Method and system for securing data utilizing redundant secure key storage

US 7,653,202 B2
Filed: 04/05/2005
Issued: 01/26/2010
Est. Priority Date: 06/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:

a key generating device of the data processing device generating a first encryption key by providing a first password and a first key, seed, and deriving the first encryption key from the first password, the first key seed, and a current key;

the key generating device storing the first encryption key in a first location in a memory;

the key generating device generating at least one redundant encryption key corresponding to the first encryption key;

the key generating device storing each of the at least one redundant encryption key in a memory in a distinct location; and

storing, at a register in the data processing device, the memory location of each of the first encryption key and the at least one redundant encryption key,wherein to encrypt or decrypt a first set of data the first encryption key is retrieved by an encryption device comprised in the data_processing device but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.

Citations

22 Claims

1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:
- a key generating device of the data processing device generating a first encryption key by providing a first password and a first key, seed, and deriving the first encryption key from the first password, the first key seed, and a current key;
  
  the key generating device storing the first encryption key in a first location in a memory;
  
  the key generating device generating at least one redundant encryption key corresponding to the first encryption key;
  
  the key generating device storing each of the at least one redundant encryption key in a memory in a distinct location; and
  
  storing, at a register in the data processing device, the memory location of each of the first encryption key and the at least one redundant encryption key,wherein to encrypt or decrypt a first set of data the first encryption key is retrieved by an encryption device comprised in the data_processing device but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21, 22)
- - 2. The method of claim 1 wherein the event is the determination that the first encryption key may be corrupted.
  - 3. The method of claim 2 including the step of the data processing device determining that the first encryption key may be corrupted.
  - 4. The method of claim 3 wherein the step of determining that the first encryption key may be corrupted comprises detecting a faulty data signature in the data.
  - 5. The method of claim 3 wherein the step of determining that the first encryption key may be corrupted comprises detecting a faulty java script execution.
  - 6. The method of claim 1, further comprising:
    - the key generating device generating a second encryption key;
      
      the key generating device storing the second encryption key in a second location in the memory in a second location distinct from the first location and further distinct from each memory location at which each of the at least one redundant encryption key is stored;
      
      storing in the register the second location in the memory;
      
      wherein the second encryption key is used for encrypting or decrypting a second set of data.
  - 7. The method of claim 1 wherein each of the first and the at least one redundant encryption keys is stored in its respective memory location with an associated password as a key-password pair.
  - 8. The method of claim 6 wherein each of the first and the at least one redundant encryption keys is stored in its respective memory location with an associated password as a key-password pair.
  - 21. The method of claim 1, further comprising retrieving one of the at least one redundant encryption key upon the occurrence of the particular event, and overwriting the retrieved redundant encryption key at the first location in the memory.
  - 22. The method of claim 1, wherein generating at least one redundant encryption key comprises deriving the at least one redundant encryption key from the first password, the first key seed, and the current key.

9. A data processing device comprising a system for securing data, comprisingan encryption device for encrypting and decrypting data using an encryption key;
- at least one key generating device for generating a plurality of encryption keys comprising a first encryption key derived from a first password, a first key seed, and a current key, and at least one redundant encryption key corresponding to the first encryption key; and
  
  at least one memory for storing each of the plurality of encryption keys in a separate location and for storing a register identifying the location of each of the plurality of encryption keys,wherein to encrypt or decrypt a first set of data the first encryption key is retrieved but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The data processing device of claim 9 wherein the event is the determination that the first encryption key may be corrupted.
  - 11. The data processing device of claim 10, further comprising program code executable by the data processing device for determining that the first encryption key may be corrupted.
  - 12. The data processing device of claim 11, wherein the event is the detection of a faulty data signature in the data, the device further comprising program code executable by the data processing device for detecting the faulty data signature in the data.
  - 13. The data processing device of claim 11, wherein the event is the detection of a faulty java script execution, the device further comprising program code executable by the data processing device for detecting the faulty java script execution.
  - 14. The data processing device of claim 9 wherein the plurality of encryption keys comprises a second encryption key for encrypting or decrypting a second set of data.
  - 15. The data processing device of claim 9 wherein each of the plurality of encryption keys is stored in its respective memory location with an associated password as a key-password pair.
  - 16. The data processing device of claim 14 wherein each of the plurality of encryption keys is stored in its respective memory location with an associated password as a key-password pair.

17. A mobile communications system, comprisinga communications subsystem, for receiving and transmitting data;
- anda processor for processing data comprising an encryption device for encrypting and decrypting data received and transmitted, the processor comprising;
  
  at least one key generating device for generating a plurality of encryption keys; and
  
  at least one memory for storing each of the plurality of encryption keys in different locations and for storing a register identifying the location of each of the plurality of encryption keys, the plurality of encryption keys comprising a first encryption key derived from a first password, a first key seed, and a current key and at least one redundant encryption key corresponding to the first encryption key;
  
  wherein to encrypt or decrypt a first set of data the first encryption key is retrieved but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved.
- View Dependent Claims (18, 19, 20)
- - 18. The mobile communications system of claim 17, further comprising program code executable by the mobile communications device for determining that the first encryption key may be corrupted, and in response retrieving one of the at least one redundant encryption key from a different memory location.
  - 19. The mobile communications system of claim 17 wherein the plurality of encryption keys comprises a second encryption key for encrypting or decrypting a second set of data.
  - 20. The system of claim 17 wherein each of the plurality of encryption keys is stored in its respective memory location with an associated password as a key-password pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Randell, Jerrold R.
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US11/098,497
Publication Number

US 20060005049A1
Time in Patent Office

1,757 Days
Field of Search

380277-280, 380/286, 380/262, 380/264, 380/44, 713193-194
US Class Current

380/286
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6209   to a single file or object,...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links