Decryption of a protected resource on a cryptographic device using wireless communication

US 9,154,481 B1
Filed: 12/13/2012
Issued: 10/06/2015
Est. Priority Date: 12/13/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

decrypting encoded information under a first cryptographic key from a collection of multiple cryptographic keys on a first cryptographic device to access a protected resource, wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag, wherein each cryptographic key in the collection is associated with one or more sub-keys, and wherein the first cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys associated with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the first cryptographic key to one or more maintained sub-keys;

rendering null all of the one or more sub-keys associated with the first cryptographic key;

erasing the first cryptographic key;

transmitting, to the first cryptographic device, a command to modify each of the one or more sub-keys associated with each remaining cryptographic key in the collection of cryptographic keys;

selecting a second cryptographic key from the collection of multiple cryptographic keys on the first cryptographic device; and

encrypting the protected resource under the second cryptographic key, wherein the second cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more modified sub-keys associated with the second cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the second cryptographic key to one or more maintained sub-keys.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and articles of manufacture for decrypting a protected resource on a cryptographic device are provided herein. A method includes decrypting encoded information under a first cryptographic key to access a protected resource, wherein the first cryptographic key is read from a first cryptographic device subsequent to authenticating to the first cryptographic device using a first authentication key, randomly selecting a second cryptographic key, encrypting the protected resource under the second cryptographic key, and writing the second cryptographic key onto the first cryptographic device subsequent to authenticating to the first cryptographic device.

15 Citations

View as Search Results

20 Claims

1. A method comprising:
- decrypting encoded information under a first cryptographic key from a collection of multiple cryptographic keys on a first cryptographic device to access a protected resource, wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag, wherein each cryptographic key in the collection is associated with one or more sub-keys, and wherein the first cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys associated with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the first cryptographic key to one or more maintained sub-keys;
  
  rendering null all of the one or more sub-keys associated with the first cryptographic key;
  
  erasing the first cryptographic key;
  
  transmitting, to the first cryptographic device, a command to modify each of the one or more sub-keys associated with each remaining cryptographic key in the collection of cryptographic keys;
  
  selecting a second cryptographic key from the collection of multiple cryptographic keys on the first cryptographic device; and
  
  encrypting the protected resource under the second cryptographic key, wherein the second cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more modified sub-keys associated with the second cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the second cryptographic key to one or more maintained sub-keys.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the first cryptographic key comprises a first secret key shared between the first cryptographic device and a second cryptographic device, and the second cryptographic key comprises a second secret key shared between the first cryptographic device and the second cryptographic device.
  - 3. The method of claim 1, wherein:
    - the one or more sub-keys associated with the first cryptographic key comprises a first password; and
      
      the one or more modified sub-keys associated with the second cryptographic key comprises a second password.
  - 4. The method of claim 1, wherein the protected resource is stored on a second cryptographic device, wherein the second cryptographic device comprises a mobile device, and wherein the protected resource comprises at least one of a password, a decryption key and an authentication key.

5. An article of manufacture comprising a processor-readable storage memory having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry out steps comprising:
- decrypting encoded information under a first cryptographic key from a collection of multiple cryptographic keys on a first cryptographic device to access a protected resource, wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag, wherein each cryptographic key in the collection is associated with one or more sub-keys, and wherein the first cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys associated with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the first cryptographic key to one or more maintained sub-keys;
  
  rendering null all of the one or more sub-keys associated with the first cryptographic key;
  
  erasing the first cryptographic key;
  
  transmitting, to the first cryptographic device, a command to modify each of the one or more sub-keys associated with each remaining cryptographic key in the collection of cryptographic keys;
  
  selecting a second cryptographic key from the collection of multiple cryptographic keys on the first cryptographic device; and
  
  encrypting the protected resource under the second cryptographic key, wherein the second cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more modified sub-keys associated with the second cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the second cryptographic key to one or more maintained sub-keys.

6. A method comprising:
- selecting a first cryptographic key from a first set of cryptographic keys on a first cryptographic device, wherein each cryptographic key in the first set includes one or more sub-keys, and wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag;
  
  decrypting encoded information under the first cryptographic key to access a protected resource, wherein said decrypting comprises receiving the selected first cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys included with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys included with the first cryptographic key to one or more maintained sub-keys;
  
  rendering null all of the one or more sub-keys included with the first cryptographic key, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys, excluding the first cryptographic key, to be in a range from 1 to e−
  
  1, wherein e represents the number of cryptographic keys in the first set of cryptographic keys;
  
  generating an additional sub-key to be included in each respective cryptographic key of the first set of cryptographic keys, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys to be in a range from 1 to e;
  
  transmitting the generated set of sub-keys to the first cryptographic device;
  
  selecting a second cryptographic key from the first set of cryptographic keys, said second cryptographic key including at least one sub-key from the generated sub-keys and at least one pre-existing sub-key; and
  
  encrypting the protected resource under the second cryptographic key and/or a key related to the second cryptographic key, wherein said encrypting comprises receiving the selected second cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the two or more sub-keys included with the second cryptographic key from the first cryptographic device and (ii) matching all of the two or more sub-keys included with the second cryptographic key to two or more maintained sub-keys.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein a key related to the second cryptographic key comprises a public key that corresponds to the second cryptographic key, wherein the second cryptographic key is a private key.
  - 8. The method of claim 6, wherein the first set of cryptographic keys comprises a set of multiple secret keys shared between the first cryptographic device and a second cryptographic device.
  - 9. The method of claim 6, wherein the first cryptographic device aggregates multiple sub-keys.
  - 10. The method of claim 6, further comprising:
    - locally storing the generated sub-keys, and wherein each sub-key is used in only one operation of encryption or decryption.
  - 11. The method of claim 6, further comprising:
    - randomizing the generated sub-keys.

12. An article of manufacture comprising a processor-readable storage memory having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to carry out steps comprising:
- selecting a first cryptographic key from a first set of cryptographic keys on a first cryptographic device, wherein each cryptographic key in the first set includes one or more sub-keys, and wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag;
  
  decrypting encoded information under the first cryptographic key to access a protected resource, wherein said decrypting comprises receiving the selected first cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys included with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys included with the first cryptographic key to one or more maintained sub-keys;
  
  rendering null all of the one or more sub-keys included with the first cryptographic key, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys, excluding the first cryptographic key, to be in a range from 1 to e−
  
  1, wherein e represents the number of cryptographic keys in the first set of cryptographic keys;
  
  generating an additional sub-key to be included in each respective cryptographic key of the first set of cryptographic keys, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys to be in a range from 1 to e;
  
  transmitting the generated sub-keys to the first cryptographic device;
  
  selecting a second cryptographic key from the first set of cryptographic keys, said second cryptographic key including at least one sub-key from the generated sub-keys and at least one pre-existing sub-key; and
  
  encrypting the protected resource under the second cryptographic key and/or a key related to the second cryptographic key, wherein said encrypting comprises receiving the selected second cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the two or more sub-keys included with the second cryptographic key from the first cryptographic device and (ii) matching all of the two or more sub-keys included with the second cryptographic key to two or more maintained sub-keys.

13. An apparatus comprising a cryptographic device, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  decrypt encoded information under a first cryptographic key from a collection of multiple cryptographic keys on a first cryptographic device to access a protected resource, wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag, wherein each cryptographic key in the collection is associated with one or more sub-keys, and wherein the first cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys associated with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the first cryptographic key to one or more maintained sub-keys;
  
  render null all of the one or more sub-keys associated with the first cryptographic key;
  
  erase the first cryptographic key;
  
  transmit, to the first cryptographic device, a command to modify each of the one or more sub-keys associated with each remaining cryptographic key in the collection of cryptographic keys;
  
  select a second cryptographic key from the collection of multiple cryptographic keys on the first cryptographic device; and
  
  encrypt the protected resource under the second cryptographic key, wherein the second cryptographic key is read from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more modified sub-keys associated with the second cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys associated with the second cryptographic key to one or more maintained sub-keys.
- View Dependent Claims (15, 16, 17)
- - 15. The apparatus of claim 13, wherein the first cryptographic key comprises a first secret key shared between the first cryptographic device and a second cryptographic device, and the second cryptographic key comprises a second secret key shared between the first cryptographic device and the second cryptographic device.
  - 16. The apparatus of claim 13, wherein:
    - the one or more sub-keys associated with the first cryptographic key comprises a first password; and
      
      the one or more modified sub-keys associated with the second cryptographic key comprises a second password.
  - 17. The apparatus of claim 13, wherein the protected resource is stored on a second cryptographic device, wherein the second cryptographic device comprises a mobile device, and wherein the protected resource comprises at least one of a password, a decryption key and an authentication key.

14. An apparatus comprising a cryptographic device, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  select a first cryptographic key from a first set of cryptographic keys on a first cryptographic device, wherein each cryptographic key in the first set includes one or more sub-keys, and wherein the first cryptographic device comprises one of a radio-frequency identification tag and a near-field communication tag;
  
  decrypt encoded information under the first cryptographic key to access a protected resource, wherein said decrypting comprises receiving the selected first cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the one or more sub-keys included with the first cryptographic key from the first cryptographic device and (ii) matching all of the one or more sub-keys included with the first cryptographic key to one or more maintained sub-keys;
  
  render null all of the one or more sub-keys included with the first cryptographic key, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys, excluding the first cryptographic key, to be in a range from 1 to e−
  
  1, wherein e represents the number of cryptographic keys in the first set of cryptographic keys;
  
  generate an additional sub-key to be included in each respective cryptographic key of the first set of cryptographic keys, thereby rendering the number of unused sub-keys included in the first set of cryptographic keys to be in a range from 1 to e;
  
  transmit the generated sub-keys to the first cryptographic device;
  
  select a second cryptographic key from the first set of cryptographic keys, said second cryptographic key including at least one sub-key from the generated set of sub-keys and at least one pre-existing sub-key; and
  
  encrypt the protected resource under the second cryptographic key and/or a key related to the second cryptographic key, wherein said encrypting comprises receiving the selected second cryptographic key from the first cryptographic device subsequent to authenticating to the first cryptographic device by (i) reading all of the two or more sub-keys included with the second cryptographic key from the first cryptographic device and (ii) matching all of the two or more sub-keys included with the second cryptographic key to two or more maintained sub-keys.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 14, wherein a key related to the second cryptographic key comprises a public key that corresponds to the second cryptographic key, wherein the second cryptographic key is a private key.
  - 19. The apparatus of claim 14, wherein the first set of cryptographic keys comprises a set of multiple secret keys shared between the first cryptographic device and a second cryptographic device.
  - 20. The apparatus of claim 14, wherein the at least one processor is further configured to:
    - locally store the generated sub-keys, and wherein each sub-key is used in only one operation of encryption or decryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Juels, Ari, Luo, Guoying
Primary Examiner(s)
Tolentino, Roderick

Application Number

US13/713,306
Time in Patent Office

1,027 Days
Field of Search

380277-279
US Class Current

1/1
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/08   for authentication of entit...

H04L 9/08   Key distribution or managem...

H04L 9/3226   using a predetermined code,...

Decryption of a protected resource on a cryptographic device using wireless communication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Decryption of a protected resource on a cryptographic device using wireless communication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links