Mobile data vault

US 9,448,949 B2
Filed: 08/20/2015
Issued: 09/20/2016
Est. Priority Date: 06/03/2011
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a hardware processor;

a memory;

an encrypted data structure area associated with a user that contains individual file encryption keys;

a file storage area that stores files associated with a user, each file encrypted using a unique random encryption key that is stored in the encrypted data structure area;

a user interface module that receives a password from a user of the electronic device and derives from the user-provided password, a serial number of the electronic device and a hard coded private string, an encryption key to the data structure area which is used to decrypt the data structure area, and where neither the user-provided password or the encryption key to the data structure area based upon the user-provided password are stored anyplace within the electronic device or anywhere else;

a data structure interface module that, provided the data structure area has been successfully decrypted by the encryption key to the data structure area, generates random encryption keys for each file, encrypts each file, and stores the file encryption keys in the data structure area; and

a file storage interface module, wherein the data structure interface module passes the encrypted files to the file storage interface module, the file storage interface module stores files received from the data structure interface module in the file storage area and retrieves files from the file storage area and passes them to the data structure interface module, the data structure interface module only being able to provide or accept such files after the data structure area has been successfully decrypted with the data structure area encryption key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted format anyplace within the portable electronic device.

Citations

17 Claims

1. An electronic device comprising:
- a hardware processor;
  
  a memory;
  
  an encrypted data structure area associated with a user that contains individual file encryption keys;
  
  a file storage area that stores files associated with a user, each file encrypted using a unique random encryption key that is stored in the encrypted data structure area;
  
  a user interface module that receives a password from a user of the electronic device and derives from the user-provided password, a serial number of the electronic device and a hard coded private string, an encryption key to the data structure area which is used to decrypt the data structure area, and where neither the user-provided password or the encryption key to the data structure area based upon the user-provided password are stored anyplace within the electronic device or anywhere else;
  
  a data structure interface module that, provided the data structure area has been successfully decrypted by the encryption key to the data structure area, generates random encryption keys for each file, encrypts each file, and stores the file encryption keys in the data structure area; and
  
  a file storage interface module, wherein the data structure interface module passes the encrypted files to the file storage interface module, the file storage interface module stores files received from the data structure interface module in the file storage area and retrieves files from the file storage area and passes them to the data structure interface module, the data structure interface module only being able to provide or accept such files after the data structure area has been successfully decrypted with the data structure area encryption key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The electronic device as in claim 1 further comprising a tracking module that erases the data structure area and all content within it when a number of incorrectly entered passwords exceeds a predetermined threshold value.
  - 3. The electronic device as in claim 1 further comprising a data structure area that is encrypted using AES-256.
  - 4. The electronic device as in claim 1 wherein the file storage area further comprises an AES-256 encrypted database.
  - 5. The electronic device as in claim 1 wherein the password further comprises at least eight characters including at least two non-alphanumeric characters.
  - 6. The electronic device as in claim 1 further comprising a communication module that downloads files from a remote server.

7. An electronic device comprising:
- a hardware processor;
  
  a memory;
  
  an encrypted data structure area associated with a user that contains individual file encryption keys;
  
  a file storage area that stores files associated with a user on the electronic device, each file encrypted using a unique random encryption key that is stored in the encrypted data structure area;
  
  a user interface module that receives a password from the user of the electronic device, the received password is used to derive an encryption key where the encryption key is used to decrypt the data structure area and where neither the user-provided password or the encryption key to the data structure area based upon the user-provided password are stored anyplace within the electronic device or anywhere else;
  
  an encryption key processor that forms the data structure area encryption key from a combination of the password, a hard coded private string and a serial number of the electronic device;
  
  a data structure interface module that, provided the data structure area has been successfully decrypted by the data structure area encryption key, generates random encryption keys for each file, encrypts each file, and stores the file encryption keys in the data structure area; and
  
  a file storage interface module, wherein the data structure interface module passes the encrypted files to the file storage interface module, the file storage interface module stores files received from the data structure interface module in the file storage area and retrieves files from the file storage area and passes them to the data structure interface module, the data structure interface module only being able to provide or accept such files after the data structure area has been successfully decrypted with the data structure area encryption key.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The electronic device as in claim 7 further comprising a tracking module that erases the data structure area and all content within it when a number of incorrectly entered passwords exceeds a predetermined threshold value.
  - 9. The electronic device as in claim 7 further comprising a data structure area that is encrypted using AES-256.
  - 10. The electronic device as in claim 7 wherein the file storage area further comprises an AES-256 encrypted database.
  - 11. The electronic device as in claim 7 further comprising a password processor that authenticates a user communicating through a remote server.

12. A non-transitory computer readable medium of an electronic device having an encrypted data structure area associated with a user on the electronic device that contains individual file encryption keys, a file storage area of a memory that stores files associated with a user on the electronic device, each file encrypted using a unique random encryption key that is stored in the encrypted data structure area, a data structure interface module and a file storage interface module, the non-transitory computer readable medium having a computer program executing on a hardware processor of the device to perform a set of steps comprising:
- receiving a password from the user of the electronic device;
  
  forming an encryption key from a combination of the user-provided password, a hard coded private string and a serial number of the electronic device;
  
  unlocking the encrypted data structure area using the encryption key;
  
  upon the successful unlocking of the encrypted data structure area, the data structure interface module generating random encryption keys for each file, encrypting each file, and storing the random file encryption keys in the data structure area; and
  
  the data structure interface module passing the encrypted files to the file storage interface module, the file storage interface module storing the files received from the data structure interface module in the file storage area and retrieving files from the file storage area and passing them to the data structure interface module, the data structure interface module retrieving a corresponding randomly generated key and decrypting the received file, the data structure interface module only being able to provide or accept such files after the data structure area has been successfully decrypted with the data structure area encryption key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer readable medium as in claim 12 further comprising erasing the data structure area and all content within it when a number of incorrectly entered passwords exceeds a predetermined threshold value.
  - 14. The non-transitory computer readable medium as in claim 12 further comprising a data structure area that is encrypted using AES-256.
  - 15. The non-transitory computer readable medium as in claim 12 wherein the file storage area further comprises an AES-256 encrypted database.
  - 16. The non-transitory computer readable medium as in claim 12 wherein the password further comprises at least eight characters including at least two non-alphanumeric characters.
  - 17. The non-transitory computer readable medium as in claim 12 further comprising downloading files from a remote user to the file storage area through the data security system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Commandhub Pty Ltd
Original Assignee
Commandhub Inc.
Inventors
Cousins, Richard, Henderson, Linton, Matthews, Graham
Primary Examiner(s)
Turchen, James

Application Number

US14/831,029
Publication Number

US 20150356311A1
Time in Patent Office

397 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/3226   using a predetermined code,...

Mobile data vault

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile data vault

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links