Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share
First Claim
1. A method of accessing a resource, the method comprising:
- receiving, by a mobile computing device via user interface circuitry, user-specific data from a user;
processing, by the mobile computing device, (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and
decrypting, by the mobile computing device, encrypted data stored on the mobile computing device using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource,wherein;
the secret splitting algorithm uses an underlying polynomial; and
processing the (a) user share and the (b) local share to recreate the cryptographic key includes;
performing polynomial interpolation to regenerate the underlying polynomial; and
applying polynomial evaluation on the regenerated underlying polynomial to recreate the cryptographic key.
9 Assignments
0 Petitions
Accused Products
Abstract
A method includes (1) receiving, by a mobile computing device (MCD), user-specific data from a user, (2) processing (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares, and (3) decrypting encrypted data stored on the MCD using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource.
-
Citations
21 Claims
-
1. A method of accessing a resource, the method comprising:
-
receiving, by a mobile computing device via user interface circuitry, user-specific data from a user; processing, by the mobile computing device, (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and decrypting, by the mobile computing device, encrypted data stored on the mobile computing device using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource, wherein; the secret splitting algorithm uses an underlying polynomial; and processing the (a) user share and the (b) local share to recreate the cryptographic key includes; performing polynomial interpolation to regenerate the underlying polynomial; and applying polynomial evaluation on the regenerated underlying polynomial to recreate the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of accessing a resource, the method comprising:
-
receiving, by a mobile computing device via user interface circuitry, user-specific data from a user; processing, by the mobile computing device, (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and decrypting, by the mobile computing device, encrypted data stored on the mobile computing device using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource, wherein the encrypted data is used by a first application running on the mobile computing device and the method further comprises; deleting the recreated cryptographic key, the user-specific data, and the user share from the mobile computing device; subsequently, receiving, by the mobile computing device, the user-specific data from the user again; processing, by the mobile computing device, (a) the user share of another cryptographic key, the user share of the other cryptographic key being fixed based on the received user-specified data, the user share of the cryptographic key being the same as the user share of the other cryptographic key, the cryptographic key being different than the other cryptographic key, and (b) another local share of the other cryptographic key to recreate the other cryptographic key, wherein the other local share was created by applying the secret splitting algorithm to the other cryptographic key and the user share to yield another set of non-fixed shares including the other local share, the user share and the other set of non-fixed shares making up another set of shares of the other cryptographic key, the other cryptographic key being recreatable from a strict subset of the other set of shares; and decrypting, by the mobile computing device, using the recreated other cryptographic key, other encrypted data stored on the mobile computing device used by a second application running on the mobile computing device. - View Dependent Claims (15)
-
-
16. A method of accessing a resource, the method comprising:
-
receiving, by a mobile computing device via user interface circuitry, user-specific data from a user; processing, by the mobile computing device, (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and decrypting, by the mobile computing device, encrypted data stored on the mobile computing device using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource, wherein the encrypted data is used by a first application running on the mobile computing device and the method further comprises; deleting the user-specific data and the user share from the mobile computing device; subsequently, receiving, by the mobile computing device, the user-specific data from the user again; receiving, by the mobile computing device, a remote share from a remote application server running a second application, the remote application server storing the remote share, wherein the remote share was created by applying the secret splitting algorithm to another cryptographic key and the user share to yield another set of non-fixed shares including the remote share, the user share and the other set of non-fixed shares making up another set of shares of the other cryptographic key, the other cryptographic key being recreatable from a strict subset of the other set of shares; processing, by the mobile computing device, (a) the user share of the other cryptographic key, the user share of the other cryptographic key being fixed based on the received user-specified data, the user share of the cryptographic key being the same as the user share of the other cryptographic key, the cryptographic key being different than the other cryptographic key, and (b) the received remote share to recreate the other cryptographic key; and decrypting, using the recreated other cryptographic key, other encrypted data used by the second application running on the remote application server. - View Dependent Claims (17, 18, 19)
-
-
20. An mobile apparatus comprising:
-
processing circuitry; user-interface circuitry; persistent storage storing a local share of a cryptographic key and encrypted data encrypted with the cryptographic key; and memory storing a set of instructions, which, when executed by the processing circuitry, cause the mobile apparatus to perform the operations of; receiving, via the user interface circuitry, user-specific data from a user; processing (a) a user share of the cryptographic key, the user share being fixed based on the received user-specified data, and (b) the local share to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and decrypting, by the mobile apparatus, the encrypted data stored on the persistent storage using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to a resource; wherein; the secret splitting algorithm uses an underlying polynomial; and processing the (a) user share and the (b) local share to recreate the cryptographic key includes; performing polynomial interpolation to regenerate the underlying polynomial; and applying polynomial evaluation on the regenerated underlying polynomial to recreate the cryptographic key.
-
-
21. A computer program product comprising a non-transitory computer-readable storage medium storing a set of instructions, which, when executed by a mobile computing device, cause the mobile computing device to perform the operations of:
-
receiving, by the mobile computing device via user interface circuitry, user-specific data from a user; processing, by the mobile computing device, (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares; and decrypting, by the mobile computing device, encrypted data stored on the mobile computing device using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to a resource; wherein; the secret splitting algorithm uses an underlying polynomial; and processing the (a) user share and the (b) local share to recreate the cryptographic key includes; performing polynomial interpolation to regenerate the underlying polynomial; and applying polynomial evaluation on the regenerated underlying polynomial to recreate the cryptographic key.
-
Specification