Using a token code to control access to data and applications in a mobile platform
First Claim
Patent Images
1. A method comprising:
- processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component;
encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server;
transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform;
storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential;
creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
providing the list to a policy server.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus and articles of manufacture for using a token code to control access to data and applications in a mobile platform are provided herein. A method includes processing authentication information via a cryptographic operation to generate an output, partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component, encrypting an item of cryptographic information via the encryption key component, and storing the component that identifies the authentication information and the encrypted item of cryptographic information.
-
Citations
20 Claims
-
1. A method comprising:
-
processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component; encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server; transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform; storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential; creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and providing the list to a policy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An article of manufacture comprising a processor-readable non-transitory storage medium having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry out steps comprising:
-
processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component; encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server; transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform; storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential; creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and providing the list to a policy server. - View Dependent Claims (17, 18)
-
-
10. An apparatus comprising:
-
a memory; and at least one processor coupled to the memory and configured to; process authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partition the output into (i) a component that identifies the authentication information and (ii) an encryption key component; encrypt an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server; transfer (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform; store, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential; create a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and provide the list to a policy server. - View Dependent Claims (19, 20)
-
-
11. A method comprising:
-
processing authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partitioning the output into (i) a component that identifies the authentication information and (ii) a decryption key component; determining whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform; decrypting a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform; transferring the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith; creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and providing the list to a policy server. - View Dependent Claims (12, 13, 14)
-
-
15. An article of manufacture comprising a processor-readable non-transitory storage medium having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry the steps comprising:
-
processing authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partitioning the output into (i) a component that identifies the authentication information and (ii) a decryption key component; determining whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform; decrypting a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform; transferring the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith; creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and providing the list to a policy server.
-
-
16. An apparatus comprising:
-
a memory; and at least one processor coupled to the memory and configured to; process authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information; partition the output into (i) a component that identifies the authentication information and (ii) a decryption key component; determine whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform; decrypt a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform; transfer the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith; create a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and provide the list to a policy server.
-
Specification