SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER

US 20110252243A1
Filed: 06/09/2010
Published: 10/13/2011
Est. Priority Date: 04/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method of generating a cryptographic key, the method comprising:

receiving a user passcode on a device;

combining at least part of the user passcode with at least part of a non-extractable secret associated with the device to yield a derived key; and

encrypting content on the device with the derived key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.

Citations

22 Claims

1. A method of generating a cryptographic key, the method comprising:
- receiving a user passcode on a device;
  
  combining at least part of the user passcode with at least part of a non-extractable secret associated with the device to yield a derived key; and
  
  encrypting content on the device with the derived key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the non-extractable secret is unique.
  - 3. The method of claim 1, wherein the user passcode and the non-extractable secret are derived according to an encryption algorithm.
  - 4. The method of claim 3, wherein the encryption algorithm is password-based key derivation function version 2 (PBKDF2).
  - 5. The method of claim 4, wherein PBKDF2 is modified to accept the non-extractable secret in addition to the user passcode and a salt value.
  - 6. The method of claim 1, wherein the device is one of a mobile device and a personal computer.
  - 7. The method of claim 1, wherein the content comprises data stored in at least one of a volatile storage medium and a non-volatile storage medium.
  - 8. The method of claim 1, wherein encrypting content on the device further comprises encrypting individual blocks of storage independently.
  - 9. The method of claim 1, wherein encrypting content on the device further comprises encrypting individual blocks of storage as a double dependency chain.

10. A system for retrieving content protected by a derived key, the system comprising:
- a processor;
  
  a first module configured to control the processor to retrieve, on a device, content protected by a derived key;
  
  a second module configured to control the processor to receive a user passcode;
  
  a third module configured to control the processor to generate a reproduced derived key by combining at least part of the user passcode with at least part of a device-specific secret; and
  
  a fourth module configured to control the processor to decrypt at least part of the content based on the reproduced derived key.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the device-specific secret is non-extractable via software.
  - 12. The system of claim 10, wherein the device-specific secret is unique from other device-specific secrets.
  - 13. The system of claim 10, wherein generating the reproduced derived key is based on a password-based key derivation function version 2 (PBKDF2) algorithm.
  - 14. The system of claim 10, wherein the PBKDF2 is modified to accept the device-specific secret in addition to the user passcode and a salt value.

15. A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to protect data on the computing device, the instructions comprising:
- combining at least part of a user passcode with at least part of a non-extractable secret specific to the computing device to yield a derived key; and
  
  encrypting content on the computing device with the derived key.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein encrypting content on the computing device further comprises encrypting at least one of a file, a folder, a keychain, a file system, a partition, and a block.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the device-specific secret is unique from other device-specific secrets.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein combining at least part of the user passcode with at least part of the non-extractable secret is based on a modified password-based key derivation function version 2 (PBKDF2) algorithm which accepts the user passcode, a salt value, and the non-extractable secret as input.

19. A method for accessing protected content on a device, the method comprising:
- requesting a user passcode from a user;
  
  receiving the user passcode from the user;
  
  combining the user passcode with a non-extractable unique secret stored in the device to yield a derived key; and
  
  unprotecting at least part of the protected content based on the derived key.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, wherein the user passcode and the non-extractable secret are combined according to an encryption algorithm.
  - 21. The method of claim 20, wherein the encryption algorithm is password-based key derivation function version 2 (PBKDF2).
  - 22. The method of claim 21, wherein the encryption algorithm further accepts the non-extractable unique secret in addition to the user passcode and a salt value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Brouwer, Michael Lambertus Hubertus, Adler, Mitchell David

Granted Patent

US 8,788,842 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 2209/80   Wireless network architectu...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/0863   involving passwords or one-...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links