Protecting sensitive information using a trusted device
First Claim
1. A method for protecting sensitive information, the method comprising:
- receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server;
receiving the sensitive information input by a user;
generating second information based on the first information and the sensitive information;
encrypting at least the sensitive information in the second information with a first secret key;
transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information;
receiving an authentication identification originated from the server and forwarded by the untrusted device;
decrypting the authentication identification; and
transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server;
wherein the first secret key meets one of the following;
the untrusted device does not know the first secret key; and
the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to information processing field, and discloses a method for protecting sensitive information, comprising: receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server; receiving the sensitive information input by a user; generating second information based on the first information and the sensitive information; encrypting at least the sensitive information in the second information with a first secret key, wherein the first secret key meets one of the following: the untrusted device does not know the first secret key; and the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information; and transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information.
10 Citations
9 Claims
-
1. A method for protecting sensitive information, the method comprising:
-
receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server; receiving the sensitive information input by a user; generating second information based on the first information and the sensitive information; encrypting at least the sensitive information in the second information with a first secret key; transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server; wherein the first secret key meets one of the following;
the untrusted device does not know the first secret key; and
the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information. - View Dependent Claims (2, 3)
-
-
4. A trusted device for protecting sensitive information, the trusted device comprising one or more hardware processors configured to execute the following program instructions:
-
first program instructions programmed to receive first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server; second program instructions programmed to receive the sensitive information input by a user; third program instructions programmed to generate second information based on the first information and the sensitive information; fourth program instructions programmed to encrypt at least the sensitive information in the second information with a first secret key; fifth program instructions programmed to transmit the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information; sixth program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device; seventh program instructions programmed to decrypt the authentication identification; and eighth program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server; wherein the first secret key meets one of the following;
the untrusted device does not know the first secret key; and
the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information. - View Dependent Claims (5, 6)
-
-
7. A computer system for protecting sensitive information, the computer system comprising:
-
an untrusted device; and a trusted device; wherein the trusted device comprises modules configured to execute the following program instructions; first program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted from the trusted device to a server; second program instructions programmed to receive the sensitive information input by a user; third program instructions programmed to generate second information based on the first information and the sensitive information; fourth program instructions programmed to encrypt at least the sensitive information in the second information with a first secret key; fifth program instructions programmed to transmit the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information; sixth program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device; seventh program instructions programmed to decrypt the authentication identification; and eighth program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server; and wherein the first secret key meets one of the following;
the untrusted device does not know the first secret key; and
the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information. - View Dependent Claims (8, 9)
-
Specification