SYSTEM FOR PROXIMITY BASED ENCRYPTION AND DECRYPTION

US 20150172920A1
Filed: 12/16/2013
Published: 06/18/2015
Est. Priority Date: 12/16/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for proximity encryption and decryption comprising:

using a user terminal, at least one token device, a policy server and at least one application service,wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means,and wherein the at least one token device is distinct from the user terminal,and wherein the at least one token device stores at least one digital key in memory,and wherein the at least one digital key is used to encrypt data onboard the user terminal,and wherein an authorization program runs onboard the user terminal,and wherein the policy server has at least one user account corresponding to the authorization program,and wherein the at least one application service has at least one second user account,and wherein the at least one second user account is distinct from the at least one user account;

whereby upon or after an event onboard the user terminal,the authorization program connects to the at least one token device using short wireless communication,wherein the at least one token device is more than 10 centimeters away from the user terminal,after or upon a pass code or a voice response is validated without a server either onboard the user terminal or onboard the at least one token device,at least one decryption key is obtained wirelessly from the at least one token device,a login information stored onboard the user terminal can be decrypted using the at least one decryption key,the login information can be used to login automatically to the at least one second user account from the user terminal,at least one data set corresponding to the second user account is obtained wirelessly from the at least one application service,the at least one data set is decrypted using at least a second digital key obtained through short wireless communication to obtain at least one decrypted data set onboard the user terminal,at least one information from the at least one decrypted data set is output onboard the user terminal,at least one input data set obtained onboard the user terminal can be encrypted using at least a third digital key obtained through short wireless communication,and at least one part of the encrypted at least one input data set can be sent wirelessly to the at least one application service.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing data on a mobile device by combining multi-factor, auto-login, encryption and proximity. The method uses a wireless device to store encryption keys, provides a first stage decryption to decrypt the user credentials and login to a container, and a second stage decryption to decrypt the user data and display it. The method also locks the data when the user leaves proximity. This method is immune to physical attacks or jailbreaks.

59 Citations

View as Search Results

20 Claims

1. A method for proximity encryption and decryption comprising:
- using a user terminal, at least one token device, a policy server and at least one application service,wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means,and wherein the at least one token device is distinct from the user terminal,and wherein the at least one token device stores at least one digital key in memory,and wherein the at least one digital key is used to encrypt data onboard the user terminal,and wherein an authorization program runs onboard the user terminal,and wherein the policy server has at least one user account corresponding to the authorization program,and wherein the at least one application service has at least one second user account,and wherein the at least one second user account is distinct from the at least one user account;
  
  whereby upon or after an event onboard the user terminal,the authorization program connects to the at least one token device using short wireless communication,wherein the at least one token device is more than 10 centimeters away from the user terminal,after or upon a pass code or a voice response is validated without a server either onboard the user terminal or onboard the at least one token device,at least one decryption key is obtained wirelessly from the at least one token device,a login information stored onboard the user terminal can be decrypted using the at least one decryption key,the login information can be used to login automatically to the at least one second user account from the user terminal,at least one data set corresponding to the second user account is obtained wirelessly from the at least one application service,the at least one data set is decrypted using at least a second digital key obtained through short wireless communication to obtain at least one decrypted data set onboard the user terminal,at least one information from the at least one decrypted data set is output onboard the user terminal,at least one input data set obtained onboard the user terminal can be encrypted using at least a third digital key obtained through short wireless communication,and at least one part of the encrypted at least one input data set can be sent wirelessly to the at least one application service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 comprising:
    - a second user terminal obtains encrypted data from the at least one application service,the encrypted data is decrypted using at least one fourth digital key corresponding to the third digital key and is output onboard the second user terminal.
  - 3. The method of claim 1 whereby:
    - at least two encrypted login information are stored onboard the user terminal, the at least two encrypted login information correspond to at least two token devices and at least two user accounts in the application service,whereby, upon detection of a first token device using short wireless communication, a first pass code can be validated, a first decryption key is obtained, a first login information stored onboard the user terminal is decrypted, the decrypted first login information is used to login to a first user account in the application service,whereby, upon detection of a second token device using short wireless communication, a second pass code can be validated, and a second user is automatically logged in to a second user account in the application service.
  - 4. The method of claim 1 whereby:
    - a pass code is obtained,wherein the pass code is verified using a first reference code previously stored onboard the at least one token device or using a second reference code previously stored onboard the user terminal.
  - 5. The method of claim 1 whereby:
    - the authorization program obtains an authorization method from the policy server;
      
