US2017163613A1PendingUtilityA1
Protecting sensitive information using a trusted device
Est. expiryNov 11, 2033(~7.3 yrs left)· nominal 20-yr term from priority
H04L 63/0435H04L 63/166H04L 9/14H04L 63/0853H04L 63/0428G06F 21/34H04L 9/321H04L 63/0442H04L 63/061H04L 63/168H04L 63/083
47
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
The invention relates to the information processing field, and discloses a method for protecting sensitive information, comprising: encrypting sensitive information with a first secret key; transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
Claims
exact text as granted — not AI-modified1 . A method for protecting sensitive information, the method comprising:
encrypting sensitive information with a first secret key; transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
2 . The method according to claim 1 , further comprising:
receiving the sensitive information input by a user.
3 . The method according to claim 2 , further comprising:
receiving first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and generating second information based on the first information and the sensitive information; wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
4 . The method according to claim 1 , further comprising:
establishing a connection with the server; wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
5 . The method according to claim 1 , further comprising:
receiving a public key of the server transmitted by the untrusted device; wherein the first secret key includes the public key of the server.
6 . The method according to claim 1 , wherein the untrusted device does not know the first secret key.
7 . The method according to claim 1 , wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.
8 . A trusted device for protecting sensitive information, the trusted device comprising one or more hardware processors configured to execute the following program instructions:
program instructions programmed to encrypt sensitive information with a first secret key; program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device; program instructions programmed to decrypt the authentication identification; and program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
9 . The trusted device according to claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive the sensitive information input by a user.
10 . The trusted device according to claim 9 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and program instructions programmed to generate second information based on the first information and the sensitive information; wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
11 . The trusted device according to claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to establish a connection with the server; wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
12 . The trusted device according to claim 8 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive a public key of the server transmitted by the untrusted device; wherein the first secret key includes the public key of the server.
13 . The trusted device according to claim 8 , wherein the untrusted device does not know the first secret key.
14 . The trusted device according to claim 8 , wherein the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.
15 . A computer system for protecting sensitive information, the computer system comprising:
an untrusted device; and a trusted device; wherein the trusted device comprises one or more hardware processors configured to execute the following program instructions:
program instructions programmed to encrypt sensitive information with a first secret key;
program instructions programmed to transmit the encrypted sensitive information to an untrusted device for forwarding to a server for authentication;
program instructions programmed to receive an authentication identification originated from the server and forwarded by the untrusted device;
program instructions programmed to decrypt the authentication identification; and
program instructions programmed to transmit the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server.
16 . The computer system according to claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive the sensitive information input by a user.
17 . The computer system according to claim 16 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive first information transmitted by the untrusted device, where the first information enables the sensitive information to be transmitted to the server via the untrusted device; and program instructions programmed to generate second information based on the first information and the sensitive information; wherein encrypting the sensitive information with the first secret key includes encrypting the sensitive information in the second information with the first secret key, and wherein transmitting the encrypted sensitive information to the untrusted device includes transmitting the second information containing the encrypted sensitive information to the untrusted device.
18 . The computer system according to claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to establish a connection with the server; wherein the first secret key includes a secret key of a symmetric encryption algorithm determined during the process of establishing the connection with the server.
19 . The computer system according to claim 15 , wherein the one or more hardware processors are further configured to execute the following program instructions:
program instructions programmed to receive a public key of the server transmitted by the untrusted device; wherein the first secret key includes the public key of the server.
20 . The computer system according to claim 15 , wherein the first secret key meets one of the following: the untrusted device does not know the first secret key, and the untrusted device knows the first secret key but is unable to use the first secret key to decrypt the encrypted sensitive information.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.