Method and apparatus for storing data on the application layer in mobile devices

US 7,587,608 B2
Filed: 11/30/2004
Issued: 09/08/2009
Est. Priority Date: 11/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing user-specific data for each of multiple users on a mobile personal device, wherein the user-specific data is accessible through a persistence layer on the mobile personal device;

associating the user-specific data for each of the multiple users with a user identifier for each of the multiple users;

storing the user identifier for each of the users on the mobile personal device;

receiving a request from one of the users having a first user identifier to operate an application of the mobile personal device, wherein the request includes access to the user-specific data associated with the first user identifier;

intercepting the request and determining whether to process the request using an access controller;

requesting the first user identifier responsive to the request to operate;

comparing the first user identifier to the stored user identifiers;

granting the request and enabling access to the user-specific data through the persistence layer if the first user identifier matches when compared against the stored user identifiers; and

operating the application of the mobile personal device with the user-specific data corresponding to the first user identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present embodiments provide a system and methods for encrypting and storing data in a mobile device such as a personal digital assistant. The system includes an access controller and a cryptography manager both coupled to the software applications on the mobile device. The system employs a user specific key to encrypt the user specific data. The encrypted file along with header information is stored below the application layer within the mobile system.

104 Citations

View as Search Results

20 Claims

1. A method comprising:
- storing user-specific data for each of multiple users on a mobile personal device, wherein the user-specific data is accessible through a persistence layer on the mobile personal device;
  
  associating the user-specific data for each of the multiple users with a user identifier for each of the multiple users;
  
  storing the user identifier for each of the users on the mobile personal device;
  
  receiving a request from one of the users having a first user identifier to operate an application of the mobile personal device, wherein the request includes access to the user-specific data associated with the first user identifier;
  
  intercepting the request and determining whether to process the request using an access controller;
  
  requesting the first user identifier responsive to the request to operate;
  
  comparing the first user identifier to the stored user identifiers;
  
  granting the request and enabling access to the user-specific data through the persistence layer if the first user identifier matches when compared against the stored user identifiers; and
  
  operating the application of the mobile personal device with the user-specific data corresponding to the first user identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as recited in claim 1, wherein:
    - the mobile personal device is a personal digital assistant (PDA).
  - 3. A method as recited in claim 2, wherein:
    - the user identifier is a user ID number and password.
  - 4. A method as recited in claim 2, wherein:
    - the user identifier is a user specific key.
  - 5. A method as recited in claim 3, further comprising:
    - storing user-specific data as encrypted data.
  - 6. A method as recited in claim 5, further comprising:
    - encrypting data with the user-specific key.
  - 7. A method as recited in claim 6, further comprising:
    - synchronizing data with a sewer.
  - 8. A method as recited in claim 6, further comprising:
    - storing a header file with the encrypted data.
  - 9. A method as recited in claim 6, further comprising:
    - requesting a second user identifier; and
      
      wherein encrypting data occurs using symmetric encryption methods.
  - 10. A method as recited in claim 1, wherein:
    - the method is performed by a processor responsive to execution of a set of instructions, the set of instructions embodied in a storage device.

11. An apparatus, comprising:
- a remote mobile personal device including;
  
  an operating system;
  
  an access controller that is configured to receive requests for access to user-specific data stored on the remote mobile personal device for each of multiple users and that is configured to control access to the user-specific data using one or more keys associated with the multiple users and stored on the remote mobile personal device, wherein the user-specific data is accessible through a persistence layer on the remote mobile personal device;
  
  a cryptography manager that is configured to encrypt and decrypt the user-specific data in response to requests from the access controller using the one or more keys; and
  
  an application coupled to the access controller and the cryptography manager, the application to query the access controller for an indication of permission to execute including accessing the user-specific data through the persistence layer.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. An apparatus as recited in claim 11, further comprising:
    - a processor.
  - 13. An apparatus as recited in claim 12, further comprising:
    - a file system manager.
  - 14. An apparatus as recited in claim 13, further comprising:
    - a user interface; and
      
      a network interface.
  - 15. An apparatus as recited in claim 13, further comprising:
    - means for interacting with a user.
  - 16. An apparatus as recited in claim 14, further comprising:
    - a network server.

17. A method, comprising:
- storing user-specific data for each of multiple users on a mobile personal device, wherein the user-specific data is accessible through a persistence layer on the mobile personal device;
  
  associating the user-specific data for each of the multiple users with a user identifier for each of the multiple users;
  
  storing the user identifier for each of the users on the mobile personal device;
  
  receiving a request from one of the users having a first user identifier to operate an application of the mobile personal device, wherein the request includes access to the user-specific data associated with the first user identifier;
  
  intercepting the request and determining whether to process the request using an access controller;
  
  requesting the first user identifier responsive to the request to operate;
  
  verifying the first user identifier against the stored user identifiers;
  
  granting the request and enabling access to the user-specific data through the persistence layer;
  
  operating the application of the mobile personal device with the user-specific data corresponding to the user identifier;
  
  encrypting the user-specific data with a user-specific key within the application;
  
  storing the user-specific data as encrypted data;
  
  synchronizing the user-specific data with a remote database; and
  
  terminating operation of the mobile personal device responsive to a logoff request.
- View Dependent Claims (18, 19, 20)
- - 18. A method as recited in claim 17, wherein:
    - the first user identifier is a user ID and the encrypting is performed in an application layer using key derivation techniques based on the user ID.
  - 19. A method as recited in claim 18, wherein:
    - the encryption is performed using symmetric encryption methods.
  - 20. A method as recited in claim 19, further comprising:
    - deriving the user specific key at a server based on the user ID in conjunction with a key management component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Sa de Souza, Luciana Moreira, Haller, Jochen
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US11/001,147
Publication Number

US 20060129830A1
Time in Patent Office

1,743 Days
Field of Search

713/183, 713/186, 713/182, 726/2, 726/16, 380/270
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/629   to features or functions of...

G06F 2221/2153   Using hardware token as a s...

Method and apparatus for storing data on the application layer in mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for storing data on the application layer in mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others