Accessing confidential data securely using a trusted network of mobile devices
First Claim
1. A system comprising:
- a keyholding device;
a managing device, communicatively coupled to the keyholding device, comprising;
a processor;
a protected application executing on the processor; and
a memory storing;
encrypted data encrypted using an encryption key, anda trusted device list comprising a keyholding device identifier identifying the keyholding device; and
a data manager for;
receiving, from the protected application, a request to decrypt the encrypted data sent over a secure wireless communication protocol, wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity;
obtaining the keyholding device identifier from the trusted device list;
sending a connection request to the keyholding device using the keyholding device identifier;
creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request;
requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device;
obtaining the encryption key from the keyholding process on the keyholding device;
decrypting the encrypted data using the encryption key to obtain decrypted data; and
sending the decrypted data to the protected application.
1 Assignment
0 Petitions
Accused Products
Abstract
A system including a managing device communicatively coupled to a keyholding device. The managing device includes a data manager executing on the processor configured to receive a request to decrypt encrypted data from a protected application and obtain the keyholding device identifier from a trusted device list. The data manager is further configured to send a connection request to the keyholding device using the keyholding device identifier and create an established connection in response to determining that the keyholding device has accepted the connection request. The data manager is further configured to request, via the established connection, the encryption key from a keyholding process executing on the keyholding device and obtain the encryption key from the keyholding process on keyholding device. The data manager is further configured to decrypt the encrypted data using encryption key to obtain decrypted data and send the decrypted data to the protected application.
-
Citations
14 Claims
-
1. A system comprising:
-
a keyholding device; a managing device, communicatively coupled to the keyholding device, comprising; a processor; a protected application executing on the processor; and a memory storing; encrypted data encrypted using an encryption key, and a trusted device list comprising a keyholding device identifier identifying the keyholding device; and a data manager for; receiving, from the protected application, a request to decrypt the encrypted data sent over a secure wireless communication protocol, wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity; obtaining the keyholding device identifier from the trusted device list; sending a connection request to the keyholding device using the keyholding device identifier; creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request; requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device; obtaining the encryption key from the keyholding process on the keyholding device; decrypting the encrypted data using the encryption key to obtain decrypted data; and sending the decrypted data to the protected application. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving, by a processor on a managing device and from a protected application, a request to decrypt encrypted data, wherein the encrypted data is encrypted using an encryption key sent over a secure wireless communication protocol, and wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity; obtaining, by the processor and from a trusted device list, a keyholding device identifier identifying a keyholding device; sending, by the processor, a connection request to the keyholding device using the keyholding device identifier; creating, by the processor and based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request; requesting, by the processor and via the established connection, the encryption key from a keyholding process executing on the keyholding device; obtaining, by the processor, the encryption key from the keyholding process on the keyholding device; decrypting, by the processor, the encrypted data using the encryption key to obtain decrypted data; and sending, by the processor, the decrypted data to the protected application. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable storage medium comprising instructions that, when executed by a processor of a managing device, perform:
-
receiving, from a protected application, a request to decrypt encrypted data, wherein the encrypted data is encrypted using an encryption key sent over a secure wireless communication protocol, and wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity; obtaining, from a trusted device list, a keyholding device identifier identifying a keyholding device; sending a connection request to the keyholding device using the keyholding device identifier; creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request; requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device; obtaining the encryption key from the keyholding process on keyholding device; decrypting the encrypted data using encryption key to obtain decrypted data; and sending the decrypted data to the protected application. - View Dependent Claims (12, 13, 14)
-
Specification