System and method for securely accessing mobile data
First Claim
Patent Images
1. A system for securing data on a mobile device comprising:
- At least one backend infrastructure having machine readable storage medium having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets;
at least one primary mobile device comprising a machine readable storage having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
said machine readable storage medium of the at least one primary mobile further having data stored thereon, said code sections and said data being encrypted;
at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device;
connection means for connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and
authentication means for obtaining said lease key whereby, expiration of the lease key triggers the primary mobile device to search its environment for a mobile device accessory and challenge said mobile device accessory to respond appropriately and if the associated mobile device accessory is found and responds appropriately in accordance with a protocol that is supported by the primary mobile device and the backend infrastructure, the lease key is provided to the mobile device enabling said primary mobile device to decrypt encrypted data stored thereon.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for maintaining secure information on mobile devices and that balances security and convenience in the provision of mobile data access. Security is maintained by extending the use of industry-accepted two-factor authentication methods, and convenience is enhanced by utilizing a user'"'"'s existing mobile device accessories as an authentication factor. As a result, the present invention provides a strong authentication system and method without the cost or burden of requiring the user to acquire additional hardware for security purposes.
-
Citations
13 Claims
-
1. A system for securing data on a mobile device comprising:
-
At least one backend infrastructure having machine readable storage medium having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets; at least one primary mobile device comprising a machine readable storage having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
said machine readable storage medium of the at least one primary mobile further having data stored thereon, said code sections and said data being encrypted;at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device; connection means for connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and authentication means for obtaining said lease key whereby, expiration of the lease key triggers the primary mobile device to search its environment for a mobile device accessory and challenge said mobile device accessory to respond appropriately and if the associated mobile device accessory is found and responds appropriately in accordance with a protocol that is supported by the primary mobile device and the backend infrastructure, the lease key is provided to the mobile device enabling said primary mobile device to decrypt encrypted data stored thereon. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for securing data on a mobile device utilizing at least one backend infrastructure having machine readable storage media having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets;
- at least one primary mobile device comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
said machine readable storage medium of the backend infrastructure further having data stored thereon, said code sections and said data being encrypted;
at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device;
said method comprising the steps of;connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and obtaining said lease key whereby, when said primary mobile device connects to said backend infrastructure and requests said lease key, said backend infrastructure will grant or deny said request based upon a successful response by the mobile device accessory to an authentication challenge from the primary device, said response and authentication challenge being part of a challenge response protocol between the primary mobile device and the mobile device accessory which is managed by the backend infrastructure. - View Dependent Claims (8, 9, 10, 11, 12)
- at least one primary mobile device comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
-
13. A method on a system for securing data on a mobile device, said system comprising a network;
-
at least one backend infrastructure comprising a server located behind a firewall attached to said network, said server having machine readable storage having stored thereon data and a plurality of code sections executable by a machine, said code sections comprising a plurality of applications, said server further comprising data identifying associations between at least a primary mobile device, at least one mobile device accessory, and a user; at least one primary mobile device comprising a machine readable storage having stored thereon data and a plurality of code sections executable by a machine for communicating with said server, at least one of said data or code sections being encrypted; at least one mobile device accessory comprising a machine readable storage having data stored thereon;
the method for securing data on said at least one primary mobile device comprising the steps of;generating and situating on said primary mobile device a lease key capable of identifying said primary mobile device and said at least one mobile device accessory, and capable of decrypting said at least one encrypted application and encrypted data on said primary mobile device, said lease key comprising a time-limited activation lease period and limited activation extension parameters; upon attempting to access said at least one encrypted application or encrypted data following the expiration of said time-limited activation lease period, gathering information regarding said primary mobile device and said mobile device accessory and attempting to establish a network connection with said server where the gathered information contains various defined authentication factors to which varying positive or negative evidentiary weights are assigned; and if a connection is established, sending said gathered information and a request to authenticate a new lease key to said server; said server receiving and comparing said information with association information maintained in said server database to determine whether said information is sufficient to authorize a new lease key to be sent to said primary mobile device; and if, based on the weighted evidence, said information is sufficient to authorize a new lease key, sending said lease key to said primary mobile device; and if said comparison mandates a refusal of authentication, notifying said primary mobile device that said authentication request is refused; and if, based on the weighted evidence, said information is not sufficient to authorize a new lease key to be sent to said primary mobile device, notifying said primary mobile device that additional authentication information is needed; gathering and sending additional authentication information from said primary mobile device to said server for further comparison; and
if a connection is not made to said server, comparing said gathered information to association information obtained from said lease key;and if said comparison shows sufficient correlation between said gathered information and said association information, determining whether said limited activation extension parameters are satisfied; and if said limited activation extension parameters are satisfied, granting access to said one or more encrypted applications and encrypted data with said lease key in accordance with said limited activation extension parameters; and if said one or more limited activation extension parameters are not satisfied, denying access to said one or more encrypted applications and encrypted data.
-
Specification