Search

EP-4740365-A2 - SYSTEM AND METHOD FOR HANDLING SECURE DATA FOR AT LEAST ONE USER EQUIPMENT

EP4740365A2EP 4740365 A2EP4740365 A2EP 4740365A2EP-4740365-A2

Abstract

The present disclosure relates to a system (125) and a method (500) for handling secure data for at least one User Equipment (UE) (105). The system (125) includes a transceiver (220) configured to receive a request from one or more applications hosted by the UE (105). The request includes an authentication information. The system (125) further includes a validation module (225) configured to determine validity of the received authentication information. The system (125) further includes an encryption module (230) configured to encrypt the data pertaining to the request. The data is retrieved from a database (240) in response to the authentication information being valid. Further, the system (125) includes the transceiver (220) configured to transmit the encrypted data to the UE (105). The encrypted data is decrypted by the UE (105).

Inventors

  • BHATNAGAR, AAYUSH
  • BISHT, SANDEEP
  • MISHRA, RAHUL
  • SINHA, ANURAG
  • PANDEY, PRASHANT KUMAR
  • Solanki, Mehul M
  • Chillapalli, Jyothi Durga Prasad

Assignees

  • Jio Platforms Limited

Dates

Publication Date
20260513
Application Date
20240702

Claims (16)

  1. 1. A method (500) of handling secure data for at least one User Equipment (UE) (105), the method (500) comprises the steps of: receiving (505), by a processor (205), a request from one or more applications hosted by the UE (105), wherein the request includes an authentication information; determining (510), by the processor (205), validity of the received authentication information; encrypting (515), by the processor (205), the data pertaining to the request, wherein the data is retrieved from a database (240) in response to the authentication information being valid; and transmitting (520), by the processor (205), the encrypted data to the UE (105), wherein the encrypted data is decrypted by the UE (105).
  2. 2. The method (500) as claimed in claim 1, wherein the request includes authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105).
  3. 3. The method (500) as claimed in claim 1, wherein the request is discarded if the authentication information is determined as invalid.
  4. 4. The method (500) as claimed in claim 1, wherein the database (240) is configured to store encrypted data therein and allow the UE (105) to access the encrypted data via the processor (205).
  5. 5. The method (500) as claimed in claim 1, wherein the data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes.
  6. 6. The method (500) as claimed in claim 1, wherein the processor (205) is further configured to perform the steps of: revoking, access to the secure data for the UE (105); re-issuing, access to the secure data for the UE (105); extending, subscription to the secure data for the UE (105); allocating, access to the secure data for the UE (105); and notifying, the UE (105) regarding change in settings of the secure data, wherein change in settings include access rights and subscription information.
  7. 7. The method (500) as claimed in claim 1, wherein the step of, determining (510), by the processor, validity of the received authentication information, includes the step of: validating, by the one or more processors, the received authentication information by verifying at least one of, username and password, instance ID, API tokens, wherein the received authentication information is required to be accessed and verified before a predefined expiration time period.
  8. 8. A User Equipment (UE) (105) comprising: one or more primary processors (305) coupled with one or more memory units (310), wherein said one or more memory units (310) store instructions which when executed by the one or more primary processors (305) causes the UE (105) to: transmit, a request including authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105) to a processor (205), wherein the processor (205) is further configured to perform the method as claimed in claim 1.
  9. . A system (125) of handling secure data for at least one User Equipment (UE) (105), the system (125) comprising: a transceiver (220) configured to receive, a request from one or more applications hosted by the UE (105), wherein the request includes an authentication information; a validation module (225) configured to, determine, validity of the received authentication information; an encryption module (230) configured to, encrypt, the data pertaining to the request, wherein the data is retrieved from a database (240) in response to the authentication information being valid; and the transceiver (220) configured to, transmit, the encrypted data to the UE (105), wherein the encrypted data is decrypted by the UE (105).
  10. 10. The system (125) as claimed in claim 9, wherein the request includes authentication information such, as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105).
  11. 11. The system (125) as claimed in claim 9, wherein the request is discarded if the authentication information is determined as invalid.
  12. 12. The system ( 125) as claimed in claim 9, wherein the database (240) is configured to store encrypted data therein and allow the UE (105) to access the encrypted data.
  13. 13. The system (125) as claimed in claim 9, wherein the secure data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, API tokens for third party APIs, database credentials, license keys and the likes.
  14. 14. The system (125) as claimed in claim 9, wherein the system (125) is further configured to: revoke, access to the secure data for the UE (105); re-issue, access to the secure data for the UE (105); extend, subscription to the secure data for the UE (105); allocate, access to the secure data for the UE (105); and notify, the UE (105) regarding change in settings of the secure data, wherein change in settings include access rights and subscription information.
  15. 15. The system (125) as claimed in claim 9, wherein the validation module (225) is further configured to: validate, the received authentication information by verifying at least one of, username and password, instance ID, Application Programming Interface (API) token, wherein the received authentication information is required to be accessed and verified before a predefined expiration time period.
  16. 16. A non-transitory computer-readable medium having stored thereon computer- readable instructions that, when executed by a processor (205), causes the processor (205) to: receive, a request from one or more applications hosted by the UE (105), wherein the request includes an authentication information; determine, validity of the received authentication information; encrypt, the data pertaining to the request, wherein the data is retrieved from a database (240) in response to the authentication information being valid; and transmit, the encrypted data to the UE (105), wherein the encrypted data is decrypted by the UE (105).

