Patent Application
20110154050
The present invention relates to cryptography systems, and in particular, to systems and methods for selectively providing cryptographic capabilities based on the location of a mobile cryptographic device.
In order to protect confidential, sensitive and/or proprietary information, organizations, such as businesses, often store such information on their networks in an encrypted format. In addition, access to such information is sometimes restricted to particular secure locations, such as one or more secure buildings. In order for authorized individuals, such as employees, to gain access to such information, it will be necessary for the individuals to decrypt the encrypted information using an appropriate cryptographic key or keys and cryptographic algorithm. Typically this is done using a computer terminal (located in the secure location) that is provided with access to the network and appropriate required cyrptographic capabilities so that the encrypted data can be decrypted. The individual must also typically authenticate themselves to the computer terminal before access in this manner will be granted. Also, the computer terminal may be used to encrypt data to protect its privacy prior to being stored and/or securely transmitted to an authorized party.
Individuals are becoming more and more mobile in their daily activities, even within a secure location as described above. Such individuals use and depend on mobile computing devices such as notebook computers and handheld electronic devices such as PDA and smart phones. Such individuals would like to be able to use a mobile device to gain access to confidential, sensitive and/or proprietary information that is stored in an encrypted manner while they are located within the secure location. The organizations to which the information belongs, however, do not want authorized individuals to be able to use such mobile devices to access the information outside of the secure location in order to protect the privacy and security of the information. In addition, organizations may not want individuals to have the ability to encrypt data, especially using certain higher levels of “strong” cryptography, outside of the secure location. Thus, there is a need for a mobile device and system that will enable authorized individuals to gain access to confidential, sensitive and/or proprietary information that is stored in an encrypted manner and/or encrypt data (e.g., using “strong” cryptography), but only while they are located within a certain defined location, such as a secure location as described above.
In one embodiment, a method of providing cryptographic functionality is provided that includes receiving a request to perform a cryptographic operation in a mobile electronic device, determining whether the cryptographic operation is permitted to be performed by the mobile electronic device based on the current location of the mobile electronic device, and performing the cryptographic operation in the mobile electronic device only if it is determined that the cryptographic operation is permitted. The method may include determining the current location in the mobile electronic device using, for example, GPS, triangulation by multiple mobile phone towers, or any other suitable method. In another embodiment, the step of determining whether the cryptographic operation is permitted to be performed by the mobile electronic device based on the current location of the mobile electronic device includes determining a round trip communications time between the mobile electronic device and an encryption controller device and determining that the cryptographic operation is permitted to be performed only if the round trip communications time is less than or equal to a threshold level.
In one particular embodiment, the requested cryptographic operation is based on a certain level of cryptography having a certain strength, and if it is determined that the cryptographic operation is not permitted, the method further includes performing an alternative cryptographic operation based on an alternative level of cryptography having an alternative strength that is less than the certain strength.
In another embodiment, a mobile electronic device providing cryptographic functionality is provided that includes a processing unit, a location determining module (e.g., a GPS receiver or a mobile phone receiver/transmitter module) operatively coupled to the processing unit that is structured to determine the current location of the mobile electronic device, and a cryptographic module. The processing unit is adapted to receive a request to perform a cryptographic operation and determine whether the cryptographic operation is permitted to be performed based on the current location. The cryptographic module will perform the cryptographic operation only if it is determined that the cryptographic operation is permitted.
In another embodiment, a system for providing cryptographic functionality is provided that includes an encryption controller device operatively coupled to a network and a mobile cryptography device operatively coupled to a network. The mobile cryptography device includes a cryptographic module and a processing unit, wherein the processing unit is adapted to receive a request to perform a cryptographic operation, determine a round trip communications time between the mobile cryptography device and the encryption controller device through the network, and determine that the cryptographic operation is permitted to be performed only if the round trip communications time is less than or equal to a threshold level, and wherein the cryptographic module will perform the cryptographic operation only if it is determined that the cryptographic operation is permitted.
Therefore, it should now be apparent that the invention substantially achieves all the above aspects and advantages. Additional aspects and advantages of the invention will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by practice of the invention. Moreover, the aspects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
The accompanying drawings illustrate presently preferred embodiments of the invention, and together with the general description given above and the detailed description given below, serve to explain the principles of the invention. As shown throughout the drawings, like reference numerals designate like or corresponding parts.
