发明名称 |
System and method for wireless data protection |
摘要 |
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change. |
申请公布号 |
US9401898(B2) |
申请公布日期 |
2016.07.26 |
申请号 |
US201514874360 |
申请日期 |
2015.10.02 |
申请人 |
Apple Inc. |
发明人 |
Sauerwald Conrad;Bhavsar Vrajesh Rajesh;McNeil Kenneth Buffalo;Duffy Thomas Brogan;Brouwer Michael Lambertus Hubertus;Byom Matthew John;Adler Mitchell David;Tamura Eric Brandon |
分类号 |
H04L9/00;H04L29/06;H04L9/08;G06F11/14;H04W12/04;H04W12/08 |
主分类号 |
H04L9/00 |
代理机构 |
Blakely, Sokoloff, Taylor & Zafman LLP |
代理人 |
Blakely, Sokoloff, Taylor & Zafman LLP |
主权项 |
1. A method comprising:
generating, by a processor on a primary device, an initialization vector for a cryptographic operation, the generating comprising:
performing a hash of a file key to yield a first intermediate result;truncating the first intermediate result to yield a second intermediate result;generating a third intermediate result utilizing a function of a block offset; andencrypting the third intermediate result with the second intermediate result to yield the initialization vector; encrypting, by the processor, a file using the initialization vector to yield an encrypted file that is stored on the primary device, the file being associated with a protection class defining an access level for the file; encrypting, by the processor, the file key using a class encryption key to yield an encrypted file key that is stored on the primary device, the class encryption key selected based on the protection class for the file; encrypting, by the processor, the file key using a public key associated with a set of backup keys to yield a second encrypted file key, the set of back keys comprising a private key corresponding to the public key; and transmitting the encrypted file and the second encrypted file key to a backup device. |
地址 |
Cupertino CA US |