Description

SYSTEM AND METHOD FOR HANDLING SECURE DATA FOR AT LEAST ONE USER EQUIPMENT FIELD OF THE INVENTION [0001] The present invention generally relates to wireless communication systems, and more particularly relates to handling secure data for at least one user equipment (UE). BACKGROUND OF THE INVENTION [0002] SSL/TLS stands for secure sockets layer and transport layer security. The SSL/TLS is a protocol or communication rule that allows computer systems to talk to each other on the internet safely. SSL/TLS certificates allow web browsers to identify and establish encrypted network connections to web sites using the SSL/TLS protocol. The Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. [0003] Every TLS server requires a key pair and the SSL Certificate to establish a successful TLS connection. Storing these confidential resources on the server where the application is run as a security and confidentiality concern since any threat actor having access to the key can decrypt ongoing communications. Such scenarios become more probable nowadays as cloud native architecture is predominantly used for deploying products. Mismanagement of such confidential information should be avoided at all costs. [0004] It is desired that the confidential/secret information such as security certificates and credentials is securely and sensitively stored, handled and managed. It is also desired that the lifecycle and updating in the same is also managed and handled efficiently. BRIEF SUMMARY OF THE INVENTION [0005] One or more embodiments of the present disclosure provide a system and method for handling secure data for at least one User Equipment (UE). [0006] In one aspect of the present invention, a system of handling secure data for at least one User Equipment (UE) is disclosed. The system includes a transceiver configured to receive a request from one or more applications hosted by the UE. The request includes an authentication information. The system further includes a validation module configured to determine validity of the received authentication information. The system further includes an encryption module configured to encrypt the data pertaining to the request. The data is retrieved from a database in response to the authentication information being valid. Further, the system includes the transceiver configured to transmit the encrypted data to the UE. The encrypted data is decrypted by the UE. [0007] In one embodiment, the request includes authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE. [0008] In another embodiment, the request is discarded if the authentication information is determined as invalid. [0009] In yet another embodiment, the database is configured to store encrypted data therein and allow the UE to access the encrypted data. [0010] In yet another embodiment, the secure data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes. [0011] In yet another embodiment, the system is further configured to revoke, reissue, allocate the access to the secure data for the UE. The system is further configured to extend subscription to the secure data for the UE and notify the UE regarding change in settings of the secure data. The change in settings includes access rights and subscription information. [0012] In yet another embodiment, the validation module is further configured to validate the received authentication information by verifying at least one of, username and password, instance ID, and API token. The received authentication information is required to be accessed and verified before a predefined expiration time period. [0013] In another aspect of the present invention, a method of handling secure data for at least one user equipment is disclosed. The method includes the steps of receiving a request from one or more applications hosted by the UE. The request includes an authentication information. The method includes the steps of determining validity of the received authentication information. The method further includes the steps of encrypting the data pertaining to the request. The data is retrieved from a database in response to the authentication information being valid. The method further includes the steps of transmitting the encrypted data to the UE. The encrypted data is decrypted by the UE. [0014] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described