Method and system for securing data utilizing redundant secure key storage
First Claim
1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:
- a key generating device of the data processing device generating a first encryption key by providing a first password and a first key, seed, and deriving the first encryption key from the first password, the first key seed, and a current key;
the key generating device storing the first encryption key in a first location in a memory;
the key generating device generating at least one redundant encryption key corresponding to the first encryption key;
the key generating device storing each of the at least one redundant encryption key in a memory in a distinct location; and
storing, at a register in the data processing device, the memory location of each of the first encryption key and the at least one redundant encryption key,wherein to encrypt or decrypt a first set of data the first encryption key is retrieved by an encryption device comprised in the data_processing device but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.
-
Citations
22 Claims
-
1. A method of securing data in a data processing device having an encryption device for encrypting and decrypting data using an encryption key-password pair, comprising the steps of:
-
a key generating device of the data processing device generating a first encryption key by providing a first password and a first key, seed, and deriving the first encryption key from the first password, the first key seed, and a current key; the key generating device storing the first encryption key in a first location in a memory; the key generating device generating at least one redundant encryption key corresponding to the first encryption key; the key generating device storing each of the at least one redundant encryption key in a memory in a distinct location; and storing, at a register in the data processing device, the memory location of each of the first encryption key and the at least one redundant encryption key, wherein to encrypt or decrypt a first set of data the first encryption key is retrieved by an encryption device comprised in the data_processing device but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21, 22)
-
-
9. A data processing device comprising a system for securing data, comprising
an encryption device for encrypting and decrypting data using an encryption key; -
at least one key generating device for generating a plurality of encryption keys comprising a first encryption key derived from a first password, a first key seed, and a current key, and at least one redundant encryption key corresponding to the first encryption key; and at least one memory for storing each of the plurality of encryption keys in a separate location and for storing a register identifying the location of each of the plurality of encryption keys, wherein to encrypt or decrypt a first set of data the first encryption key is retrieved but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A mobile communications system, comprising
a communications subsystem, for receiving and transmitting data; - and
a processor for processing data comprising an encryption device for encrypting and decrypting data received and transmitted, the processor comprising; at least one key generating device for generating a plurality of encryption keys; and at least one memory for storing each of the plurality of encryption keys in different locations and for storing a register identifying the location of each of the plurality of encryption keys, the plurality of encryption keys comprising a first encryption key derived from a first password, a first key seed, and a current key and at least one redundant encryption key corresponding to the first encryption key; wherein to encrypt or decrypt a first set of data the first encryption key is retrieved but upon the occurrence of a particular event one of the at least one redundant encryption key is retrieved. - View Dependent Claims (18, 19, 20)
- and
Specification