Directional phrases used herein, such as, for example and without limitation, top, bottom, left, right, upper, lower, front, back, and derivatives thereof, relate to the orientation of the elements shown in the drawings and are not limiting upon the claims unless expressly recited therein. As employed, herein, the statement that two or more parts or components are “coupled” together shall mean that the parts are joined or operate together either directly or through one or more intermediate parts or components. As employed herein, the statement that two or more parts or components “engage” one another shall mean that the parts exert a force against one another either directly or through one or more intermediate parts or components. As employed herein, the term “number” shall mean one or an integer greater than one (i.e., a plurality).
As seen in
As also described in greater detail herein, the mobile electronic device 2 is adapted to selectively provide certain predetermined cryptographic capabilities based on the current physical location the mobile electronic device 2 that may be determined from any of a number of different sources. In the particular, non-limiting embodiment shown in
Referring again to
The mobile electronic device 2 also further includes a number of I/O devices 18 for inputting information into the mobile electronic device 2 and/or outputting information from the mobile electronic device 2. For example, the I/O devices 18 may include, without limitation, a keyboard or touchscreen for manually inputting information into the mobile electronic device 2, a scanner for scanning data such as documents and creating an image thereof which may later be processed by the processing unit 12 using, for example, optical character recognition (OCR) software, a wireless communications element, such as an RF transceiver or an infrared transceiver, for wirelessly receiving data from an external source such as another electronic device, or a wired connection port, such, without limitation, a USB connection, for receiving data from another source, such as another external electronic device, via a wired connection. The I/O devices 18 may further include a mechanism for receiving biometric information of a user, such as a fingerprint reading device for scanning fingerprints, a retinal scanning device for generating a retinal scan, or a digital camera for capturing an image of the face of the user. The particular types of I/O devices 18 just described are meant to be exemplary, and it should be understood that other types of I/O devices 18 are also possible.
The mobile electronic device 2 includes a battery 20 for providing power to the components of the mobile electronic device 2 described above. Preferably, the battery 20 is a rechargeable battery such as, without limitation, a rechargeable lithium ion battery. Finally, a real time clock 22 is coupled to the processing unit 12.
Furthermore, in accordance with an aspect of the present invention, in the exemplary embodiment, the non-volatile storage 16 stores information (e.g., in a table form) that, for each cryptographic key and/or algorithm that is available in the cryptographic coprocessor 8, the location or locations (e.g., in the form of GPS or similar coordinates) where that cryptographic key and/or algorithm will be available for use. For example, for a particular cryptographic key and/or algorithm, such as a strong cryptographic key and/or algorithm, the location information stored therewith may define the boundaries of a particular secure building or buildings. As a result, and as described in greater detail below, that particular cryptographic key and/or algorithm will only be able to be used if the determined location of the mobile electronic device is determined to be within the prescribed location (e.g., within the boundaries of a particular secure building or buildings).
If, however, the answer at step 34 is no, then optionally at step 38, the cryptographic coprocessor 8 can determine if an alternative cryptographic operation can be performed. For example, the cryptographic coprocessor 8 may perform the requested operation (e.g., encrypting certain data or creating a certain digital signature) using a lower level/strength of cryptography (e.g., using a smaller or partially known key (smaller bit strength) or a different cryptography algorithm). In one particular embodiment, multiple levels of cryptography may be available using the cryptographic coprocessor 8, and if the answer at step 38 is yes, then in step 40 the cryptographic coprocessor 8 may perform the requested operation (e.g., encrypting certain data or creating a certain digital signature) using the alternative cryptographic operation, e.g., the highest level of cryptography that is permitted, based on the determined location. For example, in this particular embodiment, the cryptographic coprocessor 8 may store a table that correlates determined location with maximum allowable cryptographic bit strengths so that the highest level of permitted cryptography may be provided based on determined location. Such a table may be securely updated on an as needed basis. In addition, use restrictions may be placed on the mobile electronic device 2 that require that it be connected back with a secure management infrastructure on a periodic basis in order to ensure that the data in the table is kept up to date. The processing unit 12 may be programmed such that if the mobile electronic device 2 does not communicate with the secure management infrastructure within an allotted time, the processing unit 12 will disable the mobile electronic device 2 until it communicates with the secure management infrastructure. If the answer in 38 is no, then in step 42 an error message is provided to the user (through one of the I/O devices 18 such as a display) indicating that the requested operation cannot be performed. As noted above, the processing performed in step 38 may be optional, and instead if the answer in step 34 is no, the processing may proceed directly to step 42 without determining if an alternative cryptographic operation can be performed.
