DESC:FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
SYSTEM AND METHOD FOR HANDLING SECURE DATA FOR AT LEAST ONE USER EQUIPMENT
2. APPLICANT(S)
NAME NATIONALITY ADDRESS
JIO PLATFORMS LIMITED INDIAN OFFICE-101, SAFFRON, NR. CENTRE POINT, PANCHWATI 5 RASTA, AMBAWADI, AHMEDABAD 380006, GUJARAT, INDIA
3.PREAMBLE TO THE DESCRIPTION

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE NATURE OF THIS INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention generally relates to wireless communication systems, and more particularly relates to handling secure data for at least one user equipment (UE).
BACKGROUND OF THE INVENTION
[0002] SSL/TLS stands for secure sockets layer and transport layer security. The SSL/TLS is a protocol or communication rule that allows computer systems to talk to each other on the internet safely. SSL/TLS certificates allow web browsers to identify and establish encrypted network connections to web sites using the SSL/TLS protocol. The Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.
[0003] Every TLS server requires a key pair and the SSL Certificate to establish a successful TLS connection. Storing these confidential resources on the server where the application is run as a security and confidentiality concern since any threat actor having access to the key can decrypt ongoing communications. Such scenarios become more probable nowadays as cloud native architecture is predominantly used for deploying products. Mismanagement of such confidential information should be avoided at all costs.
[0004] It is desired that the confidential/secret information such as security certificates and credentials is securely and sensitively stored, handled and managed. It is also desired that the lifecycle and updating in the same is also managed and handled efficiently.
BRIEF SUMMARY OF THE INVENTION
[0005] One or more embodiments of the present disclosure provide a system and method for handling secure data for at least one User Equipment (UE).
[0006] In one aspect of the present invention, a system of handling secure data for at least one User Equipment (UE) is disclosed. The system includes a transceiver configured to receive a request from one or more applications hosted by the UE. The request includes an authentication information. The system further includes a validation module configured to determine validity of the received authentication information. The system further includes an encryption module configured to encrypt the data pertaining to the request. The data is retrieved from a database in response to the authentication information being valid. Further, the system includes the transceiver configured to transmit the encrypted data to the UE. The encrypted data is decrypted by the UE.
[0007] In one embodiment, the request includes authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE.
[0008] In another embodiment, the request is discarded if the authentication information is determined as invalid.
[0009] In yet another embodiment, the database is configured to store encrypted data therein and allow the UE to access the encrypted data.
[0010] In yet another embodiment, the secure data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes.
[0011] In yet another embodiment, the system is further configured to revoke, re-issue, allocate the access to the secure data for the UE. The system is further configured to extend subscription to the secure data for the UE and notify the UE regarding change in settings of the secure data. The change in settings includes access rights and subscription information.
[0012] In yet another embodiment, the validation module is further configured to validate the received authentication information by verifying at least one of, username and password, instance ID, and API token. The received authentication information is required to be accessed and verified before a predefined expiration time period.
[0013] In another aspect of the present invention, a method of handling secure data for at least one user equipment is disclosed. The method includes the steps of receiving a request from one or more applications hosted by the UE. The request includes an authentication information. The method includes the steps of determining validity of the received authentication information. The method further includes the steps of encrypting the data pertaining to the request. The data is retrieved from a database in response to the authentication information being valid. The method further includes the steps of transmitting the encrypted data to the UE. The encrypted data is decrypted by the UE.
[0014] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0016] FIG. 1 is an exemplary block diagram of an environment of handling secure data for at least one User Equipment (UE), according to one or more embodiments of the present disclosure;
[0017] FIG. 2 is an exemplary block diagram of a system of handling secure data for at least one UE, according to the one or more embodiments of the present disclosure;
[0018] FIG. 3 is a schematic representation of the present system of FIG. 1 workflow, according to the one or more embodiments of the present disclosure;
[0019] FIG. 4 is a signal flow diagram illustrating handling secure data for at least one UE, according to the one or more embodiments of the present disclosure; and
[0020] FIG. 5 illustrates a flow diagram of a method of handling secure data for at least one UE, according to the one or more embodiments of the present disclosure.
[0021] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0022] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0023] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0024] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0025] As per various embodiments depicted, the present invention discloses the system and method of handling secure data for at least one User Equipment (UE) to securely and sensitively store, handle and manage security certificates and credentials.
