| 发明名称 | System and method for wireless data protection | ||
| 摘要 | Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change. | ||
| 申请公布号 | US9401898(B2) | 申请公布日期 | 2016.07.26 |
| 申请号 | US201514874360 | 申请日期 | 2015.10.02 |
| 申请人 | Apple Inc. | 发明人 | Sauerwald Conrad;Bhavsar Vrajesh Rajesh;McNeil Kenneth Buffalo;Duffy Thomas Brogan;Brouwer Michael Lambertus Hubertus;Byom Matthew John;Adler Mitchell David;Tamura Eric Brandon |
| 分类号 | H04L9/00;H04L29/06;H04L9/08;G06F11/14;H04W12/04;H04W12/08 | 主分类号 | H04L9/00 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A method comprising: generating, by a processor on a primary device, an initialization vector for a cryptographic operation, the generating comprising: performing a hash of a file key to yield a first intermediate result;truncating the first intermediate result to yield a second intermediate result;generating a third intermediate result utilizing a function of a block offset; andencrypting the third intermediate result with the second intermediate result to yield the initialization vector; encrypting, by the processor, a file using the initialization vector to yield an encrypted file that is stored on the primary device, the file being associated with a protection class defining an access level for the file; encrypting, by the processor, the file key using a class encryption key to yield an encrypted file key that is stored on the primary device, the class encryption key selected based on the protection class for the file; encrypting, by the processor, the file key using a public key associated with a set of backup keys to yield a second encrypted file key, the set of back keys comprising a private key corresponding to the public key; and transmitting the encrypted file and the second encrypted file key to a backup device. | ||
| 地址 | Cupertino CA US | ||