Accessing confidential data securely using a trusted network of mobile devices

US 9,129,283 B1
Filed: 01/10/2012
Issued: 09/08/2015
Est. Priority Date: 01/10/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a keyholding device;

a managing device, communicatively coupled to the keyholding device, comprising;

a processor;

a protected application executing on the processor; and

a memory storing;

encrypted data encrypted using an encryption key, anda trusted device list comprising a keyholding device identifier identifying the keyholding device; and

a data manager for;

receiving, from the protected application, a request to decrypt the encrypted data sent over a secure wireless communication protocol, wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity;

obtaining the keyholding device identifier from the trusted device list;

sending a connection request to the keyholding device using the keyholding device identifier;

creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request;

requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device;

obtaining the encryption key from the keyholding process on the keyholding device;

decrypting the encrypted data using the encryption key to obtain decrypted data; and

sending the decrypted data to the protected application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system including a managing device communicatively coupled to a keyholding device. The managing device includes a data manager executing on the processor configured to receive a request to decrypt encrypted data from a protected application and obtain the keyholding device identifier from a trusted device list. The data manager is further configured to send a connection request to the keyholding device using the keyholding device identifier and create an established connection in response to determining that the keyholding device has accepted the connection request. The data manager is further configured to request, via the established connection, the encryption key from a keyholding process executing on the keyholding device and obtain the encryption key from the keyholding process on keyholding device. The data manager is further configured to decrypt the encrypted data using encryption key to obtain decrypted data and send the decrypted data to the protected application.

Citations

14 Claims

1. A system comprising:
- a keyholding device;
  
  a managing device, communicatively coupled to the keyholding device, comprising;
  
  a processor;
  
  a protected application executing on the processor; and
  
  a memory storing;
  
  encrypted data encrypted using an encryption key, anda trusted device list comprising a keyholding device identifier identifying the keyholding device; and
  
  a data manager for;
  
  receiving, from the protected application, a request to decrypt the encrypted data sent over a secure wireless communication protocol, wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity;
  
  obtaining the keyholding device identifier from the trusted device list;
  
  sending a connection request to the keyholding device using the keyholding device identifier;
  
  creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request;
  
  requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device;
  
  obtaining the encryption key from the keyholding process on the keyholding device;
  
  decrypting the encrypted data using the encryption key to obtain decrypted data; and
  
  sending the decrypted data to the protected application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein sending the connection request comprises initiating a connection between a protocol host on the managing device and a protocol client on the keyholding device.
  - 3. The system of claim 1, wherein creating the established connection comprises determining that the keyholding device is within the specified proximity to the managing device.
  - 4. The system of claim 1, wherein the managing device is one selected from a group consisting of a portable personal computer, a tablet computer, and a smartphone.
  - 5. The system of claim 1, wherein the protected application is a financial application, and wherein the encrypted data is encrypted credentials used to access financial information from the financial application.

6. A method comprising:
- receiving, by a processor on a managing device and from a protected application, a request to decrypt encrypted data, wherein the encrypted data is encrypted using an encryption key sent over a secure wireless communication protocol, and wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity;
  
  obtaining, by the processor and from a trusted device list, a keyholding device identifier identifying a keyholding device;
  
  sending, by the processor, a connection request to the keyholding device using the keyholding device identifier;
  
  creating, by the processor and based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request;
  
  requesting, by the processor and via the established connection, the encryption key from a keyholding process executing on the keyholding device;
  
  obtaining, by the processor, the encryption key from the keyholding process on the keyholding device;
  
  decrypting, by the processor, the encrypted data using the encryption key to obtain decrypted data; and
  
  sending, by the processor, the decrypted data to the protected application.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein sending the connection request comprises initiating a connection between a protocol host on the managing device and a protocol client on the keyholding device.
  - 8. The method of claim 6, wherein creating the established connection comprises determining that the keyholding device is within the specified proximity to the managing device.
  - 9. The method of claim 6, wherein the managing device is one selected from a group consisting of a portable personal computer, a tablet computer, and a smartphone.
  - 10. The method of claim 6, wherein the protected application is a financial application, and wherein the encrypted data is encrypted credentials used to access financial information from the financial application.

11. A non-transitory computer readable storage medium comprising instructions that, when executed by a processor of a managing device, perform:
- receiving, from a protected application, a request to decrypt encrypted data, wherein the encrypted data is encrypted using an encryption key sent over a secure wireless communication protocol, and wherein the secure wireless communication protocol requires that a distance between the managing device and the keyholding device be within a specified proximity;
  
  obtaining, from a trusted device list, a keyholding device identifier identifying a keyholding device;
  
  sending a connection request to the keyholding device using the keyholding device identifier;
  
  creating, based on the distance, an established connection in response to determining that the keyholding device has accepted the connection request;
  
  requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device;
  
  obtaining the encryption key from the keyholding process on keyholding device;
  
  decrypting the encrypted data using encryption key to obtain decrypted data; and
  
  sending the decrypted data to the protected application.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer readable storage medium of claim 11, wherein sending the connection request comprises initiating a connection between a protocol host on the managing device and a protocol client on the keyholding device.
  - 13. The non-transitory computer readable storage medium of claim 11, wherein creating the established connection comprises determining that the keyholding device is within the specified proximity to the managing device, and wherein the managing device is one selected from a group consisting of a portable personal computer, a tablet computer, and a smartphone.
  - 14. The non-transitory computer readable storage medium of claim 11, wherein the protected application is a financial application, and wherein the encrypted data is encrypted credentials used to access financial information from the financial application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Raju, Hemant
Primary Examiner(s)
Ravetti, Dante

Application Number

US13/347,560
Time in Patent Office

1,337 Days
Field of Search

709/214, 463/16
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06Q 20/1235   with control of digital rig...

G06Q 20/3829   involving key management

H04L 63/06   for supporting key manageme...

Accessing confidential data securely using a trusted network of mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing confidential data securely using a trusted network of mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links