ENCRYPTING AND STORING DATA

US 20160156464A1
Filed: 06/28/2013
Published: 06/02/2016
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A user equipment for encrypting and storing data, the user equipment comprising:

a key generator configured to generate two or more keys based on a shared secret made available to the user equipment and a server,wherein the two or more keys comprise at least one perfect forward secrecy key and at least one limited forward secrecy key;

a data encryptor configured to encrypt data using at least one of the two or more keys; and

a data recorder configured to store the encrypted data in a first memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.

37 Citations

View as Search Results

27 Claims

1. A user equipment for encrypting and storing data, the user equipment comprising:
- a key generator configured to generate two or more keys based on a shared secret made available to the user equipment and a server,wherein the two or more keys comprise at least one perfect forward secrecy key and at least one limited forward secrecy key;
  
  a data encryptor configured to encrypt data using at least one of the two or more keys; and
  
  a data recorder configured to store the encrypted data in a first memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The user equipment according to claim 1, wherein the key generator is configured to generate a master key based on the shared secret.
  - 3. The user equipment according to claim 2, wherein the key generator is further configured to generate a salt, and to generate the master key based on the shared secret and the salt.
  - 4. The user equipment according to claim 2, wherein the at least one limited forward secrecy key comprises a no forward secrecy key.
  - 5. The user equipment according to claim 4, wherein the key generator is configured to generate the no forward secrecy key based on a one-way function of the master key.
  - 6. The user equipment according to claim 4, wherein the data recorder is configured to store the no forward secrecy key at a second memory.
  - 7. The user equipment according to claim 2, wherein the at least one limited forward secrecy key comprises a partial forward secrecy key.
  - 8. The user equipment according to claim 7, wherein the key generator is configured to generate the partial forward secrecy key based on a one-way function of the master key and a session identifier.
  - 9. The user equipment according to claim 8, wherein the key generator is configured to generate the session identifier.
  - 10. The user equipment according to claim 8, wherein, after the partial forward secrecy key has been used to encrypt data, the key generator is configured to apply a one-way function to the partial forward secrecy key and the session identifier to generate an updated partial forward secrecy key, and wherein the data recorder is configured to store the updated partial forward secrecy key in a second memory.
  - 11. The user equipment according to claim 2, wherein the key generator is configured to generate the perfect forward secrecy key by applying a one-way function on the master key and a seed value received by a receiver from the server.
  - 12. The user equipment according to claim 11, wherein the data recorder is configured to delete the seed value from the first memory and/or the second memory after the perfect forward secrecy key has been generated.
  - 13. The user equipment according to claim 11, wherein, after the perfect forward secrecy key has been used to encrypt data, the key generator is configured to apply the one-way function to the perfect forward secrecy key to generate an updated perfect forward secrecy encryption key, and wherein the data recorder is configured to store the subsequent perfect forward secrecy key in a second memory.
  - 14. The user equipment according to claim 13, wherein the at least one limited forward secrecy key comprises a no forward secrecy key, and wherein the data encryptor is configured to encrypt the subsequent perfect forward secrecy key with the no forward secrecy key before the data recorder stores the subsequent perfect forward secrecy key.
  - 15. The user equipment according to claim 1, further comprising a transmitter configured to transmit the stored encrypted data to a server.
  - 16. The user equipment according to claim 15, wherein the key generator is further configured to generate a salt, and to generate the master key based on the shared secret and the salt, and wherein the transmitter is further configured to transmit the salt to the server.
  - 17. The user equipment according to claim 15, wherein the key generator is configured to generate the partial forward secrecy key based on a one-way function of the master key and a session identifier, wherein the at least one limited forward secrecy key comprises a partial forward secrecy key, and wherein the transmitter is further configured to transmit the session identifier to the server.
  - 18. The user equipment according to claim 1, wherein the data encryptor is configured to select at least one of the two or more keys to encrypt the data based on a user input.

19. A method of operating a user equipment, comprising:
- generating by a key generator, two or more keys based on a shared secret made available to the user equipment and a server,wherein the two or more keys comprises at least one perfect forward secrecy key, and at least one limited forward secrecy key;
  
  encrypting data by a data encryptor using at least one of the two or more keys; and
  
  storing the encrypted data at a memory by a data recorder.
- View Dependent Claims (21)
- - 21. A computer program product comprising a non-transitory computer readable storage medium storing code configured, when executed by a computer, to carry out the method according to claim 19.

20. (canceled)

22. A server comprising:
- a receiver configured to receive encrypted data from a user equipment;
  
  a key generator configured to generate two or more keys based on a shared secret made available to the server and a user equipment,wherein the two or more keys comprise at least one perfect forward secrecy key and at least one limited forward secrecy key;
  
  a decryptor configured to decrypt the received encrypted data using at least one of the two or more keys; and
  
  a data recorder configured to store at least part of the decrypted data in a memory.
- View Dependent Claims (23, 24)
- - 23. The server according to claim 22, wherein the key generator is configured to generate a master key based on the shared secret, and wherein the key generator is further configured to generate the perfect forward secrecy key by applying a one-way function on the master key and a seed value.
  - 24. The server according to claim 23, wherein the data recorder is configured to delete the seed value from the memory after the perfect forward secrecy key has been generated.

25. A method of operating a server, comprising:
- receiving by a receiver encrypted data from a user equipment;
  
  generating by a key generator, two or more keys based on a shared secret made available to the server and a user equipment,wherein the two or more keys comprises at least one perfect forward secrecy key, and at least one limited forward secrecy key;
  
  decrypting by a decryptor, the received encrypted data using at least one of the two or more keys; and
  
  storing the decrypted data in a memory by a data recorder.
- View Dependent Claims (27)
- - 27. A computer program product comprising a non-transitory computer readable storage medium storing code configured, when executed by a computer, to carry out the method according to claim 25.

26. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
N?slund, Mats, Melo de Brito Carvalho, Tereza Cristina, Iwaya, Leonardo Horn, Simplicio Junior, Marcos Antonio

Granted Patent

US 9,992,017 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

ENCRYPTING AND STORING DATA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTING AND STORING DATA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links