US2017163613A1PendingUtilityA1

Protecting sensitive information using a trusted device

47
Assignee: IBMPriority: Nov 11, 2013Filed: Feb 21, 2017Published: Jun 8, 2017
Est. expiryNov 11, 2033(~7.3 yrs left)· nominal 20-yr term from priority
H04L 63/0435H04L 63/166H04L 9/14H04L 63/0853H04L 63/0428G06F 21/34H04L 9/321H04L 63/0442H04L 63/061H04L 63/168H04L 63/083
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The invention relates to the information processing field, and discloses a method for protecting sensitive information, comprising: encrypting sensitive information with a first secret key; transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.

Claims

exact text as granted — not AI-modified
1 . A method for protecting sensitive information, the method comprising:
 encrypting sensitive information with a first secret key;   transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;   receiving an authentication identification originated from the server and forwarded by the untrusted device;   decrypting the authentication identification; and   transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.   
     
     
         2 . The method according to  claim 1 , further comprising:
 receiving the sensitive information input by a user.   
     
     
         3 . The method according to  claim 2 , further comprising:
 receiving first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and   generating second information based on the first information and the sensitive information;   wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and   wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.   
     
     
         4 . The method according to  claim 1 , further comprising:
 establishing a connection with the server;   wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.   
     
     
         5 . The method according to  claim 1 , further comprising:
 receiving a public key of the server transmitted by the untrusted device;   wherein the first secret key includes the public key of the server.   
     
     
         6 . The method according to  claim 1 , wherein the untrusted device does not know the first secret key. 
     
     
         7 . The method according to  claim 1 , wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information. 
     
     
         8 . A trusted device for protecting sensitive information, the trusted device comprising one or more hardware processors configured to execute the following program instructions:
 program instructions programmed to encrypt sensitive information with a first secret key;   program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;   program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;   program instructions programmed to decrypt the authentication identification; and   program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.   
     
     
         9 . The trusted device according to  claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive the sensitive information input by a user.   
     
     
         10 . The trusted device according to  claim 9 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and   program instructions programmed to generate second information based on the first information and the sensitive information;   wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and   wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.   
     
     
         11 . The trusted device according to  claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to establish a connection with the server;   wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.   
     
     
         12 . The trusted device according to  claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive a public key of the server transmitted by the untrusted device;   wherein the first secret key includes the public key of the server.   
     
     
         13 . The trusted device according to  claim 8 , wherein the untrusted device does not know the first secret key. 
     
     
         14 . The trusted device according to  claim 8 , wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information. 
     
     
         15 . A computer system for protecting sensitive information, the computer system comprising:
 an untrusted device; and   a trusted device;   wherein the trusted device comprises one or more hardware processors configured to execute the following program instructions:
 program instructions programmed to encrypt sensitive information with a first secret key; 
 program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; 
 program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device; 
 program instructions programmed to decrypt the authentication identification; and 
 program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server. 
   
     
     
         16 . The computer system according to  claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive the sensitive information input by a user.   
     
     
         17 . The computer system according to  claim 16 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and   program instructions programmed to generate second information based on the first information and the sensitive information;   wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and   wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.   
     
     
         18 . The computer system according to  claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to establish a connection with the server;   wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.   
     
     
         19 . The computer system according to  claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
 program instructions programmed to receive a public key of the server transmitted by the untrusted device;   wherein the first secret key includes the public key of the server.   
     
     
         20 . The computer system according to  claim 15 , wherein the first secret key meets one of the following: the untrusted device does not know the first secret key, and the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.