| 发明名称 | System, method and apparatus for cryptography key management for mobile devices | ||
| 摘要 | A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device. | ||
| 申请公布号 | US9425958(B2) | 申请公布日期 | 2016.08.23 |
| 申请号 | US200511996588 | 申请日期 | 2005.08.05 |
| 申请人 | Hewlett Packard Enterprise Development LP | 发明人 | Vennelakanti Ravigopal;Fernandes Savio |
| 分类号 | H04L29/06;H04L9/08;H04L9/32;H04W12/06;H04W12/04 | 主分类号 | H04L29/06 |
| 代理机构 | Hewlett Packard Enterprise Patent Department | 代理人 | Hewlett Packard Enterprise Patent Department |
| 主权项 | 1. A method comprising binding encryption and decryption keys using a unique user identifier (UID), a unique device identifier (UDID), and a user password (Pswd) to a client mobile device in an enterprise cryptography key management system, wherein binding the encryption and decryption keys comprises: requesting the UDID from the client mobile device by the cryptography key management system; receiving a hashed unique device identifier H(UDID) encrypted by the Pswd by the cryptography key management system from a key management application module included on the client mobile device; and associating the H(UDID) with the user account, comprising: decrypting the encrypted H(UDID) by the cryptography key management system using the Pswd;if decryption fails, then terminating communication with the client mobile device; andif the decryption is successful, then validating integrity of the decrypted H(UDID) by comparing the H(UDID) sent by the key management application module with other H(UDID)s in the cryptography key management system to ensure that the H(UDID) is unique for the client mobile device; and registering a cryptography/data recovery key for the associated client mobile device with the enterprise using the cryptography/data recovery key, the UID, the H(UDID), and a unique key identifier (KeyID), wherein registering the cryptography/data recovery key for the associated client mobile device with the enterprise comprises, upon validating that the H(UDID) exists for the UID: storing the data recovery key and the KeyID associated with the UDID by the cryptography key management system,encrypting the KeyID using a symmetric cryptography key derived from the Pswd to obtain a password-encrypted KeyID and sending the password-encrypted KeyID to the key management application module by the cryptography key management system, anddecrypting the password-encrypted KeyID using a symmetric cryptography key derived from the password to obtain the KeyID and storing the obtained KeyID by the key management application module. | ||
| 地址 | Houston TX US | ||