Using a token code to control access to data and applications in a mobile platform

US 9,154,304 B1
Filed: 03/14/2013
Issued: 10/06/2015
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;

partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component;

encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server;

transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform;

storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential;

creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and

providing the list to a policy server.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and articles of manufacture for using a token code to control access to data and applications in a mobile platform are provided herein. A method includes processing authentication information via a cryptographic operation to generate an output, partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component, encrypting an item of cryptographic information via the encryption key component, and storing the component that identifies the authentication information and the encrypted item of cryptographic information.

Citations

20 Claims

1. A method comprising:
- processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component;
  
  encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server;
  
  transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform;
  
  storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential;
  
  creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  providing the list to a policy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - repeating at least said processing, partitioning, encrypting and storing steps for each of one or more items of authentication information associated with a user device.
  - 3. The method of claim 2, wherein repeating at least said processing, partitioning, encrypting and storing steps for each of one or more items of authentication information associated with a user device comprises repeating said processing, partitioning, encrypting and storing steps for each token code that can be displayed by a user token.
  - 4. The method of claim 1, further comprising:
    - providing the stored component that identifies the authentication information and the stored encrypted item of cryptographic information to a device.
  - 5. The method of claim 4, wherein the device comprises a user mobile device.
  - 6. The method of claim 1, wherein the authentication information comprises at least one of a token code and an emergency code.
  - 7. The method of claim 1, further comprising:
    - creating a policy associated with the pepper value, wherein said policy defines content permitted on the user device.
  - 8. The method of claim 1, wherein the mobile data management container credential comprises at least one of a key, an activation code, a password, and a cryptographic value used to protect a mobile data management container.

9. An article of manufacture comprising a processor-readable non-transitory storage medium having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry out steps comprising:
- processing authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component;
  
  encrypting an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server;
  
  transferring (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform;
  
  storing, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential;
  
  creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  providing the list to a policy server.
- View Dependent Claims (17, 18)
- - 17. The article of manufacture of claim 9, wherein the mobile data management container credential comprises at least one of a key, an activation code, a password, and a cryptographic value used to protect a mobile data management container.
  - 18. The article of manufacture of claim 9, wherein the authentication information comprises at least one of a token code and an emergency code.

10. An apparatus comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  process authentication information generated by a server via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partition the output into (i) a component that identifies the authentication information and (ii) an encryption key component;
  
  encrypt an item of cryptographic information via the encryption key component, wherein the item of cryptographic information comprises a mobile data management container credential stored on the server;
  
  transfer (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential from the server to a mobile platform;
  
  store, in non-volatile memory contained within the mobile platform, (i) the component that identifies the authentication information and (ii) the encrypted mobile data management container credential;
  
  create a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  provide the list to a policy server.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 10, wherein the mobile data management container credential comprises at least one of a key, an activation code, a password, and a cryptographic value used to protect a mobile data management container.
  - 20. The apparatus of claim 10, wherein the authentication information comprises at least one of a token code and an emergency code.

11. A method comprising:
- processing authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partitioning the output into (i) a component that identifies the authentication information and (ii) a decryption key component;
  
  determining whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform;
  
  decrypting a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform;
  
  transferring the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith;
  
  creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  providing the list to a policy server.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising:
    - processing different authentication information via a cryptographic operation if the component that identifies the authentication information does not match a stored component.
  - 13. The method of claim 11, wherein the mobile data management container credential comprises at least one of a key, an activation code, a password, and a cryptographic value used to protect a mobile data management container.
  - 14. The method of claim 11, wherein the mobile data management container credential comprises a token code.

15. An article of manufacture comprising a processor-readable non-transitory storage medium having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry the steps comprising:
- processing authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partitioning the output into (i) a component that identifies the authentication information and (ii) a decryption key component;
  
  determining whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform;
  
  decrypting a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform;
  
  transferring the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith;
  
  creating a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  providing the list to a policy server.

16. An apparatus comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  process authentication information inputted by a user onto a mobile platform via a cryptographic operation to generate an output, wherein said processing comprises combining the authentication information with (i) a salt value and (ii) a pepper value based on a computed strength of a user device associated with the authentication information;
  
  partition the output into (i) a component that identifies the authentication information and (ii) a decryption key component;
  
  determine whether the component that identifies the authentication information matches a stored component transferred from a server and stored in non-volatile memory contained within the mobile platform;
  
  decrypt a stored encrypted item of cryptographic information, transferred from the server, via the decryption key component if the component that identifies the authentication information matches a stored component, wherein the stored encrypted item of cryptographic information (i) is associated with the stored component, (ii) comprises a mobile data management container credential, and (iii) is stored in non-volatile memory contained within the mobile platform;
  
  transfer the decrypted mobile data management container credential to a mobile data management container within the mobile platform for use therewith;
  
  create a list of one or more entries, wherein a respective one of the one or more entries comprises (i) an identifier for the user device associated with the authentication information and (ii) the pepper value corresponding to the user device associated with the authentication information; and
  
  provide the list to a policy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Dotan, Yedidya, Duane, William M.
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
STEINLE, ANDREW J

Application Number

US13/804,663
Time in Patent Office

936 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Using a token code to control access to data and applications in a mobile platform

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using a token code to control access to data and applications in a mobile platform

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links