Method and system for securing data utilizing redundant secure key storage

US 8,280,047 B2
Filed: 01/25/2010
Issued: 10/02/2012
Est. Priority Date: 06/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method of key management in a data processing device, the method comprising:

generating a first encryption key associated with a first password, the first encryption key being generated using the first password, a first key seed, and a current key;

storing the first encryption key in a first location in a memory;

generating a second encryption key associated with a second password; and

storing the second encryption key in a second location in the memory;

wherein the first encryption key is used to encrypt or decrypt a first set of data, and wherein the second encryption key is used to encrypt or decrypt a second set of data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing device and method adapted for key management are provided. A first encryption key associated with a first password is generated, and at least a further encryption key associated with a further password is generated. Generation of the encryption key may use the associated password, a key seed, and a current key. The first encryption key and further encryption key or keys are stored in memory, and are used to encrypt and decrypt separate sets of data. Different keys and potentially different levels of encryption are thus used to protect different sets of data at the device.

26 Citations

View as Search Results

17 Claims

1. A method of key management in a data processing device, the method comprising:
- generating a first encryption key associated with a first password, the first encryption key being generated using the first password, a first key seed, and a current key;
  
  storing the first encryption key in a first location in a memory;
  
  generating a second encryption key associated with a second password; and
  
  storing the second encryption key in a second location in the memory;
  
  wherein the first encryption key is used to encrypt or decrypt a first set of data, and wherein the second encryption key is used to encrypt or decrypt a second set of data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein generating the second encryption key comprises deriving the second encryption key from the second password, a second key seed, and the current key.
  - 3. The method of claim 1, wherein the first set of data comprises one of private system data, data associated with a software application, email data, or appointment data.
  - 4. The method of claim 3, wherein the second set of data comprises a different one of private system data, data associated with a software application, email data, or appointment data.
  - 5. The method of claim 1, further comprising:
    - generating at least one redundant encryption key corresponding to the first encryption key;
      
      storing the at least one redundant encryption key in a further location in the memory;
      
      wherein one of the at least one redundant encryption key is retrieved for encrypting or decrypting the first set of data if a particular event is determined to have occurred.
  - 6. The method of claim 5, wherein the particular event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.

7. A data processing device comprising a system for securing data, the system comprising:
- an encryption device for encrypting and decrypting data using an encryption key from an encryption key-password pair;
  
  at least one key generating device for generating a plurality of encryption keys, each of the plurality of encryption keys being associated with a password and being generated using its associated password, a key seed, and a current key, the plurality of encryption keys comprising a first encryption key associated with a first password and a second encryption key associated with a second password; and
  
  at least one memory for storing each of the plurality of encryption keys in a separate location and for storing a register identifying the location of each of the plurality of encryption keys,wherein the first encryption key is used to encrypt or decrypt a first set of data, and the second encryption key is used to encrypt or decrypt a second set of data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The data processing device of claim 7, wherein the first set of data comprises one of private system data, data associated with a software application, email data, or appointment data.
  - 9. The data processing device of claim 8, wherein the second set of data comprises a different one of private system data, data associated with a software application, email data, or appointment data.
  - 10. The data processing device of claim 7, wherein each of the plurality of encryption keys is associated with a different type of data.
  - 11. The data processing device of claim 7, wherein:
    - the at least one key generating device is further configured to generate at least one redundant encryption key corresponding to at least one of the plurality of encryption keys;
      
      the at least one memory is configured to store the at least one redundant encryption key in a further location; and
      
      one of the at least one redundant encryption key is retrieved for encrypting or decrypting the first set of data if a particular event is determined to have occurred.
  - 12. The data processing device of claim 11, wherein the particular event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.

13. A non-transitory computer-readable medium storing executable code which, when executed by a data processing device, causes the data processing device to carry out the method of:
- generating a first encryption key associated with a first password, the first encryption key being generated using the first password, a first key seed, and a current key;
  
  storing the first encryption key in a first location in a memory;
  
  generating a second encryption key associated with a second password; and
  
  storing the second encryption key in a second location in the memory;
  
  wherein the first encryption key is used to encrypt or decrypt a first set of data, and wherein the second encryption key is used to encrypt or decrypt a second set of data.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable medium of claim 13, wherein generating the second encryption key comprises deriving the second encryption key from the second password, a second key seed, and the current key.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the first set of data comprises one of private system data, data associated with a software application, email data, or appointment data, and the second set of data comprises a different one of private system data, data associated with a software application, email data, or appointment data.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the method further comprises:
    - generating at least one redundant encryption key corresponding to the first encryption key;
      
      storing the at least one redundant encryption key in a further location in the memory;
      
      wherein one of the at least one redundant encryption key is retrieved for encrypting or decrypting the first set of data if a particular event is determined to have occurred.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the particular event is selected from one of:
    - corruption of the first encryption key;
      
      detection of a faulty data signature;
      
      ordetection of a faulty javascript execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Randell, Jerrold R.
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US12/693,191
Publication Number

US 20100119066A1
Time in Patent Office

981 Days
Field of Search

None
US Class Current

380/44
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6209   to a single file or object,...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless network architectu...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing data utilizing redundant secure key storage

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links