PROTECTING SENSITIVE INFORMATION USING A TRUSTED DEVICE

US 20170163613A1
Filed: 02/21/2017
Published: 06/08/2017
Est. Priority Date: 11/11/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting sensitive information, the method comprising:

encrypting sensitive information with a first secret key;

transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;

receiving an authentication identification originated from the server and forwarded by the untrusted device;

decrypting the authentication identification; and

transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to the information processing field, and discloses a method for protecting sensitive information, comprising: encrypting sensitive information with a first secret key; transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.

20 Citations

20 Claims

1. A method for protecting sensitive information, the method comprising:
- encrypting sensitive information with a first secret key;
  
  transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;
  
  receiving an authentication identification originated from the server and forwarded by the untrusted device;
  
  decrypting the authentication identification; and
  
  transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - receiving the sensitive information input by a user.
  - 3. The method according to claim 2, further comprising:
    - receiving first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and
      
      generating second information based on the first information and the sensitive information;
      
      wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, andwherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
  - 4. The method according to claim 1, further comprising:
    - establishing a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
  - 5. The method according to claim 1, further comprising:
    - receiving a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.
  - 6. The method according to claim 1, wherein the untrusted device does not know the first secret key.
  - 7. The method according to claim 1, wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.

8. A trusted device for protecting sensitive information, the trusted device comprising one or more hardware processors configured to execute the following program instructions:
- program instructions programmed to encrypt sensitive information with a first secret key;
  
  program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;
  
  program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;
  
  program instructions programmed to decrypt the authentication identification; and
  
  program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The trusted device according to claim 8, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive the sensitive information input by a user.
  - 10. The trusted device according to claim 9, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and
      
      program instructions programmed to generate second information based on the first information and the sensitive information;
      
      wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, andwherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
  - 11. The trusted device according to claim 8, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to establish a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
  - 12. The trusted device according to claim 8, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.
  - 13. The trusted device according to claim 8, wherein the untrusted device does not know the first secret key.
  - 14. The trusted device according to claim 8, wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.

15. A computer system for protecting sensitive information, the computer system comprising:
- an untrusted device; and
  
  a trusted device;
  
  wherein the trusted device comprises one or more hardware processors configured to execute the following program instructions;
  
  program instructions programmed to encrypt sensitive information with a first secret key;
  
  program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;
  
  program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;
  
  program instructions programmed to decrypt the authentication identification; and
  
  program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system according to claim 15, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive the sensitive information input by a user.
  - 17. The computer system according to claim 16, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and
      
      program instructions programmed to generate second information based on the first information and the sensitive information;
      
      wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, andwherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
  - 18. The computer system according to claim 15, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to establish a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
  - 19. The computer system according to claim 15, wherein the one or more hardware processors are further configured to execute the following program instructions:
    - program instructions programmed to receive a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.
  - 20. The computer system according to claim 15, wherein the first secret key meets one of the following:
    - the untrusted device does not know the first secret key, and the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wang, Xi Qing, Yang, Zhen Xiang, Zhao, Shiwan, Li, Qining, Yan, Yan

Application Number

US15/437,468
Publication Number

US 20170163613A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

PROTECTING SENSITIVE INFORMATION USING A TRUSTED DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROTECTING SENSITIVE INFORMATION USING A TRUSTED DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links