Apparatus and method for secure delivery of data utilizing encryption key management
First Claim
Patent Images
1. A method comprising:
- obtaining, by a remote management server comprising a processing system including a processor, a master key;
obtaining, by the remote management server, derivation data associated with an end user device;
generating, by the remote management server, a derived encryption key by applying a first one-way function to the master key and the derivation data;
providing, by the remote management server over a network, the derived encryption key to a universal integrated circuit card of the end user device to enable the universal integrated circuit card to generate a temporary encryption key for encrypting data by applying a second one-way function to the derived encryption key and a nonce, wherein the derived encryption key is provided to the universal integrated circuit card of the end user device without being provided to a secure device processor of the end user device, wherein the providing of the derived encryption key to the universal integrated circuit card enables the universal integrated circuit card to provide the temporary encryption key to the secure device processor for the encrypting of the data without the secure device processor receiving the derived encryption key;
preventing the master key from being provided by the remote management server to the end user device;
preventing the universal integrated circuit card of the end user device from accessing the master key, wherein the universal integrated circuit card, the secure device processor and a device processor are components housed in the end user device and in communication with each other;
providing, by the remote management server over the network, a public nonce key to the universal integrated circuit card to enable the universal integrated circuit card to encrypt the nonce to generate, an encrypted nonce; and
providing, by the remote management server over the network, a private nonce key to an application server to enable the application server to decrypt the encrypted nonce that is received by the application server from the end user device.
1 Assignment
0 Petitions
Accused Products
Abstract
A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed.
-
Citations
17 Claims
-
1. A method comprising:
-
obtaining, by a remote management server comprising a processing system including a processor, a master key; obtaining, by the remote management server, derivation data associated with an end user device; generating, by the remote management server, a derived encryption key by applying a first one-way function to the master key and the derivation data; providing, by the remote management server over a network, the derived encryption key to a universal integrated circuit card of the end user device to enable the universal integrated circuit card to generate a temporary encryption key for encrypting data by applying a second one-way function to the derived encryption key and a nonce, wherein the derived encryption key is provided to the universal integrated circuit card of the end user device without being provided to a secure device processor of the end user device, wherein the providing of the derived encryption key to the universal integrated circuit card enables the universal integrated circuit card to provide the temporary encryption key to the secure device processor for the encrypting of the data without the secure device processor receiving the derived encryption key; preventing the master key from being provided by the remote management server to the end user device; preventing the universal integrated circuit card of the end user device from accessing the master key, wherein the universal integrated circuit card, the secure device processor and a device processor are components housed in the end user device and in communication with each other; providing, by the remote management server over the network, a public nonce key to the universal integrated circuit card to enable the universal integrated circuit card to encrypt the nonce to generate, an encrypted nonce; and providing, by the remote management server over the network, a private nonce key to an application server to enable the application server to decrypt the encrypted nonce that is received by the application server from the end user device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A communication device comprising:
-
a secure element having a secure element memory that stores first executable instructions that, when executed by the secure element, facilitate performance of first set of operations, comprising; receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, wherein the secure element is prevented from accessing the master key, wherein the derived encryption key is generated by applying a first one-way function to the master key and derivation data; generating a temporary encryption key by applying a second one-way function to the derived encryption key and a nonce; receiving a public nonce key from the remote management server; and encrypting the nonce using the public nonce key to generate an encrypted nonce; a secure device processor having a secure device processor memory that stores second executable instructions that, when executed by the secure device processor, facilitate performance of second set of operations, comprising; receiving the temporary encryption key from the secure element without receiving the derived encryption key; obtaining data for transmission to a recipient device; encrypting the data using the temporary encryption key to generate encrypted data; providing the encrypted data over a network to the recipient device; receiving the encrypted nonce from the secure element; and providing the encrypted nonce over the network to the recipient device to enable the recipient device to decrypt the encrypted nonce using a private nonce key received by the recipient device from the remote management server, wherein the secure element, the secure device processor and a device processor are separate components housed in the communication device and in communication with each other. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, by a secure element of a communication device comprising a processing system, a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, wherein the secure element is prevented from accessing the master key, and wherein the derived encryption key is generated by applying a first one-way function to the master key and derivation data; generating, by the secure element, a temporary encryption key by applying a second one-way function to the derived encryption key and a nonce; obtaining, by a secure device processor of the communication device, data for transmission to a recipient device; encrypting, by the secure device processor, the data using the temporary encryption key to generate encrypted data; providing, by the communication device, the encrypted data over a network to the recipient device, receiving, by the communication device, a public nonce key from the remote management server; encrypting, by the communication device, the nonce using the public nonce key to generate an encrypted nonce; and providing, by the communication device, the encrypted nonce over the network to the recipient device to enable the recipient device to decrypt the encrypted nonce using a private nonce key received by the recipient device from the remote management server, wherein the secure element, the secure device processor and a device processor are separate components housed in the communication device and in communication with each other. - View Dependent Claims (16, 17)
-
Specification