System and method for encrypting and decrypting files

US 7,373,517 B1
Filed: 08/19/1999
Issued: 05/13/2008
Est. Priority Date: 08/19/1999
Status: Expired due to Fees

- Alert
- Pin

First Claim

Patent Images

1. A method for storing and enabling access to data at a server, the method comprising:

receiving a hint at the server from a first device, the hint generated by executable code located on the first device;

receiving, at the server, data encrypted by using a key, the key generated by performing a hashing algorithm on the hint and a password; and

sending the hint to a second device.

View all claims

9 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system and method distribute the task of decryption between a server and a client. To encrypt data, the client generates an encryption/decryption key. Namely, a user interface obtains a password, generally from a user. A hint generator generates a hint. A key generator generates the key based on the password and the hint. In one embodiment, the key generator hashes the password to generate a first secret, hashes the first secret to generate a second secret, hashes the first secret with the hint to generate an intermediate index, and hashes the second secret and the intermediate index to generate the key. An encryption engine can then use the key to encrypt data. The client then sends the encrypted data and possibly the hint for storage on the server. To decrypt the data, the key must be determined. Accordingly, the server knows some information and the user knows some information for decrypting the data. To generate the key, the decrypting client must first obtain rights to retrieve the hint from the server and must obtain the password from the user. Increased level of security is achieved.

238 Citations

30 Claims

1. A method for storing and enabling access to data at a server, the method comprising:
- receiving a hint at the server from a first device, the hint generated by executable code located on the first device;
  
  receiving, at the server, data encrypted by using a key, the key generated by performing a hashing algorithm on the hint and a password; and
  
  sending the hint to a second device.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the step of performing a hashing algorithm includes hashing the password.

3. A method for storing and enabling access to data at a server, the method comprising:
- receiving a hint at the server from a first device, the hint generated by executable code located on the first device; and
  
  receiving, at the server, data encrypted by using a key, the key generated by performing a hashing algorithm on the hint and a password, whereinperforming the hashing algorithm includes hashing the password to derive a first secret, hashing the first secret to derive a second secret, hashing the hint and the first secret to generate an intermediate index, and hashing the intermediate index and the second secret to generate the key.

4. A system, comprising:
- a user interface configured to obtain a password;
  
  a key generator coupled to the user interface configured to perform a hashing algorithm on a hint and the password to generate a key;
  
  an encryption engine coupled to the key generator configured to encrypt data stored on a device using the key;
  
  a communications module coupled to the encryption engine configured to send the encrypted data and the hint to a server for storage.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4, further comprising:
    - a hint generator configured to generate the hint.
  - 6. The system of claim 4, wherein the key generator hashes the password.

7. A system, comprising:
- a user interface configured to obtain a password;
  
  a key generator coupled to the user interface configured to perform a hashing algorithm on a hint and the password to generate a key wherein the key generator hashes the password to derive a first secret, hashes the first secret to derive a second secret, hashes the hint and the first secret to generate an intermediate index, and hashes the intermediate index and the second secret to generate the key;
  
  an encryption engine coupled to the key generator configured to encrypt data stored on a device using the key; and
  
  a communications module coupled to the engine configured to send the encrypted data to a server for storage.

8. A system, comprising:
- means for obtaining a hint;
  
  means for obtaining a password through an interface to executable code transmitted to a device;
  
  means for performing a hashing algorithm on the hint and the password to generate a key;
  
  means for encrypting data stored on the device using the key; and
  
  means for sending the encrypted data to a server for storage.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein the executable code is stored on a computer-readable storage medium.
  - 10. The system of claim 8, wherein the system is configured to transmit the executable code embodied in a carrier wave.

11. A method for storing and enabling access to data at a server, the method comprising:
- receiving, at the server, a request to store encrypted data from a device;
  
  sending an encryption downloadable to the device for deriving a key to encrypt data stored at the device;
  
  receiving, at the server, encrypted data encrypted by the encryption downloadable from the device;
  
  receiving, from the device, a hint, corresponding to the encrypted data and used for regenerating the key; and
  
  storing the hint and the encrypted data at the server.

12. A system, comprising:
- an encryption downloadable configured to derive an encryption key from a password and a hint;
  
  a web server configured to interface with a device and send the encryption downloadable to the device, and receive data encrypted by the encryption downloadable from the device; and
  
  a memory coupled to the web server configured to store a hint corresponding to the encrypted data and used to regenerate the key from the device and the encrypted data.

13. A method, comprising;
- receiving, at a device, encrypted data and a hint corresponding to the encrypted data from a server;
  
  inputting a password through an interface to executable code; and
  
  performing a hashing algorithm on the password and the hint at the device to generate a key for decrypting the encrypted data.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein performing the hashing algorithm further includes hashing the password.

15. A system, comprising:
- a user interface configured to obtain a password;
  
  a communication module configured to send encrypted data and a hint corresponding to the encrypted data from a server to a device; and
  
  a key generator for performing a hashing algorithm on the password and the hint at the device to generate a key for decrypting the encrypted data.

16. A system, comprising:
- means for obtaining a password through an interface to executable code transmitted to a device;
  
  means for sending encrypted data and a hint corresponding to the encrypted data from a server to the device; and
  
  means for performing a hashing algorithm on the password and the hint at the device to generate a key for decrypting the encrypted data.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16, wherein the executable code is stored on a computer-readable storage medium.
  - 18. The system of claim 16, wherein the system is configured to transmit the executable code embodied in a carrier wave.

19. A method, comprising:
- receiving information identifying encrypted data stored at a server;
  
  sending a decryption downloadable to a device, the decryption downloadable deriving a key from a password and a hint;
  
  sending the hint corresponding to the encrypted data to the device; and
  
  deriving the key by hashing at least one of the hint and the password.

20. A system, comprising:
- a decryption downloadable configured to derive a key by hashing at least one of a password and a hint corresponding to encrypted data;
  
  a memory configured to store the encrypted data and the hint corresponding to the encrypted data; and
  
  a web server configured to interface with the device, and send the decryption downloadable, the encrypted data, and the hint to the client.

21. A device based method, comprising:
- obtaining a password through an interface to executable code transmitted to the device;
  
  deriving a first secret from the password;
  
  receiving a hint corresponding to data to be decrypted from a server;
  
  deriving an intermediate index from the first secret and the hint; and
  
  sending the intermediate index to the server, the intermediate index used to decrypt data stored on the server.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein deriving the first secret further includes hashing the password.
  - 23. The method of claim 21, wherein deriving an intermediate index further includes hashing the first secret and the hint.

24. A system, comprising:
- a user interface configured to obtain a password;
  
  an index generator coupled to the user interface configured to generate an intermediate index from a hint received from a server and a secret derived from the password; and
  
  a communications engine coupled to the index generator configured to send the intermediate index to the server.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein the index generator is further configured to generate the intermediate index by hashing the hint and the secret.

26. A system, comprising;
- means for obtaining a password through an interface to executable code transmitted to a device;
  
  means for deriving a first secret from the password;
  
  means for receiving a hint corresponding to data to be decrypted from a server;
  
  means for deriving an intermediate index from the first secret and the hint; and
  
  means for sending the intermediate index to the server, the intermediate index used to decrypt data stored at the server.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, wherein the executable code is stored on a computer-readable storage medium.
  - 28. The system of claim 26, wherein the system is configured to transmit the executable code embodied in a carrier wave.

29. A server-based method, comprising;
- receiving from a device, a request for access to data stored at a server;
  
  transmitting to the device a hint corresponding to the data, and a decryption downloadable for deriving an intermediate index from a password and the hint;
  
  receiving the intermediate index from the device; and
  
  deriving a decryption key from a second secret corresponding to the device and the intermediate index.

30. A system, comprising;
- a memory configured to store a second secret corresponding to a device;
  
  a decryption downloadable configured to generate an intermediate index from a password and a hint corresponding to encrypted data;
  
  a web server configured to receive information identifying the encrypted data to be decrypted, transmit the decryption downloadable and the hint corresponding to the encrypted data to the device, and receive an intermediate index from the device; and
  
  a server-resident module configured to derive a key for decrypting the encrypted data from the second secret and the intermediate index.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Blackberry Limited, Igia Direct Incorporated
Original Assignee
Good Technology Corporation (Blackberry Limited)
Inventors
Riggins, Mark D.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US09/378,226
Time in Patent Office

3,190 Days
Field of Search

713/168, 713/183, 713/184, 713/193, 726/5, 380/44
US Class Current

713/184
CPC Class Codes

H04L 2463/041   using an encryption or decr...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 9/0863   involving passwords or one-...

H04L 9/50   using hash chains, e.g. blo...

System and method for encrypting and decrypting files

First Claim

9 Assignments

Litigations

0 Petitions

Accused Products

Abstract

238 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for encrypting and decrypting files

First Claim

9 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

238 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links