Method of operating a computing device, computing device and computer program

US 9,954,834 B2
Filed: 04/12/2016
Issued: 04/24/2018
Est. Priority Date: 04/15/2015
Status: Active Grant

First Claim

Patent Images

1. A computing device, comprising:

a memory; and

at least one hardware processor communicatively coupled with the memory and configured to;

receive, at a first application and from a second application, a request requesting the first application to send the second application a data access application key, wherein both the first application and the second application execute on the computing device, the first application is different than the second application, the second application generates a public/private key pair including a public key and a private key, and the request includes the public key;

derive, at the first application, the requested data access application key as a function of at least the public key; and

send, from the first application to the second application, the derived data access application key, wherein the second application uses the derived data access application key to decrypt data that is stored in an encrypted form on the computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device has a first application and a second application. The first application generates a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using the data access application key. In operation, the second application generates a public/private key pair. The second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key. The first application derives the requested data access application key as a function of at least the public key. The first application sends the derived data access application key to the second application.

17 Citations

View as Search Results

30 Claims

1. A computing device, comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  receive, at a first application and from a second application, a request requesting the first application to send the second application a data access application key, wherein both the first application and the second application execute on the computing device, the first application is different than the second application, the second application generates a public/private key pair including a public key and a private key, and the request includes the public key;
  
  derive, at the first application, the requested data access application key as a function of at least the public key; and
  
  send, from the first application to the second application, the derived data access application key, wherein the second application uses the derived data access application key to decrypt data that is stored in an encrypted form on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device according to claim 1, wherein the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 3. The computing device according to claim 1, wherein the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 4. The computing device according to claim 1, wherein the first application derives the requested data access application key as a function of at least the public key and a key associated with a user of the computing device.
  - 5. The computing device according to claim 1, wherein the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 6. The computing device according to claim 1, wherein the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with a user of the computing device and an identifier of the first application.
  - 7. The computing device according to claim 1, wherein the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 8. The computing device according to claim 1, wherein the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 9. The computing device according to claim 1, wherein the at least one hardware processor is further configured to:
    - receive, at the first application and from a third application, a further request requesting the first application to send the third application a further data access application key, wherein the third application generates a further public/private key pair including a further public key and a further private key, the further request includes the further public key, the third application executes on the computing device, and the third application is different than the first application and the second application;
      
      derive, at the first application, the further data access application key as a function of at least the further public key; and
      
      send, from the first application to the third application, the further data access application key, wherein the third application uses the further data access application key to decrypt further data that is stored in a further encrypted form on the computing device.
  - 10. The computing device according to claim 9, wherein the at least one hardware processor is further configured to:
    - determine, by the first application, whether the further request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in case that the further request from the third application is pending;
      
      send, from the first application to the second application, the message comprising the derived data access application key and the control data; and
      
      responsive to sending the message, receive, at the first application and from the second application, a further message for the first application to process the pending further request from the third application based on the control data.

11. A method of operating a computing device, the method comprising:
- receiving, at a first application and from a second application, a request requesting the first application to send the second application a data access application key, wherein both the first application and the second application execute on the computing device, the first application is different than the second application, the second application generates a public/private key pair including a public key and a private key, and the request includes the public key;
  
  deriving, at the first application, the requested data access application key as a function of at least the public key; and
  
  sending, from the first application to the second application, the derived data access application key, wherein the second application uses the derived data access application key to decrypt data that is stored in an encrypted form on the computing device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method according to claim 11, wherein the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 13. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 14. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and a key associated with a user of the computing device.
  - 15. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 16. The method according to claim 11, wherein the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with a user of the computing device and an identifier of the first application.
  - 17. The method according to claim 11, wherein the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 18. The method according to claim 11, wherein the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 19. The method according to claim 11, further comprising:
    - receiving, at the first application and from a third application, a further request requesting the first application to send the third application a further data access application key, wherein the third application generates a further public/private key pair including a further public key and a further private key, the further request includes the further public key, the third application executes on the computing device, and the third application is different than the first application and the second application;
      
      deriving, at the first application, the further data access application key as a function of at least the further public key; and
      
      sending, from the first application to the third application, the further data access application key, wherein the third application uses the further data access application key to decrypt further data that is stored in a further encrypted form on the computing device.
  - 20. The method according to claim 19, further comprising:
    - determining, by the first application, whether the further request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in case that the further request from the third application is pending;
      
      sending, from the first application to the second application, the message comprising the derived data access application key and the control data; and
      
      responsive to sending the message, receiving, at the first application and from the second application, a further message for the first application to process the pending further request from the third application based on the control data.

21. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
- receiving, at a first application and from a second application, a request requesting the first application to send the second application a data access application key, wherein both the first application and the second application execute on the computing device, the first application is different than the second application, the second application generates a public/private key pair including a public key and a private key, and the request includes the public key;
  
  deriving, at the first application, the requested data access application key as a function of at least the public key; and
  
  sending, from the first application to the second application, the derived data access application key, wherein the second application uses the derived data access application key to decrypt data that is stored in an encrypted form on the computing device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The non-transitory computer-readable medium according to claim 21, wherein the request sent by the second application to the first application includes a signature which is signed with the private key.
  - 23. The non-transitory computer-readable medium according to claim 21, wherein the first application derives the requested data access application key as a function of at least the public key and a value that is unique to the computing device.
  - 24. The non-transitory computer-readable medium according to claim 21, wherein the first application derives the requested data access application key as a function of at least the public key and a key associated with a user of the computing device.
  - 25. The non-transitory computer-readable medium according to claim 21, wherein the first application derives the requested data access application key as a function of at least the public key and an identifier of the first application.
  - 26. The non-transitory computer-readable medium according to claim 21, wherein the first application derives the requested data access application key as a function of at least the public key, a value that is unique to the computing device, a key associated with a user of the computing device and an identifier of the first application.
  - 27. The non-transitory computer-readable medium according to claim 21, wherein the second application saves the public/private key pair in a sandbox associated with the second application on the computing device.
  - 28. The non-transitory computer-readable medium according to claim 21, wherein the data access application key is used by the second application to encrypt and decrypt a key that is used to encrypt data stored by the second application.
  - 29. The non-transitory computer-readable medium according to claim 21, wherein the operations further comprise:
    - receiving, at the first application and from a third application, a further request requesting the first application to send the third application a further data access application key, wherein the third application generates a further public/private key pair including a further public key and a further private key, the further request includes the further public key, the third application executes on the computing device, and the third application is different than the first application and the second application;
      
      deriving, at the first application, the further data access application key as a function of at least the further public key; and
      
      sending, from the first application to the third application, the further data access application key, wherein the third application uses the further data access application key to decrypt further data that is stored in a further encrypted form on the computing device.
  - 30. The non-transitory computer-readable medium according to claim 29, wherein the operations further comprise:
    - determining, by the first application, whether the further request from the third application is pending prior to the first application sending a message comprising the derived data access application key and control data to the second application, and in case that the further request from the third application is pending;
      
      sending, from the first application to the second application, the message comprising the derived data access application key and the control data; and
      
      responsive to sending the message, receiving, at the first application and from the second application, a further message for the first application to process the pending further request from the third application based on the control data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Quinlan, Sean Michael
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/097,170
Publication Number

US 20160308845A1
Time in Patent Office

742 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/10   Protecting distributed prog...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Method of operating a computing device, computing device and computer program

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method of operating a computing device, computing device and computer program

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links