SYSTEM FOR PROXIMITY BASED ENCRYPTION AND DECRYPTION
First Claim
Patent Images
1. A method for proximity encryption and decryption comprising:
- using a user terminal, at least one token device, a policy server and at least one application service,wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means,and wherein the at least one token device is distinct from the user terminal,and wherein the at least one token device stores at least one digital key in memory,and wherein the at least one digital key is used to encrypt data onboard the user terminal,and wherein an authorization program runs onboard the user terminal,and wherein the policy server has at least one user account corresponding to the authorization program,and wherein the at least one application service has at least one second user account,and wherein the at least one second user account is distinct from the at least one user account;
whereby upon or after an event onboard the user terminal,the authorization program connects to the at least one token device using short wireless communication,wherein the at least one token device is more than 10 centimeters away from the user terminal,after or upon a pass code or a voice response is validated without a server either onboard the user terminal or onboard the at least one token device,at least one decryption key is obtained wirelessly from the at least one token device,a login information stored onboard the user terminal can be decrypted using the at least one decryption key,the login information can be used to login automatically to the at least one second user account from the user terminal,at least one data set corresponding to the second user account is obtained wirelessly from the at least one application service,the at least one data set is decrypted using at least a second digital key obtained through short wireless communication to obtain at least one decrypted data set onboard the user terminal,at least one information from the at least one decrypted data set is output onboard the user terminal,at least one input data set obtained onboard the user terminal can be encrypted using at least a third digital key obtained through short wireless communication,and at least one part of the encrypted at least one input data set can be sent wirelessly to the at least one application service.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for securing data on a mobile device by combining multi-factor, auto-login, encryption and proximity. The method uses a wireless device to store encryption keys, provides a first stage decryption to decrypt the user credentials and login to a container, and a second stage decryption to decrypt the user data and display it. The method also locks the data when the user leaves proximity. This method is immune to physical attacks or jailbreaks.
-
Citations
20 Claims
-
1. A method for proximity encryption and decryption comprising:
-
using a user terminal, at least one token device, a policy server and at least one application service, wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means, and wherein the at least one token device is distinct from the user terminal, and wherein the at least one token device stores at least one digital key in memory, and wherein the at least one digital key is used to encrypt data onboard the user terminal, and wherein an authorization program runs onboard the user terminal, and wherein the policy server has at least one user account corresponding to the authorization program, and wherein the at least one application service has at least one second user account, and wherein the at least one second user account is distinct from the at least one user account; whereby upon or after an event onboard the user terminal, the authorization program connects to the at least one token device using short wireless communication, wherein the at least one token device is more than 10 centimeters away from the user terminal, after or upon a pass code or a voice response is validated without a server either onboard the user terminal or onboard the at least one token device, at least one decryption key is obtained wirelessly from the at least one token device, a login information stored onboard the user terminal can be decrypted using the at least one decryption key, the login information can be used to login automatically to the at least one second user account from the user terminal, at least one data set corresponding to the second user account is obtained wirelessly from the at least one application service, the at least one data set is decrypted using at least a second digital key obtained through short wireless communication to obtain at least one decrypted data set onboard the user terminal, at least one information from the at least one decrypted data set is output onboard the user terminal, at least one input data set obtained onboard the user terminal can be encrypted using at least a third digital key obtained through short wireless communication, and at least one part of the encrypted at least one input data set can be sent wirelessly to the at least one application service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for proximity encryption and decryption comprising:
-
using a user terminal, at least one token device, a policy server and an application program, wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means, and wherein the at least one token device is distinct from the user terminal, and wherein the at least one token device stores at least one digital key in memory, and wherein the at least one digital key is used to encrypt data onboard the user terminal, and wherein an authorization program runs onboard the user terminal, and wherein the policy server has at least one user account corresponding to the authorization program, and wherein the application program has at least one second user account, and wherein the at least one second user account is distinct from the at least one user account; whereby at least one data set corresponding to the application program is encrypted with an encryption key obtained from at least one token device to obtain at least one encrypted data set, wherein the application program can read the at least one data set, wherein when encrypted, the application program cannot read the at least one encrypted data set; whereby upon or after an event onboard the user terminal, the authorization program connects to at least one token device using short wireless communication, at least one decryption key is obtained wirelessly, at least one encrypted data set is obtained and is decrypted using the at least one decryption key, the application program reads the decrypted data set, and at least one information from the decrypted data set is displayed onboard the user terminal using the application program; whereby if the at least one token device is not within a predefined short wireless range from the user terminal, a displayed data is cloaked or a screen is locked, at least one data set corresponding to the application program can be encrypted with an encryption key obtained wirelessly to obtain an encrypted data set, and wherein the predefined short wireless range is above 30 centimeters. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for proximity encryption and decryption comprising:
-
using a user terminal, a token device, a policy server, at least one application service and an authorization service, wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means, and wherein the at least one token device is distinct from the user terminal, and wherein the at least one token device stores at least one digital key in memory, and wherein an authorization program runs onboard the user terminal, and wherein the at least one digital key is used to encrypt data onboard the user terminal, and wherein the policy server has at least one user account corresponding to the authorization program, and wherein the authorization service has at least one second user account, and wherein the at least one second user account is distinct from the at least one user account, and wherein the at least one application service has at least one third user account, and wherein the at least one third user account is distinct from both the at least one user account and the at least one second user account; whereby upon or after an event onboard the user terminal, the authorization program scans devices within a predefined range from the user terminal using short wireless communication, if a known token device is found, login information corresponding to the token device can be obtained and can be used to authorize to the at least one second user account, and at least one information from the at least one second user account is displayed onboard the user terminal; whereby upon or after activation of a button or an icon or a menu from the displayed information onboard the user terminal, at least one request is sent to the at least one token device or to the policy server, whereby upon or after authorization of the at least one request by the at least one token device, authorization information is obtained, and the authorization information is used to login automatically to the at least one third user account or to authenticate to the at least one third user account or to authorize a transaction corresponding to the at least one third user account onboard the user terminal; whereby if the at least one token device leaves a predefined short wireless range from the user terminal, the data from the at least one second user account is automatically cloaked or encrypted, or the at least one second user account is logged off or locked. - View Dependent Claims (20)
-
Specification