to generate a second encryption key associated with a second password, wherein the first encryption key is used to encrypt or decrypt a first set of data, and wherein the second encryption key is used to encrypt or decrypt a second set of data; and

at least one memory adapted to store the first set of data and the second set of data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.

23 Citations

24 Claims

1. A data processing device, comprising:
- an encryption device for encrypting and decrypting data using an encryption key;
  
  a key generating device adapted to generate a first encryption key associated with a first password, and to generate a second encryption key associated with a second password, wherein the first encryption key is used to encrypt or decrypt a first set of data, and wherein the second encryption key is used to encrypt or decrypt a second set of data; and
  
  at least one memory adapted to store the first set of data and the second set of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The data processing device of claim 1, wherein the key generating device is adapted to generate the first encryption key from the first password, a first key seed, and a current key.
  - 3. The data processing device of claim 2, wherein the key generating device is further adapted to generate at least one redundant encryption key corresponding to the first encryption key by generating said at least one redundant encryption key from the first password, the first key seed, and the current key, and wherein one of the at least one redundant encryption key is used to encrypt or decrypt the first set of data upon occurrence of a particular event.
  - 4. The data processing device of claim 3, wherein the particular event is selected from one of:
    - a determination that the first encryption key may be corrupted;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.
  - 5. The data processing device of claim 1, wherein the key generating device is adapted to generate the second encryption key from the second password, a second key seed, and a current key.
  - 6. The data processing device of claim 1, further comprising an EEPROM memory adapted to store the first encryption key and the second encryption key.
  - 7. The data processing device of claim 6, wherein the key generating device is comprised in an EEPROM control block in communication with the EEPROM memory.
  - 8. The data processing device of claim 1, wherein each of the first and second encryption keys is associated with a different type of data.
  - 9. The data processing device of claim 1, wherein the first set of data comprises one of private system data, data associated with a software application, email data, or appointment data, and the second set of data comprises a different one of private system data, data associated with a software application, email data, or appointment data.
  - 10. The data processing device of claim 1, wherein the data processing device is comprised in a mobile communication device.

11. A data processing device, comprising:
- means adapted to encrypt and decrypt data using an encryption key;
  
  means adapted to generate a first encryption key for a first set of data, the first encryption key being associated with a first password, and to generate a second encryption key for a second set of data, the second encryption key being associated with a second password; and
  
  means adapted to store the first encryption key and the associated first password, the second encryption key and the second associated password, the first set of data, and the second set of data.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The data processing device of claim 11, wherein the means adapted to generate the first encryption key and the second encryption key are adapted to generate said first encryption key from the first password, a first key seed, and a current key, and to generate said second encryption key from the second password, a second key seed, and the current key.
  - 13. The data processing device of claim 12, further comprising means adapted to generate at least one redundant encryption key corresponding to the first encryption key by generating said at least one redundant encryption key from the first password, the first key seed, and the current key, wherein one of the at least one redundant encryption key is used to encrypt or decrypt the first set of data upon occurrence of a particular event.
  - 14. The data processing device of claim 13, wherein the particular event is selected from one of:
    - a determination that the first encryption key may be corrupted;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.
  - 15. The data processing device of claim 11, wherein each of the first and second encryption keys is associated with a different type of data.
  - 16. The data processing device of claim 11, wherein the first set of data comprises one of private system data, data associated with a software application, email data, or appointment data, and the second set of data comprises a different one of private system data, data associated with a software application, email data, or appointment data.

17. A data processing device, comprising:
- a key generating device adapted to generate a first encryption key from a first password, a first key seed, and a current key; and
  
  a redundant encryption key from the first password, the first key seed, and the current key; and
  
  an encryption device adapted to encrypt data using the first encryption key, and to decrypt the data thus encrypted using a selected key,wherein the selected key is selected from;
  
  the first encryption key;
  
  orupon determination that a particular event has occurred, the redundant encryption key.
- View Dependent Claims (18, 19, 20)
- - 18. The data processing device of claim 17, wherein the particular event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.
  - 19. The data processing device of claim 17, further comprising an EEPROM memory adapted to store the first encryption key and the redundant encryption key.
  - 20. The data processing device of claim 19, wherein the key generating device is comprised in an EEPROM control block in communication with the EEPROM memory.

21. A method of securing data in a data processing device, comprising:
- generating a first encryption key from a first password, a first key seed, and a current key;
  
  generating a redundant encryption key from the first password, the first key seed, and the current key;
  
  encrypting data using the first encryption key; and
  
  decrypting the data thus encrypted using a selected key,wherein the selected key is selected from;
  
  the first encryption key;
  
  orupon determination that a particular event has occurred, the redundant encryption key.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.

23. A data processing device, comprising:
- means adapted to generate a first encryption key from a first password, a first key seed, and a current key;
  
  means adapted to generate a redundant encryption key from the first password, the first key seed, and the current key;
  
  means adapted to encrypt data using the first encryption key; and
  
  means adapted to decrypt the data thus encrypted using a selected key,wherein the selected key is selected from;
  
  the first encryption key;
  
  orupon determination that a particular event has occurred, the redundant encryption key.
- View Dependent Claims (24)
- - 24. The data processing device of claim 23, wherein the event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
RANDELL, Jerrold R.

Granted Patent

US 8,144,866 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6209   to a single file or object,...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless network architectu...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links