      whereby if the authorization method requires biometric challenge authentication, the authorization program displays a question and requests a voice response corresponding to the question;
      
      whereby if the voice response does not match a previously stored sample,at least one decryption key is not provided to the user terminal.
  - 6. The method of claim 1 whereby:
    - the authorization program obtains an authorization method from the policy server;
      
      whereby if the authorization method requires a second person authorization, the authorization program sends a request for authorization to a second token device,whereby if the request is not authorized onboard the second token device,at least one decryption key is not provided to the user terminal.
  - 7. The method of claim 6 whereby:
    - the at least one decryption key or part thereof is stored onboard the second token device.
  - 8. The method of claim 1 whereby:
    - the authorization program obtains at least one first authorization method from the policy server corresponding to at least one trusted location and obtains at least one second authorization method corresponding to locations outside the at least one trusted location;
      
      whereby if the current location is determined to be a trusted location, the at least one first authorization method is applied,whereby if the current location is determined to be outside the at least one trusted location, the at least one second authorization method is applied,wherein the at least one first authorization method is different from the at least one second authorization method.
  - 9. The method of claim 1 whereby:
    - the authorization program obtains a first timeout period from the policy server;
      
      whereby after the first timeout period elapses, at least one decrypted data is cloaked or a screen is locked,wherein the timeout is not elapsed, the authorization program can encrypt an application data or the authorization program can encrypt a second application data corresponding to a wrapped second application.
  - 10. The method of claim 9 whereby:
    - the authorization program obtains at least one first timeout from the policy server corresponding to at least one trusted location and obtains at least one second timeout corresponding to locations outside the at least one trusted location;
      
      whereby if the current location is determined to be a trusted location, the at least one first timeout is applied,whereby if the current location is determined to be outside the at least one trusted location, the at least one second timeout is applied,wherein the at least one first timeout is different from the at least one second timeout.
  - 11. The method of claim 1 whereby:
    - if the at least one token device is not within a predefined short wireless range from the user terminal,a displayed data is cloaked or a screen is locked or the authorization program closes,wherein the authorization program can encrypt an application data or delete an application data or delete at least one encryption key, and wherein the predefined short wireless range is above 20 centimeters.
  - 12. The method of claim 1 whereby:
    - the authorization program is obtained by wrapping a security layer program onto a second application, or by injecting object code corresponding to the security layer program into the object code of the second application,wherein the second application cannot communicate with the at least one token device,wherein the security layer program enables communication with the at least one token device,and wherein the authorization program can communicate with the at least one token device.
  - 13. The method of claim 1 whereby:
    - the at least one data set is obtained through a web form,wherein the web form is not displayed,and wherein the data from the web form is decrypted using the at least one decryption key,and wherein at least one information from the at least one decrypted data set is output onboard the user terminal;
      
      whereby the at least one part of the encrypted at least one input data set is provided to the web form,wherein data from the web form is sent wirelessly to the at least one application service.

14. A method for proximity encryption and decryption comprising:
- using a user terminal, at least one token device, a policy server and an application program,wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means,and wherein the at least one token device is distinct from the user terminal,and wherein the at least one token device stores at least one digital key in memory,and wherein the at least one digital key is used to encrypt data onboard the user terminal,and wherein an authorization program runs onboard the user terminal,and wherein the policy server has at least one user account corresponding to the authorization program,and wherein the application program has at least one second user account,and wherein the at least one second user account is distinct from the at least one user account;
  
  whereby at least one data set corresponding to the application program is encrypted with an encryption key obtained from at least one token device to obtain at least one encrypted data set,wherein the application program can read the at least one data set,wherein when encrypted, the application program cannot read the at least one encrypted data set;
  
  whereby upon or after an event onboard the user terminal,the authorization program connects to at least one token device using short wireless communication,at least one decryption key is obtained wirelessly,at least one encrypted data set is obtained and is decrypted using the at least one decryption key,the application program reads the decrypted data set,and at least one information from the decrypted data set is displayed onboard the user terminal using the application program;
  
