DEVICE-BASED PIN AUTHENTICATION PROCESS TO PROTECT ENCRYPTED DATA
First Claim
1. A computer-implemented method for securely storing encrypted data on a computing device, the method comprising:
- receiving a data encryption key, wherein the data encryption key is used to encrypt data on the computing device;
encrypting the data encryption key using a first encryption key;
storing the encrypted data encryption key on the computing device;
encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device; and
sending the encrypted first encryption key to a remote server.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value.
61 Citations
20 Claims
-
1. A computer-implemented method for securely storing encrypted data on a computing device, the method comprising:
-
receiving a data encryption key, wherein the data encryption key is used to encrypt data on the computing device; encrypting the data encryption key using a first encryption key; storing the encrypted data encryption key on the computing device; encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device; and sending the encrypted first encryption key to a remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for securely storing encrypted data on a computing device, the operation comprising:
-
receiving a data encryption key, wherein the data encryption key is used to encrypt data on the computing device; encrypting the data encryption key using a first encryption key; storing the encrypted data encryption key on the computing device; encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device; and sending the encrypted first encryption key to a remote server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing device, comprising:
a processor and a memory hosting an application, which, when executed on the processor, performs an operation for securely storing encrypted data on the computing device, the operation comprising; receiving a data encryption key, wherein the data encryption key is used to encrypt data on the computing device, encrypting the data encryption key using a first encryption key, storing the encrypted data encryption key on the computing device, encrypting the first encryption key using a second encryption key, wherein the second encryption key is derived from a user-supplied value entered on the computing device, and sending the encrypted first encryption key to a remote server. - View Dependent Claims (16, 17, 18, 19, 20)
Specification