Method and apparatus for secured access
First Claim
Patent Images
1. A method for validating integrity of a mobile communication device, the method comprising:
- provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;
running the integrity verification application to validate the data based on the expected signatures;
establishing a first pass phrase and a second pass phrase, wherein the establishing comprises;
receiving a first instance of the first pass phrase;
performing a first hash function calculation on non-volatile memory of the mobile communication device using the first instance of the first pass phrase as a seed value to provide a first hash result;
receiving the second pass phrase;
splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and
storing the split of the second pass phrase in the non-volatile memory of the mobile communication device;
thereafter, receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase;
performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation;
determining the second pass phrase based on the split of the second pass phrase and the second hash value; and
displaying the second pass phrase as an indication of the integrity.
5 Assignments
0 Petitions
Accused Products
Abstract
A commercial off-the-shelf smartphone is adapted, through software modifications only, to provide multiple operating domains or domains that provide differing levels of security and reliability. Each operating domain is isolated from the others. Detection of unauthorized modification is provided. Cross domain activity notification is provided.
-
Citations
12 Claims
-
1. A method for validating integrity of a mobile communication device, the method comprising:
-
provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device; installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device; running the integrity verification application to validate the data based on the expected signatures; establishing a first pass phrase and a second pass phrase, wherein the establishing comprises; receiving a first instance of the first pass phrase; performing a first hash function calculation on non-volatile memory of the mobile communication device using the first instance of the first pass phrase as a seed value to provide a first hash result; receiving the second pass phrase; splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and storing the split of the second pass phrase in the non-volatile memory of the mobile communication device; thereafter, receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase; performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation; determining the second pass phrase based on the split of the second pass phrase and the second hash value; and displaying the second pass phrase as an indication of the integrity. - View Dependent Claims (2, 3, 4, 9)
-
-
5. A mobile communication device comprising:
-
a provisioning module configured to provision the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device; a first integrity verification application comprising a list of expected signatures for data on the mobile communication device; an initialization module configured to establish a first pass phrase and a second pass phrase, the initialization module comprising; an input module configured to receive the first pass phrase and the second pass phrase; a first hash function calculation module configured to calculate a first hash function on non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a first hash result; a splitting module configured to split a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and a storing module configured to store the split of the second pass phrase in the non-volatile memory of the mobile communication device; a second integrity verification module configured to receive the first pass phrase as a challenge for verification, the second integrity verification module comprising; a second hash function calculation module configured to calculate a second hash function on the non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a second hash result; a determining module configured to determine the second pass phrase based on the split of the second pass phrase and the second hash value; and a display module configured to display the second pass phrase as an indication of integrity. - View Dependent Claims (6, 7, 8, 10)
-
-
11. A method for provisioning a mobile communication device, the method comprising:
-
deleting existing software from the mobile communication device and installing trusted software on the mobile communication device; installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device; establishing a first pass phrase and a second pass phrase, wherein establishing the first pass phrase and the second pass phrase comprises; receiving the first pass phrase; performing a first hash function calculation on non-volatile memory of the mobile communication device using the first pass phrase as a seed value to provide a first hash result; receiving the second pass phrase; splitting a parameter of the second pass phrase against the first hash result to provide a split of the second pass phrase; and storing the split of the second pass phrase in the non-volatile memory of the mobile communication device; receiving a second instance of the first pass phrase as a challenge for verification, and in response to receiving the second instance of the first pass phrase; performing a second hash function calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass phrase as a seed value to provide a second hash result, the second hash function calculation being different from the first hash function calculation; determining the second pass phrase based on the split of the second pass phrase and the second hash value; and displaying the second pass phrase as an indication of integrity. - View Dependent Claims (12)
-
Specification