US 9,813,389 B2
System and method for wireless data protection
Conrad Sauerwald, Mountain View, CA (US); Vrajesh Rajesh Bhavsar, Sunnyvale, CA (US); Kenneth Buffalo McNeil, San Jose, CA (US); Thomas Brogan Duffy, Jr., San Francisco, CA (US); Michael Lambertus Hubertus Brouwer, San Jose, CA (US); Matthew John Byom, San Jose, CA (US); Mitchell David Adler, Cupertino, CA (US); and Eric Brandon Tamura, Sunnyvale, CA (US)
Assigned to Apple Inc., Cupertino, CA (US)
Filed by Apple Inc., Cupertino, CA (US)
Filed on Jul. 22, 2016, as Appl. No. 15/217,674.
Application 14/874,360 is a division of application No. 13/204,171, filed on Aug. 5, 2011, abandoned.
Application 15/217,674 is a continuation of application No. 14/874,360, filed on Oct. 2, 2015, granted, now 9,401,898.
Prior Publication US 2017/0019383 A1, Jan. 19, 2017
Int. Cl. H04L 9/00 (2006.01); H04L 29/06 (2006.01); H04L 9/08 (2006.01); G06F 11/14 (2006.01); H04W 12/04 (2009.01); H04L 9/06 (2006.01); H04W 12/08 (2009.01)
CPC H04L 63/0428 (2013.01) [G06F 11/1458 (2013.01); G06F 11/1464 (2013.01); H04L 9/0637 (2013.01); H04L 9/0822 (2013.01); H04L 9/0825 (2013.01); H04L 9/0863 (2013.01); H04L 9/0894 (2013.01); H04L 63/0435 (2013.01); H04L 63/061 (2013.01); H04W 12/04 (2013.01); H04L 2463/062 (2013.01); H04W 12/08 (2013.01)] 18 Claims
OG exemplary drawing
 
13. A system comprising:
a primary device having at least one processor coupled to a memory through a bus; and
executable instructions stored in the memory to cause the at least one processor to
encrypt a file with a file key to create an encrypted file that is stored on the primary device, the file being associated with a particular protection class defining an access level for the file;
encrypt the file key twice by
encrypting the file key with a device key to create a first encrypted file key that is stored on the primary device;
generating a public/private key pair for the particular protection class, wherein the public/private key pair is valid during a session between unlocking and locking the primary device;
deriving a wrapping key for the particular protection class from the public/private key pair for the particular protection class and a backup keyset key, wherein the backup keyset key encrypts a set of backup keys stored on a backup device; and
encrypting the file key with the wrapping key to create a second encrypted file key to be stored on the backup device; and
transmit the encrypted file and the second encrypted file key to the backup device.