METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM

US 20160308845A1
Filed: 04/12/2016
Published: 10/20/2016
Est. Priority Date: 04/15/2015
Status: Active Grant

First Claim

Patent Images

1. A computing device, the computing device comprising:

a first application and a second application;

the first application being arranged to generate a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using said data access application key, wherein;

the second application is arranged to generate a public/private key pair;

the second application is arranged to send a request to the first application for the first application to send the second application a data access application key, the request including the public key;

the first application is arranged to derive the requested data access application key as a function of at least the public key; and

the first application is arranged to send the derived data access application key to the second application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device has a first application and a second application. The first application generates a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using the data access application key. In operation, the second application generates a public/private key pair. The second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key. The first application derives the requested data access application key as a function of at least the public key. The first application sends the derived data access application key to the second application.

15 Citations

View as Search Results

32 Claims

1. A computing device, the computing device comprising:
- a first application and a second application;
  
  the first application being arranged to generate a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using said data access application key, wherein;
  
  the second application is arranged to generate a public/private key pair;
  
  the second application is arranged to send a request to the first application for the first application to send the second application a data access application key, the request including the public key;
  
  the first application is arranged to derive the requested data access application key as a function of at least the public key; and
  
  the first application is arranged to send the derived data access application key to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device according to claim 1, arranged such that the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 3. The computing device according to claim 1, arranged such that the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 4. The computing device according to claim 1, arranged such that the first application derives the requested data access application key as a function of at least the public key and a key associated with the user of the computing device.
  - 5. The computing device according to claim 1, arranged such that the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 6. The computing device according to claim 1, arranged such that the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with the user of the computing device and an identifier of the first application.
  - 7. The computing device according to claim 1, arranged such that the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 8. The computing device according to claim 1, arranged such that the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 9. The computing device according to claim 1, comprising:
    - a third application, different from the first application and the second application;
      
      wherein;
      
      the first application is arranged to generate a further data access application key for use by a third application to enable decryption of data that is stored in encrypted form on the computing device using the further data access application key;
      
      the third application is arranged to generate a further public/private key pair;
      
      the third application is arranged to send a request to the first application for the first application to send the third application the further data access application key, the request including the further public key;
      
      the first application is arranged to derive the further data access application key as a function of at least the further public key; and
      
      the first application is arranged to send the further data access application key to the third application.
  - 10. The computing device according to claim 9, arranged to:
    - determine whether the request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in the case that the request from the third application is pending;
      
      send the message comprising the derived data access application key and control data from the first application to the second application; and
      
      responsive to receipt of said message at the second application, send a message to the first application to process the pending request from the third application based on the control data.

11. A method of operating a computing device, the method comprising:
- a first application running on the computing device generating a data access application key for use by a second application running on the computing device to enable decryption of data that is stored in encrypted form on the computing device using said data access application key, wherein;
  
  the second application generates a public/private key pair;
  
  the second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key;
  
  the first application derives the requested data access application key as a function of at least the public key; and
  
  the first application sends the derived data access application key to the second application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method according to claim 11, wherein the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 13. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 14. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and a key associated with the user of the computing device.
  - 15. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 16. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with the user of the computing device and an identifier of the first application.
  - 17. The method according to claim 11, wherein the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 18. The method according to claim 11, wherein the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 19. The method according to claim 11, comprising:
    - the first application generating a further data access application key for use by a third application to enable decryption of data that is stored in encrypted form on the computing device using the further data access application key, the third application being different from the first application and the second application;
      
      the third application generating a further public/private key pair;
      
      the third application sending a request to the first application for the first application to send the third application the further data access application key, the request including the further public key;
      
      the first application deriving the further data access application key as a function of at least the further public key;
      
      the first application sending the further data access application key to the third application.
  - 20. The method according to claim 19, comprising:
    - determining whether the request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in the case that the request from the third application is pending;
      
      sending the message comprising the derived data access application key and control data from the first application to the second application; and
      
      responsive to receipt of said message comprising the derived data access application and control data at the second application, sending a message to the first application to process the pending request from the third application based on the control data.

21. A computer program, comprising code such that when the computer program is executed on a computing device comprising a first application and a second application:
- the first application generates a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using said data access application key, wherein;
  
  the second application generates a public/private key pair;
  
  the second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key;
  
  the first application derives the requested data access application key as a function of at least the public key; and
  
  the first application sends the derived data access application key to the second application.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program according to claim 21, wherein the code is such that the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 23. The computer program according to claim 21, wherein the code is such that the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 24. The computer program according to claim 21, wherein the code is such that the first application derives the requested data access application key as a function of at least the public key and a key associated with the user of the computing device.
  - 25. The computer program according to claim 21, wherein the code is such that the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 26. The computer program according to claim 21, wherein the code is such that the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with the user of the computing device and an identifier of the first application.
  - 27. The computer program according to claim 21, wherein the code is such that the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 28. The computer program according to claim 21, wherein the code is such that the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 29. The computer program according to claim 21, wherein the code is such that:
    - the first application generates a further data access application key for use by the third application to enable decryption of data that is stored in encrypted form on the computing device using said data access application key, the third application being different from the first application and the second application, wherein;
      
      the third application generates a further public/private key pair;
      
      the third application sends a request to the first application for the first application to send the third application the data access application key, the request including the further public key;
      
      the first application derives the further data access application key as a function of at least the further public key; and
      
      the first application sends the further data access application key to the third application.
  - 30. The computing program according to claim 29, wherein the code is such that the computing device:
    - determines whether the request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in the case that the request from the third application is pending;
      
      sends the message comprising the derived data access application key and control data from the first application to the second application; and
      
      responsive to receipt of the said message at the second application, send a message to the first application to process the pending request from the third application based on the control data.

31. A method, comprising configuring at least one processor and at least one memory to cause the at least one processor to:
- receive, at a first application installed on a user device, a first message from a second application for a first authentication response;
  
  receive, at the first application, a second message from a third application for a second authentication response;
  
  forward a response to the first request, the response comprising control data and authentication data to enable decryption of data that is stored in encrypted form on the computing device; and
  
  invoke, on the basis of data contained within a further message received from the second application, foreground processing resources in order to service the second message from the third application, wherein the data contained within the further message is directly related to said control data.

32. A computer program, comprising a set of instructions, which, when executed by a processing system, causes the processing system to perform the steps of:
- receive, at a first application installed on a user device, a first message from a second application for a first authentication response;
  
  receive, at the first application, a second message from a third application for a second authentication response;
  
  forward a response to the first request, the response comprising control data and authentication data to enable decryption of data that is stored in encrypted form on the computing device; and
  
  invoke, on the basis of data contained within a further message received from the second application, foreground processing resources in order to service the second message from the third application, wherein the data contained within the further message is directly related to said control data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Good Technology Corporation (Blackberry Limited)
Inventors
QUINLAN, Sean Michael

Granted Patent

US 9,954,834 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/10   Protecting distributed prog...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links