公开(公告)号：US20160255061A1

公开(公告)日：2016-09-01

申请号：US14855078

申请日：2015-09-15

Applicant: Samsung Electronics Co., Ltd.

Inventor： Abdul Syed-Ebrahim ,  Peng Ning ,  SJ Oh ,  Hyunchul Woo ,  Sang-Hyup Cho ,  Roy Heeseung Yoo

IPC: H04L29/06

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract translation: 一种用于数据安全并入设备状态的方法和装置。 该方法包括使用非对称主密钥对的公共密钥对电子设备处于锁定状态时对写入电子设备的敏感数据进行加密。 该方法还包括响应于检测到电子设备进入解锁状态，使用对称主密钥将敏感数据的非对称加密转换为敏感数据的对称加密。 敏感数据的加密可以包括使用数据加密密钥（DEK）对敏感数据进行加密，并使用公开密钥来加密DEK。 将敏感数据的非对称加密转换为对称加密可以包括使用非对称主密钥对的私钥对加密的DEK进行解密，并使用对称主密钥对DEK进行重新加密，而不对敏感数据进行解密和重新加密。

公开(公告)号：US10735385B2

公开(公告)日：2020-08-04

申请号：US14855078

申请日：2015-09-15

Applicant: Samsung Electronics Co., Ltd.

Inventor： Abdul Syed-Ebrahim ,  Peng Ning ,  SJ Oh ,  Hyunchul Woo ,  Sang-Hyup Cho ,  Roy Heeseung Yoo

IPC: H04L29/06 ,  H04W12/06

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.