PROTECTING CRYPTOGRAPHIC SECRETS USING FILE SYSTEM ATTRIBUTES

摘要

Techniques are disclosed for protecting cryptographic secrets stored locally in a device, such as a mobile phone. A client device creates or downloads a shared secret to be used in a server transaction. To protect this shared secret locally, the client device encrypts the shared secret using a key generated a file system attributes value, along with other sources of entropy. The file system attributes value may correspond to the inode of a file in a UNIX-based file system. Thereafter, when the shared secret is required for logical computation, the client device reconstructs the key using the file system attributes value and the other previous sources of entropy. The client device may use the key to decrypt the information and use the shared secret for its required purpose, e.g., in generating a one-time password for a login session.

主权项

1. A method for protecting a shared secret, the method comprising:
generating, by operation of a processor, a key based on a file system attribute of a file stored in a file system of a computing device, wherein the file system attribute of the file is distinct relative to files stored in the file system of the computing device; encrypting the shared secret with the key; and storing the encrypted shared secret in a storage memory on the computing device.