System and method for wireless data protection
Abstract
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
Claims
exact text as granted — not AI-modified1 . A method comprising:
encrypting a file with a file key to yield an encrypted file; encrypting the file key with a class encryption key to yield an encrypted file key; encrypting the file key with a public key associated with a set of backup keys to yield a second encrypted file key; and transmitting the encrypted file and the second encrypted file key to a backup device.
2 . The method of claim 1 , wherein the class encryption key is associated with a set of files, wherein the set of files has at least one similar attribute.
3 . The method of claim 1 , wherein the file key is randomly generated.
4 . A method comprising:
receiving an encrypted file and an encrypted file key at a backup device; associating the encrypted file key with a set of backup keys; encrypting the set of backup keys with a backup key set key to yield an encrypted set of backup keys; and storing the encrypted file, the encrypted file key and the set of encrypted backup keys on the backup device.
5 . The method of claim 4 , wherein the backup key set key is randomly generated by a primary device.
6 . The method of claim 5 , wherein a backup device escrows the backup key set key.
7 . The method of claim 6 , wherein the backup device protects the backup key set key with a user password.
8 . The method of claim 7 , wherein the user password is the same as a user account password.
9 . The method of claim 4 , wherein the backup key set key is recoverable by a service provider.
10 . The method of claim 4 , wherein the backup key set key is not recoverable by a service provider.
11 . The method of claim 4 , wherein the backup key set key is derived from a user password.
12 . The method of claim 11 , wherein the user password is a separate backup password.
13 . A method comprising:
transmitting encrypted file data, an encrypted file key and a set of encrypted backup keys, from the backup device to the primary device, wherein the set of encrypted backup keys is generated according to steps comprising:
receiving an encrypted file and an encrypted file key at a backup device;
associating the encrypted file key with a set of backup keys; and
encrypting the set of backup keys with a backup key set key to yield an encrypted set of backup keys.
14 . A system comprising:
a processor; a memory storing instructions for controlling the processor to perform steps comprising:
performing a hash of a first encryption key to yield a first intermediate result;
truncating the first intermediate result to yield a second intermediate result;
generating a third intermediate result utilizing a function of a block offset; and
encrypting the third intermediate result with the second intermediate result to yield an initialization vector, for use in a cryptographic operation.
15 . The system of claim 14 , wherein the first encryption key is a file encryption key.
16 . The system of claim 14 , wherein the SHA-1 encryption algorithm is used to perform a hash of the first encryption key.
17 . The system of claim 14 , wherein the first intermediate result is truncated to an encryption key size.
18 . The system of claim 14 , wherein the function of a block offset is a linear feedback shift register.
19 . The system of claim 18 , wherein the block offset is the seed for the linear feedback shift register.
20 . The system of claim 14 , wherein generating an initialization vector for encryption is performed for each block of data.
21 . The system of claim 14 , wherein the initialization vector is used to encrypt each block of data.
22 . A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to perform steps comprising:
creating a second set of backup keys; associating new file encryption keys with the second set of backup keys; and encrypting the second set of backup keys with a new password.
23 . The non-transitory computer-readable storage medium of claim 22 , wherein a first set of backup keys exists prior to receiving a new password from a user.
24 . The non-transitory computer-readable storage medium of claim 22 , wherein the new file encryption keys are generated when new files are created.
25 . A method of generating an encryption key, the method comprising:
creating a file and a file encryption key, wherein the file belongs to one of a set of protection classes; encrypting the file encryption key with a device encryption key; generating an asymmetric key pair; generating a wrapping encryption key based on the asymmetric key pair; and encrypting the file encryption key with the wrapping encryption key.Join the waitlist — get patent alerts
Track US2013034229A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.