[0026] Referring to FIG. 1, FIG. 1 illustrates an exemplary block diagram of an environment 100 of handling secure data for at least one User Equipment (UE), according to one or more embodiments of the present invention. The environment 100 includes the at least one UE 105, a network 110, a server 115, and a system 125. The at least one UE 105 aids a user to interact with the system 125 for transmitting a request from the UE 105 to a processor 205 (as shown in FIG. 2).
[0027] For the purpose of description and explanation, the description will be explained with respect to one or more UEs 105, or to be more specific will be explained with respect to a first UE 105a, a second UE 105b, and a third UE 105c, and should nowhere be construed as limiting the scope of the present disclosure. In one embodiment, each of the first UE 105a, the second UE 105b, and the third UE 105c is one of, but are not limited to, any electrical, electronic, electro-mechanical or an equipment and a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device.
[0028] Each of the first UE 105a, the second UE 105b, and the third UE 105c is further configured to host one or more applications thereon. Each of the one or more applications is adapted to include one or more applications stacks to aid in performing certain predefined activities of each of the one or more applications. The predefined activities include, but not limited to, accessing the server 115, and transmitting the secure data to the one or more applications via the network 110.
[0029] A person skilled in the art will appreciate that the UE 105 may include more than one processor and communication ports. The communication port(s) may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication port(s) may be chosen depending on a network 110, such as, but not limited to, a Local Area Network (LAN), a Wide Area Network (WAN), or any of the network 110 to which the computer system connects.
[0030] The network 110 includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. The network 110 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
[0031] The server 115 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an embodiment, the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise, a defense facility, or any other facility that provides content.
[0032] The environment 100 further includes the system 125 communicably coupled to the server 115 and each of the first UE 105a, the second UE 105b, and the third UE 105c via the network 110. The system 125 is configured for handling secure data for at least one UE 105 by using one or more modules. The system 108 is adapted to be embedded within the server 104 or is embedded as the individual entity.
[0033] Operational and construction features of the system 125 will be explained in detail with respect to the following figures.
[0034] Referring to FIG. 2, FIG. 2 illustrates an exemplary block diagram of the system 125 for handling secure data for at least one UE 105 (as shown in FIG.1), according to one or more embodiments of the present invention.
[0035] As per the illustrated embodiment, the system 125 includes the processor 205, a memory 210, and a user interface 215. For the purpose of description and explanation, the description will be explained with respect to one or more processors 205, or to be more specific will be explained with respect to a processor 205 and should nowhere be construed as limiting the scope of the present disclosure. The one or more processor 205, hereinafter referred to as the processor 205 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions.
[0036] As per the illustrated embodiment, the processor 205 is configured to fetch and execute computer-readable instructions stored in the memory 210. The memory 210 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 210 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
[0037] In an embodiment, the user interface 215 includes a variety of interfaces, for example, interfaces for a graphical user interface, a web user interface, a Command Line Interface (CLI), and the like. The user interface 215 facilitates communication of the system 125. In one embodiment, the user interface 215 provides a communication pathway for one or more components of the system 125. Examples of such components include, but are not limited to, the UE 105 and the database 240.
[0038] The database 240 is one of, but not limited to, a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No-Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth. The foregoing examples of database 240 types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloud-based, or both relational and open-source, etc.
[0039] Further, the processor 205, in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 205. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 205 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for processor 205 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 210 may store instructions that, when executed by the processing resource, implement the processor 205. In such examples, the system 125 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the system 125 and the processing resource. In other examples, the processor 205 may be implemented by electronic circuitry.
[0040] In order for the system 125 to handle secure data for the at least one UE 105. The processor 205 includes the one or more modules. The one or more modules include a transceiver 220, a validation module 225, and an encryption module 230 communicably coupled to each other.
[0041] The transceiver 220 of the processor 205 is communicably connected to each of the first UE 105a, the second UE 105b, and the third UE 105c via the network 110 (as shown in FIG.1). Accordingly, the transceiver 220 is configured to receive the request from one or more applications hosted by the UE 105. In an embodiment, the request includes an authentication information. In another embodiment, the request includes the authentication information such as permission to access secure data and a data identifier corresponding to the secure data to be accessed by the UE 105. In one embodiment, the one or more applications hosted by the UE 105 includes, but not limited to, mobile applications such as messaging apps, navigation apps, and streaming apps. In one embodiment, the data identifier refers to a specific piece of data or resource that the UE 105 of the user is requesting access to, and the data is identified by a unique identifier for secure and efficient data access in the system 125.
