Transfer device for sensitive material such as a cryptographic key

US 8,447,969 B2
Filed: 03/15/2010
Issued: 05/21/2013
Est. Priority Date: 03/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:

receiving, at a user input of a first computing device, input of sensitive information;

transmitting the input sensitive information directly from the user input to a secure element of the first computing device;

securing the sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key;

encapsulating the secure sensitive information in at least one Internet Protocol packet for transmission across a public network;

transmitting the at least one Internet Protocol packet containing the secure sensitive information from the first entity to the second entity over a packet-switched network, wherein the first entity controls the first computing device and wherein the at least one Internet Protocol packet is transmitted from the first computing device to a second computing device controlled by the second entity;

receiving, at the second computing device, the at least one Internet Protocol packet;

using, by the second entity, the second computing device to un-encapsulate the secure sensitive information;

unsecuring, within a secure element of the second computing device, the secure sensitive information; and

using, by the second entity, the unsecure sensitive information in at least one application not controlled by the first entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms are provided for transferring sensitive information, such as cryptographic keys, between entities. Particularly, a device is provided with a user input connected directly to a secure element. The device enables a user to enter sensitive information in the user input which is then passed directly to the secure element without traversing any other element such that the secure element can encode and/or encrypt the sensitive information. Once the sensitive information has been encoded and/or encrypted by the secure element, the now secure sensitive information can be shared with other entities using familiar and popular, yet relatively unsecure, transfer methods.

Citations

15 Claims

1. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:
- receiving, at a user input of a first computing device, input of sensitive information;
  
  transmitting the input sensitive information directly from the user input to a secure element of the first computing device;
  
  securing the sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key;
  
  encapsulating the secure sensitive information in at least one Internet Protocol packet for transmission across a public network;
  
  transmitting the at least one Internet Protocol packet containing the secure sensitive information from the first entity to the second entity over a packet-switched network, wherein the first entity controls the first computing device and wherein the at least one Internet Protocol packet is transmitted from the first computing device to a second computing device controlled by the second entity;
  
  receiving, at the second computing device, the at least one Internet Protocol packet;
  
  using, by the second entity, the second computing device to un-encapsulate the secure sensitive information;
  
  unsecuring, within a secure element of the second computing device, the secure sensitive information; and
  
  using, by the second entity, the unsecure sensitive information in at least one application not controlled by the first entity.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the secure element comprises a tamper-resistant processor.
  - 3. The method of claim 1, wherein the packet-switched network comprises the Internet.
  - 4. The method of claim 1, wherein the unsecure sensitive information is used by the second entity to create authentication credentials for use by the first entity.

5. A method of securely sharing sensitive information of a first entity with a second entity such that the second entity has useable control of the sensitive information, the method comprising:
- receiving, at a user input of a first computing device, input from the first entity of sensitive information;
  
  transmitting the input sensitive information directly from the user input to a secure element of the first computing device;
  
  transforming the sensitive information into secure sensitive information within the secure element by at least one of encoding and encrypting the sensitive information with an encryption algorithm and key;
  
  transmitting the secure sensitive information from the secure element to a user output available to the first entity;
  
  reading, by the first entity, the secure sensitive information from the user output;
  
  communicating, by the first entity to the second entity, the secure sensitive information via at least one of a telephone call, video call, email, SMS message, and fax;
  
  receiving, at the second entity, the secure sensitive information;
  
  using, by the second entity, a second computing device to transform the secured sensitive information back into sensitive information; and
  
  using, by the second entity, the unsecured sensitive information in at least one application not controlled by the first entity.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the secure element comprises a tamper-resistant processor.
  - 7. The method of claim 5, wherein the user input is hardwired to the secure element.
  - 8. The method of claim 5, wherein the sensitive information is transmitted directly from the user input to the secure element without the assistance of an operating system.

9. A system, comprising:
- a first computing device comprising a secure element hardwired to a user input, wherein the first computing device is under control of a first entity, and wherein the first computing device is configured to receive sensitive information via the user input and provide the sensitive information directly to the secure element where the sensitive information is at least one of encoded and encrypted as secure sensitive information; and
  
  a second computing device comprising a secure element hardwired to a user input, wherein the second computing device is under control of a second entity different from the first entity, and wherein the second computing device is configured to receive the secure sensitive information stored on the secure element of the first computing device, transform the secure sensitive information into unsecured sensitive information, and at least one of;
  
  (1) display the unsecured sensitive information on a user output of the second computing device and (2) sending the unsecured sensitive information to an external device, wherein the first computing device comprises a network interface configured to encapsulate the secured sensitive information in at least one Internet Protocol packet for transmission across a public network and transmit the at least one Internet Protocol packet to the second computing device and wherein the second computing device comprises a network interface adapted to receive the at least one Internet Protocol packet and obtain the secure sensitive information therefrom.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the user input of the first computing system is hardwired to the secure element of the first computing system such that no other electrical components or applications receive data transmitted from the user input to the secure element.
  - 11. The system of claim 10, wherein the user output of the second computing system is hardwired to the secure element of the second computing system such that no other electrical components or applications receive data transmitted from the secure element to the user output.
  - 12. The system of claim 9, wherein (1) is performed.
  - 13. The system of claim 9, wherein (2) is performed.
  - 14. The system of claim 9, wherein the second computing device receives the secure sensitive information as user input received at the user input of the second computing device.
  - 15. The system of claim 9, wherein the secure element of the first computing device comprises one or more of an applet programmed into an Integrated Circuit card, an applet programmed into a Subscriber Identity Module card, and an Application Specific Integrated Circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Robinton, Mark, Haigh, Scott, Guthery, Scott B.
Primary Examiner(s)
Arani, Taghi T
Assistant Examiner(s)
LEE, JASON T

Application Number

US12/724,078
Publication Number

US 20100235622A1
Time in Patent Office

1,163 Days
Field of Search

713/153, 713/194
US Class Current

713/153
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 21/82 Protecting input, output or...

Transfer device for sensitive material such as a cryptographic key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Transfer device for sensitive material such as a cryptographic key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links