Protecting sensitive information using an untrusted device

US 9,853,954 B2
Filed: 11/10/2014
Issued: 12/26/2017
Est. Priority Date: 11/11/2013
Status: Active Grant

First Claim

Patent Images

1. A method for protecting sensitive information, the method comprising:

responsive to determining that sensitive information is required by a server, establishing a connection between the server and an untrusted device;

responsive to receiving a public key from the server at the untrusted device, transmitting the public key to a trusted device connected to the untrusted device;

generating a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device;

transmitting the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populates the generated URL with the sensitive information;

receiving an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key;

forwarding the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and

responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicating with the server by using the authentication identification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to information processing field, and discloses a method for protecting sensitive information, comprising: determining that the sensitive information is required by a server; transmitting first information to a trusted device connected to the untrusted device, where the first information enables the sensitive information to be transmitted from the trusted device to the server, wherein the sensitive information is input on the trusted device; receiving second information transmitted by the trusted device, the second information is generated based on the first information and includes the sensitive information encrypted with a first secret key, wherein the first secret key meets one of the following: the untrusted device does not know the first secret key; the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information; forwarding the second information to the server.

Citations

12 Claims

1. A method for protecting sensitive information, the method comprising:
- responsive to determining that sensitive information is required by a server, establishing a connection between the server and an untrusted device;
  
  responsive to receiving a public key from the server at the untrusted device, transmitting the public key to a trusted device connected to the untrusted device;
  
  generating a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device;
  
  transmitting the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populates the generated URL with the sensitive information;
  
  receiving an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key;
  
  forwarding the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and
  
  responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicating with the server by using the authentication identification.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, wherein responsive to determining that the sensitive information is required by a server comprises one of the following:
    - determining that the sensitive information is required by the server by analyzing the information transmitted by the server; and
      
      determining that the sensitive information is required by the server based on an input of a user, wherein the input indicates that the server needs the sensitive information.
  - 3. The method according to claim 1, whereintransmitting the generated URL to the trusted device comprises forwarding information received from the server to the trusted device, wherein the information received from the server includes information enabling the trusted device to generate a first message, wherein the first message includes a first field for placing the sensitive information;
    - andthe encrypted URL includes the first message.
  - 4. The method according to claim 1, further comprising:
    - presenting prompt information to a user to ask the user whether to go to the trusted device to input the sensitive information in response to determining that the sensitive information is required by the server; and
      
      transmitting the generated URL to the trusted device in response to the user choosing to go to the trusted device to input the sensitive information.

5. A computer program product for protecting sensitive information, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions when executed by a processor to cause the processor to:
- responsive to determining that sensitive information is required by a server, establish a connection between the server and an untrusted device;
  
  responsive to receiving a public key from the server at the untrusted device, transmit the public key to a trusted device connected to the untrusted device;
  
  generate a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device;
  
  transmit the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populated the generated URL with the sensitive information;
  
  receive an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key;
  
  forward the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and
  
  responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicate with the server by using the authentication identification.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product of claim 5, wherein responsive to determining that the sensitive information is required by a server comprises one of the following program instructions, stored on the one or more computer readable storage media, which when executed by a processor, cause the processor to:
    - determine that the sensitive information is required by the server by analyzing the information transmitted by the server; and
      
      determine that the sensitive information is required by the server based on an input of a user, wherein the input indicates that the server needs the sensitive information.
  - 7. The computer program product of claim 5, wherein:
    - transmitting of the generated URL to the trusted device comprises forwarding information received from the server to the trusted device, wherein the information received from the server includes information enabling the trusted device to generate a first message, wherein the first message includes a first field for placing the sensitive information; and
      
      the encrypted URL includes the first message.
  - 8. The computer program product of claim 5, further comprising program instructions, stored on the one or more computer readable storage media, which when executed by a processor, cause the processor to:
    - present prompt information to a user to ask the user whether to go to the trusted device to input the sensitive information in response to determining that the sensitive information is required by the server; and
      
      transmit the generated URL to the trusted device in response to the user choosing to go to the trusted device to input the sensitive information.

9. A computer system for protecting sensitive information, the computer system comprising a computer readable storage device having program instructions embodied therewith, the program instructions when executed by a processor to cause the processor to:
- responsive to determining that sensitive information is required by a server, establish a connection between the server and an untrusted device;
  
  responsive to receiving a public key from the server at the untrusted device, transmit the public key to a trusted device connected to the untrusted device;
  
  generate a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device;
  
  transmit the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populated the generated URL with the sensitive information;
  
  receive an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key;
  
  forward the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and
  
  responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicate with the server by using the authentication identification.
- View Dependent Claims (10, 11, 12)
- - 10. The computer system of claim 9, wherein responsive to determining that the sensitive information is required by a server comprises one of the following program instructions, stored on the one or more computer readable storage media, which when executed by a processor, cause the processor to:
    - determine that the sensitive information is required by the server by analyzing the information transmitted by the server; and
      
      determine that the sensitive information is required by the server based on an input of a user, wherein the input indicates that the server needs the sensitive information.
  - 11. The computer system of claim 9, wherein:
    - transmitting of the generated URL to the trusted device comprises forwarding information received from the server to the trusted device, wherein the information received from the server includes information enabling the trusted device to generate a first message, wherein the first message includes a first field for placing the sensitive information; and
      
      the encrypted URL includes the first message.
  - 12. The computer system of claim 9, further comprising program instructions, stored on the one or more computer readable storage media, which when executed by a processor, cause the processor to:
    - present prompt information to a user to ask the user whether to go to the trusted device to input the sensitive information in response to determining that the sensitive information is required by the server; and
      
      transmit the generated URL to the trusted device in response to the user choosing to go to the trusted device to input the sensitive information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Li, Qining, Wang, Xi Qing, Yan, Yan, Yang, Zhen Xiang, Zhao, Shiwan
Primary Examiner(s)
DOLLY, KENDALL LYNN

Application Number

US14/537,223
Publication Number

US 20160352697A1
Time in Patent Office

1,142 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

Protecting sensitive information using an untrusted device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting sensitive information using an untrusted device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links