Transfer device for sensitive material such as a cryptographic key
First Claim
1. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:
- receiving, at a user input of a first computing device, input of sensitive information;
transmitting the input sensitive information directly from the user input to a secure element of the first computing device;
securing the sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key;
encapsulating the secure sensitive information in at least one Internet Protocol packet for transmission across a public network;
transmitting the at least one Internet Protocol packet containing the secure sensitive information from the first entity to the second entity over a packet-switched network, wherein the first entity controls the first computing device and wherein the at least one Internet Protocol packet is transmitted from the first computing device to a second computing device controlled by the second entity;
receiving, at the second computing device, the at least one Internet Protocol packet;
using, by the second entity, the second computing device to un-encapsulate the secure sensitive information;
unsecuring, within a secure element of the second computing device, the secure sensitive information; and
using, by the second entity, the unsecure sensitive information in at least one application not controlled by the first entity.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for transferring sensitive information, such as cryptographic keys, between entities. Particularly, a device is provided with a user input connected directly to a secure element. The device enables a user to enter sensitive information in the user input which is then passed directly to the secure element without traversing any other element such that the secure element can encode and/or encrypt the sensitive information. Once the sensitive information has been encoded and/or encrypted by the secure element, the now secure sensitive information can be shared with other entities using familiar and popular, yet relatively unsecure, transfer methods.
-
Citations
15 Claims
-
1. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:
-
receiving, at a user input of a first computing device, input of sensitive information; transmitting the input sensitive information directly from the user input to a secure element of the first computing device; securing the sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key; encapsulating the secure sensitive information in at least one Internet Protocol packet for transmission across a public network; transmitting the at least one Internet Protocol packet containing the secure sensitive information from the first entity to the second entity over a packet-switched network, wherein the first entity controls the first computing device and wherein the at least one Internet Protocol packet is transmitted from the first computing device to a second computing device controlled by the second entity; receiving, at the second computing device, the at least one Internet Protocol packet; using, by the second entity, the second computing device to un-encapsulate the secure sensitive information; unsecuring, within a secure element of the second computing device, the secure sensitive information; and using, by the second entity, the unsecure sensitive information in at least one application not controlled by the first entity. - View Dependent Claims (2, 3, 4)
-
-
5. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:
-
receiving, at a user input of a first computing device, input from the first entity of sensitive information; transmitting the input sensitive information directly from the user input to a secure element of the first computing device; transforming the sensitive information into secure sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key; transmitting the secure sensitive information from the secure element to a user output available to the first entity; reading, by the first entity, the secure sensitive information from the user output; communicating, by the first entity to the second entity, the secure sensitive information via at least one of a telephone call, video call, email, SMS message, and fax; receiving, at the second entity, the secure sensitive information; using, by the second entity, a second computing device to transform the secured sensitive information back into sensitive information; and using, by the second entity, the unsecured sensitive information in at least one application not controlled by the first entity. - View Dependent Claims (6, 7, 8)
-
-
9. A system, comprising:
-
a first computing device comprising a secure element hardwired to a user input, wherein the first computing device is under control of a first entity, and wherein the first computing device is configured to receive sensitive information via the user input and provide the sensitive information directly to the secure element where the sensitive information is at least one of encoded and encrypted as secure sensitive information; and a second computing device comprising a secure element hardwired to a user input, wherein the second computing device is under control of a second entity different from the first entity, and wherein the second computing device is configured to receive the secure sensitive information stored on the secure element of the first computing device, transform the secure sensitive information into unsecured sensitive information, and at least one of;
(1) display the unsecured sensitive information on a user output of the second computing device and (2) sending the unsecured sensitive information to an external device, wherein the first computing device comprises a network interface configured to encapsulate the secured sensitive information in at least one Internet Protocol packet for transmission across a public network and transmit the at least one Internet Protocol packet to the second computing device and wherein the second computing device comprises a network interface adapted to receive the at least one Internet Protocol packet and obtain the secure sensitive information therefrom. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification