System and method for managing secure information within a hybrid portable computing device
First Claim
1. A method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the method comprising:
- initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device;
receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device;
initializing a password based encryption algorithm with the password, wherein;
if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and
if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys;
exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;
if the generated series of cryptographic keys is correct, the secure communication channel is established; and
if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied;
if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and
authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing secure information within a portable computing device are disclosed. The portable computing device includes a program module for communicating with a secure element that is part of the portable computing device. The secure element may receive messages utilizing the decrypted crypto keys derived from a non-padded cipher in order to establish a secure communications channel. The secure element may store at least one of a substantial encryption key for server authentication and a substantial encryption key for decrypting encrypted data stored locally within the portable computing device. If an incorrect password is entered after a predetermined number of times, the secure element may activate security measures which may permanently disable the secure element. To establish secure communications between the secure element and a CPU of the portable computing device, a password based encryption algorithm utilizing a non-padded cipher may be employed.
6 Citations
32 Claims
-
1. A method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the method comprising:
-
initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device; receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device; initializing a password based encryption algorithm with the password, wherein; if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys; exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein; if the generated series of cryptographic keys is correct, the secure communication channel is established; and if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied; if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for managing secure information within a portable computing device via selective establishment of a secure communication channel within the portable computing device, the system comprising:
a central processing unit of the portable computing device operable to; initialize a program module of the portable computing device for communicating with a secure element of the portable computing device; initialize a password based encryption algorithm with a received password, wherein; if the password is correct, the password based encryption algorithm generates a correct series of cryptographic keys; and if the password is incorrect, the password based encryption algorithm generates an incorrect series of cryptographic keys; exchange messages with the secure element of the portable computing device using the generated set of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein; if the generated series of cryptographic keys is correct, the secure communication channel is established; and if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied; if the generated series of cryptographic keys is incorrect, then determine if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and authenticate the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A computer system for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the system comprising:
-
means for initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device; means for receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device; means for initializing a password based encryption algorithm with the password, wherein; if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys; means for exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein; if the generated series of cryptographic keys is correct, the secure communication channel is established; and if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied; and if the generated series of cryptographic keys is incorrect, means for determining if a predetermined threshold number of requests to establish a secure connection channel has been achieved; and means for authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, said method comprising:
-
initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device; receiving a password, at the central processing unit of the portable computing device, for gaining access to the secure element of the portable computing device; initializing a password based encryption algorithm with the password, wherein; if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys; exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein; if the generated series of cryptographic keys is correct, the secure communication channel is established; and if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied; if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification