As mobile devices become more prevalent, it has become increasingly important to protect sensitive information stored on these devices. Many mobile devices can be configured to operate in a locked mode in which most or all of the applications and data on the mobile device are inaccessible through the user interface. Typically, a mobile device can be configured to enter locked mode automatically after a designated period of inactivity and/or by a manual prompt from the user. The mobile device can then only be unlocked using a secret password known only to the user.
However, even when a mobile device is locked, the data stored on the device may still be accessible by an interloper by physically extracting the relevant hardware from the device and using a separate computer to retrieve the data stored on the hardware. To address this problem, some mobile devices can be configured to encrypt the data stored on the device, so that even if the interloper is able to retrieve the data from the locked mobile device, the interloper will not be able to decrypt the data.
In such applications, the data on the device is typically encrypted using a content protection key. For example, the content protection key can be a symmetric key stored on the device and used to encrypt and decrypt data on the device. When the device enters locked mode, a temporary symmetric key is generated from the user's password and is used to encrypt the content protection key. The temporary key is then destroyed. Therefore, an interloper is unable to decrypt encrypted data extracted from the device unless the interloper can first decrypt the content protection key. However, decrypting the content protection key requires the temporary symmetric key, which is directly derived from the user's password and can therefore only be created by the user supplying his password.
On some mobile devices, an asymmetric private/public key pair is used to protect data received by the mobile device while the mobile device is locked. Specifically, a public key is used to encrypt the received data, which can be subsequently decrypted using the corresponding private key. In mobile devices having this functionality, the private key is also encrypted using the temporary symmetric key generated from the user's password, thereby also preventing an interloper from decrypting the received data encrypted using the public key.
The security of the above techniques depends on the secrecy of the user's password. If the user divulges the password to the interloper (by force or by accident), or if the user is forced by the interloper to input his password, the interloper will be able to access the sensitive information on the device, even if it is encrypted using the techniques explained above.
It is desired to provide enhanced protection of sensitive information stored on a mobile device.