  whereby if the at least one token device is not within a predefined short wireless range from the user terminal,a displayed data is cloaked or a screen is locked,at least one data set corresponding to the application program can be encrypted with an encryption key obtained wirelessly to obtain an encrypted data set,and wherein the predefined short wireless range is above 30 centimeters.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14 whereby:
    - if the at least one token device is not within a predefined short wireless range from the user terminal, and if the authorization program does not find network connectivity,periodically, the authorization program checks for network connectivity, and if found, the authorization program sends current location information to a remote server.
  - 16. The method of claim 14 whereby:
    - at least two encrypted login information are stored onboard the user terminal, the at least two encrypted login information correspond to at least two token devices and at least two user accounts in the application program,whereby, upon detection of a first token device using short wireless communication, a first pass code can be validated, a first decryption key is obtained, a first login information stored onboard the user terminal is decrypted, the decrypted first login information is used to login to a first user account in the application program,whereby, upon detection of a second token device using short wireless communication, a second pass code can be validated, and a second user is automatically logged in to a second user account.
  - 17. The method of claim 14 whereby:
    - if a one-time password is obtained, the authorization program generates a second one-time password onboard the user terminal,if obtained one-time password matches the generated second one-time password, a user is logged in automatically to the application program.
  - 18. The method of claim 14 whereby:
    - the authorization program obtains at least one predetermined safe geo-location from the policy server;
      
      the authorization program determines the current location information using a means selected from the group consisting of;
      
      GPS, Wi-Fi, cell tower, and short wireless transceiver;
      
      if the current location is not within the predetermined geo-location,the authorization program performs an action selected from the group consisting of;
      
      log out, revoke authentication, revoke a user token, cancel a transaction, play a long sound file, lock a device, play a long sound file, issue an audible alert, call a mobile phone and issue a message, encrypt data, delete data, delete said second application, clear memory, send an email message comprising the current location information, send a Short Message Service message comprising the current location information, send a message comprising the current location information to a remote server.

19. A method for proximity encryption and decryption comprising:
- using a user terminal, a token device, a policy server, at least one application service and an authorization service,wherein the at least one token device is a Bluetooth fob or a smart phone equipped with short wireless communication means,and wherein the at least one token device is distinct from the user terminal,and wherein the at least one token device stores at least one digital key in memory,and wherein an authorization program runs onboard the user terminal,and wherein the at least one digital key is used to encrypt data onboard the user terminal,and wherein the policy server has at least one user account corresponding to the authorization program,and wherein the authorization service has at least one second user account,and wherein the at least one second user account is distinct from the at least one user account,and wherein the at least one application service has at least one third user account,and wherein the at least one third user account is distinct from both the at least one user account and the at least one second user account;
  
  whereby upon or after an event onboard the user terminal,the authorization program scans devices within a predefined range from the user terminal using short wireless communication,if a known token device is found,login information corresponding to the token device can be obtained and can be used to authorize to the at least one second user account,and at least one information from the at least one second user account is displayed onboard the user terminal;
  
  whereby upon or after activation of a button or an icon or a menu from the displayed information onboard the user terminal,at least one request is sent to the at least one token device or to the policy server,whereby upon or after authorization of the at least one request by the at least one token device,authorization information is obtained,and the authorization information is used to login automatically to the at least one third user account or to authenticate to the at least one third user account or to authorize a transaction corresponding to the at least one third user account onboard the user terminal;
  
  whereby if the at least one token device leaves a predefined short wireless range from the user terminal,the data from the at least one second user account is automatically cloaked or encrypted, or the at least one second user account is logged off or locked.
- View Dependent Claims (20)
- - 20. The method of claim 19 whereby:
    - the token device communicates with the policy server using a first communication network,the user terminal communicates with the policy server using a second communication network,whereby the first communication network is different from the second communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mourad Ben Ayed
Original Assignee
Mourad Ben Ayed
Inventors
Ben Ayed, Mourad

Application Number

US14/107,014
Publication Number

US 20150172920A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/341   Active cards, i.e. cards in...

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

H04W 12/082   using revocation of authori...

H04W 12/61   Time-dependent

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 4/80   Services using short range ...

SYSTEM FOR PROXIMITY BASED ENCRYPTION AND DECRYPTION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR PROXIMITY BASED ENCRYPTION AND DECRYPTION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links