System and method for managing secure information within a hybrid portable computing device

US 8,700,908 B2
Filed: 08/24/2010
Issued: 04/15/2014
Est. Priority Date: 08/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the method comprising:

initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device;

receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device;

initializing a password based encryption algorithm with the password, wherein;

if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and

if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys;

exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;

if the generated series of cryptographic keys is correct, the secure communication channel is established; and

if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied;

if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and

authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing secure information within a portable computing device are disclosed. The portable computing device includes a program module for communicating with a secure element that is part of the portable computing device. The secure element may receive messages utilizing the decrypted crypto keys derived from a non-padded cipher in order to establish a secure communications channel. The secure element may store at least one of a substantial encryption key for server authentication and a substantial encryption key for decrypting encrypted data stored locally within the portable computing device. If an incorrect password is entered after a predetermined number of times, the secure element may activate security measures which may permanently disable the secure element. To establish secure communications between the secure element and a CPU of the portable computing device, a password based encryption algorithm utilizing a non-padded cipher may be employed.

6 Citations

View as Search Results

32 Claims

1. A method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the method comprising:
- initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device;
  
  receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device;
  
  initializing a password based encryption algorithm with the password, wherein;
  
  if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and
  
  if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys;
  
  exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;
  
  if the generated series of cryptographic keys is correct, the secure communication channel is established; and
  
  if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied;
  
  if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and
  
  authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising activating one or more security measures if the predetermined threshold number of requests has been achieved.
  - 3. The method of claim 2, wherein the one or more security measures comprises permanent disablement of the secure element.
  - 4. The method of claim 1, further comprising granting access to the secure element of the portable computing device which comprises at least one of a first substantial encryption key for server authentication with a server located remotely from the portable computing device and a second substantial encryption key for decrypting encrypted data stored locally within the portable computing device.
  - 5. The method of claim 1, wherein the password based encryption algorithm utilizes a non-padded cipher.
  - 6. The method of claim 1, further comprising decrypting encrypted data stored locally within the portable computing device with a second substantial encryption key for decrypting data stored locally.
  - 7. The method of claim 6, wherein the first substantial encryption key comprises a symmetric key having a bit length of greater than or equal to 80 bits.
  - 8. The method of claim 1, wherein the portable computing device comprises at least one of a mobile telephone, a personal digital assistant, a pager, a smartphone, and a hand-held computer with a wireless connection or link.

9. A computer system for managing secure information within a portable computing device via selective establishment of a secure communication channel within the portable computing device, the system comprising:
- a central processing unit of the portable computing device operable to;
  
  initialize a program module of the portable computing device for communicating with a secure element of the portable computing device;
  
  initialize a password based encryption algorithm with a received password, wherein;
  
  if the password is correct, the password based encryption algorithm generates a correct series of cryptographic keys; and
  
  if the password is incorrect, the password based encryption algorithm generates an incorrect series of cryptographic keys;
  
  exchange messages with the secure element of the portable computing device using the generated set of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;
  
  if the generated series of cryptographic keys is correct, the secure communication channel is established; and
  
  if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied;
  
  if the generated series of cryptographic keys is incorrect, then determine if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and
  
  authenticate the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the central processing unit of the portable computing device is further operable to activate one or more security measures if the predetermined threshold number requests has been achieved.
  - 11. The system of claim 10, wherein the one or more security measures comprises permanent disablement of the secure element.
  - 12. The system of claim 9, wherein the central processing unit is further operable to grant access to the secure element of the portable computing device through the secure communication channel and the secure element of the portable computing device comprises at least one of a first substantial encryption key for server authentication with a server located remotely from the portable computing device and a second substantial encryption key for decrypting encrypted data stored locally within the portable computing device.
  - 13. The system of claim 9, wherein the password based encryption algorithm utilizes a non-padded cipher.
  - 14. The system of claim 9, wherein the processor is further operable to:
    - decrypt encrypted data stored locally within the portable computing device with a second substantial encryption key for decrypting data stored locally.
  - 15. The system of claim 14, wherein the first substantial encryption key comprises a symmetric key having a bit length of greater than or equal to 80 bits.
  - 16. The system of claim 9, wherein the portable computing device comprises at least one of a mobile telephone, a personal digital assistant, a pager, a smartphone, a navigation device, and a hand-held computer with a wireless connection or link.

