Protecting cryptographic secrets using file system attributes
First Claim
1. A method for protecting a shared secret, the method comprising:
- generating, by operation of a processor, a key based on at least a file system attribute of a file stored in a file system of a computing device, wherein the file system attribute of the file is an identifier assigned by the file system to uniquely identify the file stored in the file system of the computing device, and wherein the file system attribute is an inode of a file storing the shared secret in the file system;
encrypting the shared secret with the key; and
storing the encrypted shared secret in a storage memory on the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for protecting cryptographic secrets stored locally in a device, such as a mobile phone. A client device creates or downloads a shared secret to be used in a server transaction. To protect this shared secret locally, the client device encrypts the shared secret using a key generated a file system attributes value, along with other sources of entropy. The file system attributes value may correspond to the inode of a file in a UNIX-based file system. Thereafter, when the shared secret is required for logical computation, the client device reconstructs the key using the file system attributes value and the other previous sources of entropy. The client device may use the key to decrypt the information and use the shared secret for its required purpose, e.g., in generating a one-time password for a login session.
-
Citations
18 Claims
-
1. A method for protecting a shared secret, the method comprising:
-
generating, by operation of a processor, a key based on at least a file system attribute of a file stored in a file system of a computing device, wherein the file system attribute of the file is an identifier assigned by the file system to uniquely identify the file stored in the file system of the computing device, and wherein the file system attribute is an inode of a file storing the shared secret in the file system; encrypting the shared secret with the key; and storing the encrypted shared secret in a storage memory on the computing device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for protecting a shared secret, the operation comprising:
-
generating, by operation of a processor, a key based on at least a file system attribute of a file stored in a file system of a computing device, wherein the file system attribute of the file is an identifier assigned by the file system to uniquely identify the file stored in the file system of the computing device, and wherein the file system attribute is an inode of a file storing the shared secret in the file system; encrypting the shared secret with the key; and storing the encrypted shared secret in a storage memory on the computing device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a processor and a memory hosting an application, which, when executed on the processor, performs an operation for protecting a shared secret in a UNIX-based file system, the operation comprising; generating, by operation of a processor, a key based on a file system attribute of at least a file stored in a file system of a computing device, wherein the file system attribute of the file is an identifier assigned by the file system to uniquely identify the file stored in the file system of the computing device, and wherein the file system attribute is an inode of a file storing the shared secret in the file system, encrypting the shared secret with the key, and storing the encrypted shared secret in a storage memory on the computing device. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification