Protecting sensitive information using an untrusted device
First Claim
1. A method for protecting sensitive information, the method comprising:
- responsive to determining that sensitive information is required by a server, establishing a connection between the server and an untrusted device;
responsive to receiving a public key from the server at the untrusted device, transmitting the public key to a trusted device connected to the untrusted device;
generating a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device;
transmitting the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populates the generated URL with the sensitive information;
receiving an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key;
forwarding the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and
responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicating with the server by using the authentication identification.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to information processing field, and discloses a method for protecting sensitive information, comprising: determining that the sensitive information is required by a server; transmitting first information to a trusted device connected to the untrusted device, where the first information enables the sensitive information to be transmitted from the trusted device to the server, wherein the sensitive information is input on the trusted device; receiving second information transmitted by the trusted device, the second information is generated based on the first information and includes the sensitive information encrypted with a first secret key, wherein the first secret key meets one of the following: the untrusted device does not know the first secret key; the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information; forwarding the second information to the server.
-
Citations
12 Claims
-
1. A method for protecting sensitive information, the method comprising:
-
responsive to determining that sensitive information is required by a server, establishing a connection between the server and an untrusted device; responsive to receiving a public key from the server at the untrusted device, transmitting the public key to a trusted device connected to the untrusted device; generating a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device; transmitting the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populates the generated URL with the sensitive information; receiving an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key; forwarding the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicating with the server by using the authentication identification. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product for protecting sensitive information, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions when executed by a processor to cause the processor to:
-
responsive to determining that sensitive information is required by a server, establish a connection between the server and an untrusted device; responsive to receiving a public key from the server at the untrusted device, transmit the public key to a trusted device connected to the untrusted device; generate a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device; transmit the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populated the generated URL with the sensitive information; receive an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key; forward the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicate with the server by using the authentication identification. - View Dependent Claims (6, 7, 8)
-
-
9. A computer system for protecting sensitive information, the computer system comprising a computer readable storage device having program instructions embodied therewith, the program instructions when executed by a processor to cause the processor to:
-
responsive to determining that sensitive information is required by a server, establish a connection between the server and an untrusted device; responsive to receiving a public key from the server at the untrusted device, transmit the public key to a trusted device connected to the untrusted device; generate a Uniform Resource Locator (URL) for population with the sensitive information by the trusted device; transmit the generated URL to the trusted device, wherein the sensitive information is inputted on the trusted device through the untrusted device and the trusted device populated the generated URL with the sensitive information; receive an encrypted URL transmitted by the trusted device, wherein the encrypted URL is generated by the trusted device based on the generated URL and the encrypted URL includes the sensitive information encrypted with a first secret key, wherein the first secret key is the public key; forward the encrypted URL to the server, wherein the untrusted device is unable to use the first secret key to decrypt the sensitive information present in the encrypted URL; and responsive to receiving an authentication identification transmitted by the server based on the sensitive information, communicate with the server by using the authentication identification. - View Dependent Claims (10, 11, 12)
-
Specification