SECURE STORAGE

US 20160173281A1
Filed: 12/10/2015
Published: 06/16/2016
Est. Priority Date: 12/15/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for configuring secure storage on a computing device, the method comprising:

storing, at a first application running on a first computing device, authentication data associated with an authenticated communications session conducted between the first application and a second application running on a second computing device different from the first computing device;

receiving, at the first application, an activation command comprising encryption data from the second application;

authenticating, by the first application, the activation command based on the stored authentication data; and

configuring, by the first application, secure storage on the first computing device based at least in part on the activation command received from the second application, wherein configuring the secure storage comprises encrypting application data associated with execution of the first application based on the encryption data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer readable media for configuring secure storage on a computing device. A method comprises: storing, at a first application running on a first computing device, authentication data associated with an authenticated communications session conducted between the first application and a second application running on a second computing device different from the first computing device; receiving, at the first application, an activation command comprising encryption data from the second application; authenticating, by the first application, the activation command based on the stored authentication data; and configuring, by the first application, secure storage on the first device based at least in part on the activation command received from the second application, wherein configuring the secure storage comprises encrypting application data associated with execution of the first application based on the encryption data.

Citations

20 Claims

1. A computer-implemented method for configuring secure storage on a computing device, the method comprising:
- storing, at a first application running on a first computing device, authentication data associated with an authenticated communications session conducted between the first application and a second application running on a second computing device different from the first computing device;
  
  receiving, at the first application, an activation command comprising encryption data from the second application;
  
  authenticating, by the first application, the activation command based on the stored authentication data; and
  
  configuring, by the first application, secure storage on the first computing device based at least in part on the activation command received from the second application, wherein configuring the secure storage comprises encrypting application data associated with execution of the first application based on the encryption data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The computer-implemented method according to claim 1, comprising generating, by the first application, an encryption key based on the encryption data, wherein encryption of the application data is based on the encryption key.
  - 3. The computer-implemented method according to claim 1, wherein the activation command further includes policy data indicative of one or more data access policies associated with the application data.
  - 4. The computer-implemented method according to claim 3, comprising the first application controlling access to the encrypted application data based on the one or more data access policies indicated by the policy data.
  - 5. The computer-implemented method according to claim 3, wherein the policy data is generated at a management server remote from the first application and the second application.
  - 6. The computer-implemented method according to claim 3, wherein configuring the secure storage comprises encrypting the policy data based on the encryption data.
  - 7. The computer-implemented method according to claim 3, wherein the authentication data is generated in a secure pairing process initiated between the first application and the second application.
  - 8. The computer-implemented method according to claim 7, wherein the secure pairing process is based on a Diffie-Hellman key exchange.
  - 9. The computer-implemented method according to claim 7, wherein the secure pairing process is based on the Simple Secure Pairing algorithm.
  - 10. The computer-implemented method according to claim 7, wherein the secure pairing process is performed via a communications link established between the first computing device and the second computing device.
  - 11. The computer-implemented method according to claim 10, wherein at least part of the communications link comprises a wireless communications link.
  - 12. The computer-implemented method according to claim 1, wherein the authentication data is indicative of a cryptographic key shared between the first application and the second application.
  - 13. The computer-implemented method according to claim 1, comprising:
    - sending, by the first application, an unlock request based on the authentication data;
      
      receiving, at the first application, an unlock response comprising decryption data from the second application;
      
      authenticating, at the first application, the unlock response based on the authentication data; and
      
      decrypting, at the first application, the application data based on the decryption data received from the second application.
  - 14. The computer-implemented method according to claim 13, comprising generating a decryption key based on the decryption data, wherein decryption of the application data is based on the decryption key.
  - 15. The computer-implemented method according to claim 13, wherein the decryption data is the same as the encryption data.
  - 16. The computer-implemented method according to claim 1, wherein the first application is configured to disable functionality associated with the first application and the computer-implemented method comprises enabling the disabled functionality in response to configuring the secure storage on the first computing device.
  - 17. The computer-implemented method according to claim 16, wherein enabling the disabled functionality comprises verifying an activation key received from the second application.
  - 18. The computer-implemented method according to claim 16, wherein enabling the disabled functionality comprises verifying the presence of the secure storage on the first computing device.

19. A computer-implemented method for configuring secure storage on a computing device, the method comprising:
- storing, at a first application running on a first computing device, authentication data associated with an authenticated communications session initiated between the first application and a second application running on a second computing device different from the first computing device;
  
  receiving, from a remote server, policy data indicative of one or more data access policies associated with application data stored by the second application;
  
  generating, at the first application, encryption data for the second application in response to receipt of an activation request from the second application;
  
  generating, at the first application, an activation command comprising the encryption data and the policy data;
  
  signing, by the first application, the activation command using the authentication data; and
  
  sending the activation command from the first application to the second application, wherein the activation is configured to activate secure storage associated with the second application.

20. A non-transitory computer-readable storage medium comprising computer-executable instructions which, when executed by a processor, cause a computing device to perform a method of configuring secure storage on a computing device, the method comprising:
- storing, at a first application running on a first computing device, authentication data associated with an authenticated communications session conducted between the first application and a second application running on a second computing device different from the first computing device;
  
  receiving, at the first application, an activation command comprising encryption data from the second application;
  
  authenticating, by the first application, the activation command based on the stored authentication data; and
  
  configuring, by the first application, secure storage on the first computing device based at least in part on the activation command received from the second application, wherein configuring the secure storage comprises encrypting application data associated with execution of the first application based on the encryption data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Good Technology Corporation (Blackberry Limited)
Inventors
WHITE, Johnathan George, JUNG, SeungSub

Granted Patent

US 9,935,767 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0844   with user authentication or...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

SECURE STORAGE

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE STORAGE

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links