An encryption key is the key to encrypt the data safely and makes it able to decrypt on the other side without the possibility of data piracy and exposure. In that context, we suggest an idea of passing encryption key in mobile device.

Mobile means it has mobility, and it also means the network the device belongs to changes a lot. The point is, an attacker cannot fully exploit the subsequent networks as the device moves from one to another place unless he or she tracks the device like a stalker. With this assumption, an encryption key could be composite with a series of keys issued from server.

Suppose that we have N sub-keys Kn = { k0, k1, …, kn }. Then of course we can generate a single encryption key E from Kn. The server sends another key k(n+1) to the device and the key set would look like K(n+1) = { k0, k1, …, kn, k(n+1) }. Even though an attacker catches the key k(n+1), he cannot know the encryption key E from it because when a request comes through, the server sends new key for that and generates new encryption key E’. Unless the attacker snatches the whole key set, he can’t eavesdrop the message encrypted by E’.

It’s not 100% safe from attack, but it could enhance the security. The vulnerability may come in when the attacker gets to know every keys in Kn or when the attacker has control on the device. But we believe that the combination with other countermeasures like SSL would make it better.