Protecting sensitive information using a trusted device

US 9,654,452 B2
Filed: 11/10/2014
Issued: 05/16/2017
Est. Priority Date: 11/11/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method for protecting sensitive information, the method comprising:

receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server;

receiving the sensitive information input by a user;

generating second information based on the first information and the sensitive information;

encrypting at least the sensitive information in the second information with a first secret key;

transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information;

receiving an authentication identification originated from the server and forwarded by the untrusted device;

decrypting the authentication identification; and

transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server;

wherein the first secret key meets one of the following;

the untrusted device does not know the first secret key; and

the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to information processing field, and discloses a method for protecting sensitive information, comprising: receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server; receiving the sensitive information input by a user; generating second information based on the first information and the sensitive information; encrypting at least the sensitive information in the second information with a first secret key, wherein the first secret key meets one of the following: the untrusted device does not know the first secret key; and the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information; and transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information.

10 Citations

9 Claims

1. A method for protecting sensitive information, the method comprising:
- receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server;
  
  receiving the sensitive information input by a user;
  
  generating second information based on the first information and the sensitive information;
  
  encrypting at least the sensitive information in the second information with a first secret key;
  
  transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information;
  
  receiving an authentication identification originated from the server and forwarded by the untrusted device;
  
  decrypting the authentication identification; and
  
  transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server;
  
  wherein the first secret key meets one of the following;
  
  the untrusted device does not know the first secret key; and
  
  the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, further comprising:
    - establishing a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing a connection with the server.
  - 3. The method according to claim 1, further comprising:
    - receiving a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.

4. A trusted device for protecting sensitive information, the trusted device comprising one or more hardware processors configured to execute the following program instructions:
- first program instructions programmed to receive first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server;
  
  second program instructions programmed to receive the sensitive information input by a user;
  
  third program instructions programmed to generate second information based on the first information and the sensitive information;
  
  fourth program instructions programmed to encrypt at least the sensitive information in the second information with a first secret key;
  
  fifth program instructions programmed to transmit the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information;
  
  sixth program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;
  
  seventh program instructions programmed to decrypt the authentication identification; and
  
  eighth program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server;
  
  wherein the first secret key meets one of the following;
  
  the untrusted device does not know the first secret key; and
  
  the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information.
- View Dependent Claims (5, 6)
- - 5. The trusted device according to claim 4, further comprising:
    - sixth program instructions programmed to establish a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing a connection with the server.
  - 6. The trusted device according to claim 4, further comprising:
    - sixth program instructions programmed to receive a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.

7. A computer system for protecting sensitive information, the computer system comprising:
- an untrusted device; and
  
  a trusted device;
  
  wherein the trusted device comprises modules configured to execute the following program instructions;
  
  first program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted from the trusted device to a server;
  
  second program instructions programmed to receive the sensitive information input by a user;
  
  third program instructions programmed to generate second information based on the first information and the sensitive information;
  
  fourth program instructions programmed to encrypt at least the sensitive information in the second information with a first secret key;
  
  fifth program instructions programmed to transmit the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information;
  
  sixth program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;
  
  seventh program instructions programmed to decrypt the authentication identification; and
  
  eighth program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server; and
  
  wherein the first secret key meets one of the following;
  
  the untrusted device does not know the first secret key; and
  
  the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information.
- View Dependent Claims (8, 9)
- - 8. The computer system according to claim 7, further comprising:
    - sixth program instructions programmed to establish a connection with the server;
      
      wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing a connection with the server.
  - 9. The computer system according to claim 7, further comprising:
    - sixth program instructions programmed to receive a public key of the server transmitted by the untrusted device;
      
      wherein the first secret key includes the public key of the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wang, Xi Qing, Yang, Zhen Xiang, Zhao, Shiwan, Li, Qining, Yan, Yan
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US14/537,272
Publication Number

US 20160352704A1
Time in Patent Office

918 Days
Field of Search

713171, 726 3, 726 4, 726 6
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

Protecting sensitive information using a trusted device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Protecting sensitive information using a trusted device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others