In another alternative embodiment, if the answer at step 34 or 38 is no, then instead of merely providing an error message to the user in step 42, encryption functionality using the mobile electronic device 2 may be permanently disabled (until reset by a trusted secure management infrastructure).
The system 50 further includes a mobile cryptography device 56 that is similar in construction to the mobile electronic device 2 shown in
At step 64, the mobile cryptography device 56 then determines the round trip communication time for the authenticated communications exchange just described (i.e., the elapsed time between transmission of the first message and receipt of the second message). Next, at step 66, the mobile cryptography device 56 determines whether the requested particular cryptographic operation can be performed based on the determined round trip communication time. In particular, the mobile cryptography device 56 will compare the determined round trip communication time to a stored, predetermined threshold time. If the determined round trip communication time is less than or equal to the threshold time, the requested particular cryptographic operation will be permitted. If, however, the determined round trip communication time is greater than the threshold time, the requested particular cryptographic operation will not be permitted. The stored, predetermined threshold time in this embodiment is a round trip communications time that indicates a certain physical distance from the encryption controller device 52 of a device that is communicating with it. That physical distance is, in this embodiment, the outside boundary (based on the location of the encryption controller device 52) for which the requested particular cryptographic operation will be permitted. For instance, in an exemplary embodiment, each microsecond of transit time may be considered to correspond to 30 miles of distance. Thus, the physical location of the encryption controller device 52 is determined in advance to establish this boundary. If the round trip communication time determined in step 64 is greater than the threshold time, this indicates that the mobile cryptography device 56 is outside the boundary and the requested particular cryptographic operation will not be permitted. On the other hand, if the round trip communication time determined in step 64 is less than or equal to the threshold time, that indicates that the mobile cryptography device 56 is at or inside the boundary and the requested particular cryptographic operation will be permitted.
As seen in
In another alternative embodiment, if the answer at step 66 or 70 is no, then instead of merely providing an error message to the user in step 74, encryption functionality using the mobile cryptography device 56 may be permanently disabled (until reset by a trusted secure management infrastructure).
In another alternative embodiment, the encryption controller device 52 can determine the location of the mobile cryptography device 56 based on the round trip communications time. If the determined round trip communication time is less than the predetermined threshold, the encryption controller device 52 can provide information required by the mobile cryptography device 56 to perform the requested cryptographic operation. For example, a cryptographic key required by the mobile cryptography device 56 could be split into two parts, with a first part being maintained by the mobile cryptography device 56 and a second part being maintained by the encryption controller device 52. Upon determining that the mobile cryptography device 56 is authorized to perform the requested cryptographic operation, the encryption controller device 52 will send the second part of the cryptographic key to the mobile cryptography device 56. Thus, if the mobile cryptography device 56 is not permitted to perform the requested operation, it will not have the information necessary to perform such operation.
While preferred embodiments of the invention have been described and illustrated above, it should be understood that these are exemplary of the invention and are not to be considered as limiting. Additions, deletions, substitutions, and other modifications can be made without departing from the spirit or scope of the present invention. For example, and without limitation, while the invention has been described herein in connection with limiting cryptographic functionality based on location within a specific secure location such as a building or buildings, it may also be used as an export compliant security device. In particular, in such an implementation, certain cryptographic functionality will only be enabled if the location of the device is determined to be within a particular country or countries. Put another way, certain cryptographic functionality (e.g., strong cryptographic functionality) will be disabled once the device is determined to have left certain predetermined countries such as the United States or has entered a country subject to export control. Accordingly, the invention is not to be considered as limited by the foregoing description but is only limited by the scope of the appended claims.
