US2013034229A1PendingUtilityA1

System and method for wireless data protection

Assignee: APPLE INCPriority: Aug 5, 2011Filed: Aug 5, 2011Published: Feb 7, 2013
Est. expiryAug 5, 2031(~5 yrs left)· nominal 20-yr term from priority
H04L 63/061G06F 11/1458H04L 63/0435H04L 9/0825H04L 9/0863G06F 11/1464H04L 9/0822H04L 63/0428H04W 12/08H04L 2463/062H04L 9/0894H04L 9/0637H04W 12/041
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 encrypting a file with a file key to yield an encrypted file;   encrypting the file key with a class encryption key to yield an encrypted file key;   encrypting the file key with a public key associated with a set of backup keys to yield a second encrypted file key; and   transmitting the encrypted file and the second encrypted file key to a backup device.   
     
     
         2 . The method of  claim 1 , wherein the class encryption key is associated with a set of files, wherein the set of files has at least one similar attribute. 
     
     
         3 . The method of  claim 1 , wherein the file key is randomly generated. 
     
     
         4 . A method comprising:
 receiving an encrypted file and an encrypted file key at a backup device;   associating the encrypted file key with a set of backup keys;   encrypting the set of backup keys with a backup key set key to yield an encrypted set of backup keys; and   storing the encrypted file, the encrypted file key and the set of encrypted backup keys on the backup device.   
     
     
         5 . The method of  claim 4 , wherein the backup key set key is randomly generated by a primary device. 
     
     
         6 . The method of  claim 5 , wherein a backup device escrows the backup key set key. 
     
     
         7 . The method of  claim 6 , wherein the backup device protects the backup key set key with a user password. 
     
     
         8 . The method of  claim 7 , wherein the user password is the same as a user account password. 
     
     
         9 . The method of  claim 4 , wherein the backup key set key is recoverable by a service provider. 
     
     
         10 . The method of  claim 4 , wherein the backup key set key is not recoverable by a service provider. 
     
     
         11 . The method of  claim 4 , wherein the backup key set key is derived from a user password. 
     
     
         12 . The method of  claim 11 , wherein the user password is a separate backup password. 
     
     
         13 . A method comprising:
 transmitting encrypted file data, an encrypted file key and a set of encrypted backup keys, from the backup device to the primary device, wherein the set of encrypted backup keys is generated according to steps comprising:
 receiving an encrypted file and an encrypted file key at a backup device; 
 associating the encrypted file key with a set of backup keys; and 
 encrypting the set of backup keys with a backup key set key to yield an encrypted set of backup keys. 
   
     
     
         14 . A system comprising:
 a processor;   a memory storing instructions for controlling the processor to perform steps comprising:
 performing a hash of a first encryption key to yield a first intermediate result; 
 truncating the first intermediate result to yield a second intermediate result; 
 generating a third intermediate result utilizing a function of a block offset; and 
 encrypting the third intermediate result with the second intermediate result to yield an initialization vector, for use in a cryptographic operation. 
   
     
     
         15 . The system of  claim 14 , wherein the first encryption key is a file encryption key. 
     
     
         16 . The system of  claim 14 , wherein the SHA-1 encryption algorithm is used to perform a hash of the first encryption key. 
     
     
         17 . The system of  claim 14 , wherein the first intermediate result is truncated to an encryption key size. 
     
     
         18 . The system of  claim 14 , wherein the function of a block offset is a linear feedback shift register. 
     
     
         19 . The system of  claim 18 , wherein the block offset is the seed for the linear feedback shift register. 
     
     
         20 . The system of  claim 14 , wherein generating an initialization vector for encryption is performed for each block of data. 
     
     
         21 . The system of  claim 14 , wherein the initialization vector is used to encrypt each block of data. 
     
     
         22 . A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to perform steps comprising:
 creating a second set of backup keys;   associating new file encryption keys with the second set of backup keys; and   encrypting the second set of backup keys with a new password.   
     
     
         23 . The non-transitory computer-readable storage medium of  claim 22 , wherein a first set of backup keys exists prior to receiving a new password from a user. 
     
     
         24 . The non-transitory computer-readable storage medium of  claim 22 , wherein the new file encryption keys are generated when new files are created. 
     
     
         25 . A method of generating an encryption key, the method comprising:
 creating a file and a file encryption key, wherein the file belongs to one of a set of protection classes;   encrypting the file encryption key with a device encryption key;   generating an asymmetric key pair;   generating a wrapping encryption key based on the asymmetric key pair; and   encrypting the file encryption key with the wrapping encryption key.

Join the waitlist — get patent alerts

Track US2013034229A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.