METHOD AND SYSTEM FOR DECOUPLING USER AUTHENTICATION AND DATA ENCRYPTION ON MOBILE DEVICES
A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key ("EK") for encrypting data and a key encryption key ("KEK") for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the enc...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Patent |
Sprache: | eng ; fre |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key ("EK") for encrypting data and a key encryption key ("KEK") for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the encrypted EK on a data container device ("DCD"), and storing the KEK on a key vault device ("KVD") that is distinct from the DCD. Neither the EK nor KEK are generated using a user authentication secret as a seed. The DCD may fetch the KEK from the KVD as desired to decrypt the EK and to encrypt and decrypt data stored on the DCD. Examples of the DCD include a memory stick, smartphone, or tablet computer, while examples of the KVD include a dongle, smartphone, or tablet computer. |
---|