System and method for securely accessing mobile data

US 8,402,552 B2
Filed: 01/07/2009
Issued: 03/19/2013
Est. Priority Date: 01/07/2008
Status: Active Grant

First Claim

Patent Images

1. A system for securing data on a mobile device comprising:

At least one backend infrastructure having machine readable storage medium having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets;

at least one primary mobile device comprising a machine readable storage having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;

said machine readable storage medium of the at least one primary mobile further having data stored thereon, said code sections and said data being encrypted;

at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device;

connection means for connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and

authentication means for obtaining said lease key whereby, expiration of the lease key triggers the primary mobile device to search its environment for a mobile device accessory and challenge said mobile device accessory to respond appropriately and if the associated mobile device accessory is found and responds appropriately in accordance with a protocol that is supported by the primary mobile device and the backend infrastructure, the lease key is provided to the mobile device enabling said primary mobile device to decrypt encrypted data stored thereon.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for maintaining secure information on mobile devices and that balances security and convenience in the provision of mobile data access. Security is maintained by extending the use of industry-accepted two-factor authentication methods, and convenience is enhanced by utilizing a user'"'"'s existing mobile device accessories as an authentication factor. As a result, the present invention provides a strong authentication system and method without the cost or burden of requiring the user to acquire additional hardware for security purposes.

Citations

13 Claims

1. A system for securing data on a mobile device comprising:
- At least one backend infrastructure having machine readable storage medium having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets;
  
  at least one primary mobile device comprising a machine readable storage having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
  
  said machine readable storage medium of the at least one primary mobile further having data stored thereon, said code sections and said data being encrypted;
  
  at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device;
  
  connection means for connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and
  
  authentication means for obtaining said lease key whereby, expiration of the lease key triggers the primary mobile device to search its environment for a mobile device accessory and challenge said mobile device accessory to respond appropriately and if the associated mobile device accessory is found and responds appropriately in accordance with a protocol that is supported by the primary mobile device and the backend infrastructure, the lease key is provided to the mobile device enabling said primary mobile device to decrypt encrypted data stored thereon.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 whereby said connection means comprises establishing an internet connection between said primary mobile device and said backend infrastructure.
  - 3. The system of claim 2 further comprising a means of generating a temporary renewed lease key when said internet connection cannot be established.
  - 4. The system of claim 2 further comprising a means of temporarily extending the expiration of said original lease key when said internet connection cannot be established.
  - 5. The system of claim 1 whereby said authentication means further comprises a challenge by said primary mobile device to said mobile device accessory to respond to said primary mobile device where said challenge includes a seed;
    - a response to said challenge by said mobile device accessory to said primary mobile device based on the seed applied to an algorithm shared by the primary mobile device and the mobile device accessory; and
      
      sending said response through said connection means to said backend infrastructure.
  - 6. The system of claim 5 whereby said authentication means further comprises developing an environment signature and sending said environmental signature to said backend infrastructure with said request for said lease key.

7. A method for securing data on a mobile device utilizing at least one backend infrastructure having machine readable storage media having stored thereon a plurality of code sections executable by a machine, said code sections comprising a plurality of applications and datasets;
- at least one primary mobile device comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said backend infrastructure, receiving data transferred from said backend infrastructure, storing data, and transferring data to said backend infrastructure;
  
  said machine readable storage medium of the backend infrastructure further having data stored thereon, said code sections and said data being encrypted;
  
  at least one mobile device accessory, comprising a machine readable storage medium having stored thereon a plurality of code sections executable by a machine for communicating with said primary mobile device, receiving data transferred from said primary mobile device, storing data, and transferring data to said primary mobile device;
  
  said method comprising the steps of;
  
  connecting said primary mobile device to said backend infrastructure whereby said backend infrastructure may transfer a lease key to said primary mobile device, said lease key comprising a dataset capable of decrypting data and code sections stored on said primary mobile device for a limited period of time; and
  
  obtaining said lease key whereby, when said primary mobile device connects to said backend infrastructure and requests said lease key, said backend infrastructure will grant or deny said request based upon a successful response by the mobile device accessory to an authentication challenge from the primary device, said response and authentication challenge being part of a challenge response protocol between the primary mobile device and the mobile device accessory which is managed by the backend infrastructure.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 whereby the step of connecting said mobile device to said backend infrastructure comprises establishing an internet connection between said primary mobile device and said backend infrastructure.
  - 9. The method of claim 8 further comprising the step of generating a temporary renewed lease key when said internet connection cannot be established.
  - 10. The method of claim 8 further comprising the step of temporarily extending the expiration of said original lease key when said internet connection cannot be established.
  - 11. The method of claim 7 whereby said step of obtaining a lease key comprises a seed containing challenge by said primary mobile device to said mobile device accessory to respond to said primary mobile device;
    - a response to said challenge by said mobile device accessory to said primary mobile device based on the seed being applied to an algorithm shared by the primary mobile device and the mobile device accessory; and
      
      sending said response through said connection means to said backend infrastructure.
  - 12. The method of claim 11 whereby said step of obtaining a renewed lease key further comprises the step of developing an environment signature and sending said environment signature to said backend infrastructure with said request for said lease key.

13. A method on a system for securing data on a mobile device, said system comprising a network;
- at least one backend infrastructure comprising a server located behind a firewall attached to said network, said server having machine readable storage having stored thereon data and a plurality of code sections executable by a machine, said code sections comprising a plurality of applications, said server further comprising data identifying associations between at least a primary mobile device, at least one mobile device accessory, and a user;
  
  at least one primary mobile device comprising a machine readable storage having stored thereon data and a plurality of code sections executable by a machine for communicating with said server, at least one of said data or code sections being encrypted;
  
  at least one mobile device accessory comprising a machine readable storage having data stored thereon;
  
  the method for securing data on said at least one primary mobile device comprising the steps of;
  
  generating and situating on said primary mobile device a lease key capable of identifying said primary mobile device and said at least one mobile device accessory, and capable of decrypting said at least one encrypted application and encrypted data on said primary mobile device, said lease key comprising a time-limited activation lease period and limited activation extension parameters;
  
  upon attempting to access said at least one encrypted application or encrypted data following the expiration of said time-limited activation lease period, gathering information regarding said primary mobile device and said mobile device accessory and attempting to establish a network connection with said server where the gathered information contains various defined authentication factors to which varying positive or negative evidentiary weights are assigned;
  
  and if a connection is established, sending said gathered information and a request to authenticate a new lease key to said server;
  
  said server receiving and comparing said information with association information maintained in said server database to determine whether said information is sufficient to authorize a new lease key to be sent to said primary mobile device;
  
  and if, based on the weighted evidence, said information is sufficient to authorize a new lease key, sending said lease key to said primary mobile device;
  
  and if said comparison mandates a refusal of authentication, notifying said primary mobile device that said authentication request is refused;
  
  and if, based on the weighted evidence, said information is not sufficient to authorize a new lease key to be sent to said primary mobile device, notifying said primary mobile device that additional authentication information is needed;
  
  gathering and sending additional authentication information from said primary mobile device to said server for further comparison; and
  
  if a connection is not made to said server, comparing said gathered information to association information obtained from said lease key;
  
  and if said comparison shows sufficient correlation between said gathered information and said association information, determining whether said limited activation extension parameters are satisfied;
  
  and if said limited activation extension parameters are satisfied, granting access to said one or more encrypted applications and encrypted data with said lease key in accordance with said limited activation extension parameters;
  
  and if said one or more limited activation extension parameters are not satisfied, denying access to said one or more encrypted applications and encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vaultus Mobile Technologies Incorporated
Original Assignee
Antenna Vaultus, Inc. (Pegasystems Incorporated)
Inventors
Goyal, Arvind, George, Joseph Muthian
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US12/350,135
Publication Number

US 20090240947A1
Time in Patent Office

1,532 Days
Field of Search

726/27
US Class Current

726/27
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

System and method for securely accessing mobile data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely accessing mobile data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links