17. A computer system for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, the system comprising:
- means for initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device;
  
  means for receiving a password at the central processing unit of the portable computing device for gaining access to the secure element of the portable computing device;
  
  means for initializing a password based encryption algorithm with the password, wherein;
  
  if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and
  
  if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys;
  
  means for exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys to request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;
  
  if the generated series of cryptographic keys is correct, the secure communication channel is established; and
  
  if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied; and
  
  if the generated series of cryptographic keys is incorrect, means for determining if a predetermined threshold number of requests to establish a secure connection channel has been achieved; and
  
  means for authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, further comprising means for activating one or more security measures if the predetermined threshold number of requests has been achieved.
  - 19. The system of claim 18, wherein the one or more security measures comprises permanent disablement of the secure element.
  - 20. The system of claim 17, further comprising means for granting access to the secure element of the portable computing device which comprises at least one of a first substantial encryption key for server authentication with a server remote from the portable computing device and a second substantial encryption key for decrypting encrypted data stored locally within the portable computing device.
  - 21. The method of claim 17, wherein the password based encryption algorithm has a non-padded cipher.
  - 22. The system of claim 17, further comprising means for decrypting encrypted data stored locally within the portable computing device with a second substantial encryption key for decrypting data stored locally.
  - 23. The system of claim 22, wherein the first substantial encryption key comprises a symmetric key having a bit length of greater than or equal to 80 bits.
  - 24. The system of claim 17, wherein the portable computing device comprises at least one of a mobile telephone, a personal digital assistant, a pager, a smartphone, a navigation device, and a hand-held computer with a wireless connection or link.

25. A computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a method for managing secure information within a portable computing device by selective establishment of a secure communication channel within the portable computing device, said method comprising:
- initializing a program module of a central processing unit of the portable computing device for communicating with a secure element of the portable computing device;
  
  receiving a password, at the central processing unit of the portable computing device, for gaining access to the secure element of the portable computing device;
  
  initializing a password based encryption algorithm with the password, wherein;
  
  if the password is correct, initializing the password based encryption algorithm with the password generates a correct series of cryptographic keys; and
  
  if the password is incorrect, initializing the password based encryption algorithm with the password generates an incorrect series of cryptographic keys;
  
  exchanging messages between the central processing unit of the portable computing device and the secure element of the portable computing device using the generated series of cryptographic keys request that a secure communication channel be established between the secure element of the portable computing device and the central processing unit of the portable computing device, wherein;
  
  if the generated series of cryptographic keys is correct, the secure communication channel is established; and
  
  if the generated series of cryptographic keys is incorrect, the request to establish the secure communication channel is denied;
  
  if the generated series of cryptographic keys is incorrect, then determining if a predetermined threshold number of requests to establish a secure communication channel has been achieved; and
  
  authenticating the portable computing device to a server located remotely from the portable computing device with a first substantial encryption key for server authentication, wherein the first substantial encryption key comprises an asymmetric key having a bit length of greater than or equal to 1024 bits.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The computer program product of claim 25, wherein the program code implementing the method further comprises activating one or more security measures if the predetermined threshold number requests has been achieved.
  - 27. The computer program product of claim 26, wherein the one or more security measures comprises permanent disablement of the secure element.
  - 28. The computer program product of claim 25, wherein the program code implementing the method further comprises granting access to the secure element of the portable computing device which comprises at least one of a first substantial encryption key for server authentication with a server remote from the portable computing device and a second substantial encryption key for decrypting encrypted data stored locally within the portable computing device.
  - 29. The computer program product of claim 25, wherein the program code implementing the method further comprises utilizing a non-padded cipher in the password based encryption algorithm.
  - 30. The computer program product of claim 25, wherein the program code implementing the method further comprises decrypting encrypted data stored locally within the portable computing device with a second substantial encryption key for decrypting data stored locally.
  - 31. The computer program product of claim 30, wherein the wherein the first substantial encryption key comprises a symmetric key having a bit length of greater than or equal to 80 bits.
  - 32. The computer program product of claim 25, wherein the portable computing device comprises at least one of a mobile telephone, a personal digital assistant, a pager, a smartphone, a navigation device, and a hand-held computer with a wireless connection or link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Rickman, Gregory M.
Primary Examiner(s)
McNally, Michael S
Assistant Examiner(s)
Johnson, Carlton

Application Number

US12/862,606
Publication Number

US 20120054498A1
Time in Patent Office

1,330 Days
Field of Search

None
US Class Current

713/182
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

System and method for managing secure information within a hybrid portable computing device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing secure information within a hybrid portable computing device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links