Encrypting and storing data
First Claim
1. A user equipment that encrypts and stores data to communicate to a server of a communication network, the user equipment comprising:
- a processor coupled to a first memory and configured to;
establish a session between the user equipment and the server of the communication network;
generate two or more keys based on a shared secret made available to the user equipment and the server, wherein the two or more keys comprise at least one perfect forward secrecy key, and at least one partial forward secrecy key, wherein the at least one partial forward secrecy key is generated based on a cryptographic function applied to the shared secret and a session identifier associated with the established session;
encrypt data using the at least one partial forward secrecy key;
store the encrypted data in the first memory of the user equipment;
generate an updated partial forward secrecy key based on an application of a one-way function to the partial forward secrecy key and the session identifier responsive to the encryption of the data using the at least one partial forward secrecy key; and
store the updated partial forward secrecy key in a second memory of the user equipment to encrypt future communications during the established session with the server; and
a transmitter configured to transmit the stored encrypted data in a communication to the server during the established session.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.
19 Citations
15 Claims
-
1. A user equipment that encrypts and stores data to communicate to a server of a communication network, the user equipment comprising:
-
a processor coupled to a first memory and configured to; establish a session between the user equipment and the server of the communication network; generate two or more keys based on a shared secret made available to the user equipment and the server, wherein the two or more keys comprise at least one perfect forward secrecy key, and at least one partial forward secrecy key, wherein the at least one partial forward secrecy key is generated based on a cryptographic function applied to the shared secret and a session identifier associated with the established session; encrypt data using the at least one partial forward secrecy key; store the encrypted data in the first memory of the user equipment; generate an updated partial forward secrecy key based on an application of a one-way function to the partial forward secrecy key and the session identifier responsive to the encryption of the data using the at least one partial forward secrecy key; and store the updated partial forward secrecy key in a second memory of the user equipment to encrypt future communications during the established session with the server; and a transmitter configured to transmit the stored encrypted data in a communication to the server during the established session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method performed by a user equipment operable to communicate with a server of a communication network, the method comprising:
-
establishing a session between the user equipment and the server of the communication network; generating, two or more keys based on a shared secret made available to the user equipment and the server, wherein the two or more keys comprise at least one perfect forward secrecy key, and at least one partial forward secrecy key, wherein the at least one partial forward secrecy key is generated based on a cryptographic function applied to the shared secret and a session identifier associated with the established session; encrypting data using the at least one partial forward secrecy key; storing the encrypted data in a first memory of the user equipment; generating an updated partial forward secrecy key based on an application of a one-way function to the partial forward secrecy key and the session identifier responsive to the encryption of the data using the at least one partial forward secrecy key; storing the updated partial forward secrecy key in a second memory of the user equipment to encrypt future communications during the established session with the server; and transmitting the stored encrypted data in a communication to the server during the established session. - View Dependent Claims (10)
-
-
11. A server in communication with a user equipment operating in a communication network, the server comprising:
-
a receiver configured to receive encrypted data in a communication from the user equipment; a processor and memory, the processor configured to; establish a session between the user equipment and the server; generate two or more keys based on a shared secret made available to the user equipment and the server, wherein the two or more keys comprise at least one perfect forward secrecy key, and at least one partial forward secrecy key, wherein the at least one partial forward secrecy key is generated based on a cryptographic function applied to the shared secret and a session identifier associated with the established session; decrypt the received encrypted data using the at least one partial forward secrecy key; store at least part of the decrypted data in the memory; generate an updated partial forward secrecy key based on an application of a one-way function to the partial forward secrecy key and the session identifier responsive to the decryption of the data using the at least one partial forward secrecy key; and store the updated partial forward secrecy key in the memory to decrypt future communications from the user equipment during the established session. - View Dependent Claims (12, 13)
-
-
14. A method performed by a server in communication with a user equipment operating in a communication network, the method comprising:
-
establishing a session between the user equipment and the server; receiving encrypted data in the established session from the user equipment; generating two or more keys based on a shared secret made available to the user equipment and the server, wherein the two or more keys comprise at least one perfect forward secrecy key, and at least one partial forward secrecy key, wherein the at least one partial forward secrecy key is generated based on a cryptographic function applied to the shared secret and a session identifier associated with the established session; decrypting the received encrypted data using the at least one partial forward secrecy key; storing the decrypted data in a memory of the server; generating an updated partial forward secrecy key based on an application of a one-way function to the partial forward secrecy key and the session identifier responsive to the decryption of the data using the at least one partial forward secrecy key; and storing the updated partial forward secrecy key in the memory to decrypt future communications from the user equipment during the established session with. - View Dependent Claims (15)
-
Specification