[0042] As per the above illustrated embodiment, the secure data includes, but not limited to, a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes. After receiving the authentication information from the UE 105, the validation module 225 determines whether the received authentication information is valid or invalid.
[0043] The validation module 225 of the processor 205 is communicably connected with the transceiver 220. More specifically, the validation module 225 is configured to determine validity of the received authentication information. In one embodiment, if the received authentication information is determined as invalid, then the request is discarded. In another embodiment, if the received authentication information is determined as valid, subsequently the request is forwarded to a database 240. The database 240 is stored and managed electronically, and designed to efficiently store, retrieve, and manage large volumes of information. The database 240 receives the request from the UE 105 and is further configured to retrieve the data in response to the authentication information being valid. Further, the retrieved data from the database 240 is encrypted by the encryption module 230. The database 240 is responsible for storing and accessing the encrypted data in the database 240 and allowing the UE 105 to access the encrypted data.
[0044] Further, as per one or more embodiments, the validation module 225 is configured to validate the received authentication information by verifying at least one of, the username and password, the instance ID, the Application Programming Interface (API) token. In one embodiment, the received authentication information is required to be accessed and verified before a predefined expiration time period. The API token may have an expiration time to enhance security. Before the API token expires, the one or more applications of the UE 105 can request a new token by authenticating with the service using the existing token or other authentication credentials.
[0045] On updating the database 240 with the retrieved data in response to the authentication information being valid, the encryption module 230 is configured to encrypt the data pertaining to the request. After encrypting the data by the encryption module 230, the encrypted data is transmitted to the UE 105. The transceiver 220 is configured to transmit the encrypted data to the UE 105. In an embodiment, the encrypted data is decrypted by the UE 105 and provides an updated version of the application.
[0046] As per the above illustrated embodiment, the system 125 is further configured to revoke and re-issue the access to the secure data for the UE 105. The system 125 is further configured to extend subscription to the secure data for the UE 105. Further, the system 125 is configured to allocate the access to the secure data for the UE 105. Further, the system 125 is configured to notify the UE 105 regarding change in settings of the secure data. In an embodiment, the change in settings include access rights and subscription information. By doing so, the system 125 provides for transmitting the secure data to the applications in a trusted and secure manner.
[0047] Referring to FIG. 3, FIG. 3 describes a preferred embodiment of the system 125, according to one or more embodiments of the present invention. It is to be noted that the embodiment with respect to FIG. 3 will be explained with respect to the first UE 105a (as shown in FIG. 1) for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure.
[0048] As mentioned earlier in FIG. 1, each of the first UE 105a the second UE 105b, and the third UE 105c may include an external storage device, a bus, a main memory, a read-only memory, a mass storage device, communication port(s), and a processor. The exemplary embodiment as illustrated in the FIG. 3 will be explained with respect to the first UE 105a. The first UE 105a includes one or more primary processors 305 communicably coupled to the one or more processors 205 of the system 125.
[0049] The one or more primary processors 305 are coupled with a memory unit 310 storing instructions which are executed by the one or more primary processors 305. Execution of the stored instructions by the one or more primary processors 305 enables the first UE 105a to transmit the request from the one or more applications hosted by the UE 105.
[0050] As mentioned earlier in the FIG. 2, the processor 205 of the system 125 is configured for handling secure data for at least one UE 105. The transceiver 220 of the processor 205 is communicably connected to each of the first UE 105a, the second UE 105b, and the third UE 105c via the network 110 (as shown in FIG.1). Accordingly, the transceiver 220 is configured to receive the request from the one or more applications hosted by the UE 105.
[0051] The validation module 225 is configured to determine validity of the received authentication information. In one embodiment, if the received authentication information is determined as invalid, then the request is discarded. In another embodiment, if the received authentication information is determined as valid, subsequently the request is forwarded to the database 240.
[0052] The database 240 is configured to retrieve the data in response to the authentication information being valid. Thereafter, the retrieved data from the database 240 is encrypted by the encryption module 230. Further, the database 240 is responsible for storing and accessing the encrypted data in the database 240. The transceiver 220 is configured to transmit the encrypted data to the UE 105. In an embodiment, the encrypted data is decrypted by the UE 105.
[0053] As per the above illustrated embodiment, the system 125 is further configured to revoke and re-issue the access to the secure data for the UE 105. The system 125 is further configured to revoke and re-issue the request from replacing the original. The system 125 is further configured to extend subscription to the secure data for the UE 105. In one embodiment, extension of the subscription is increasing expiration time of the subscription. Further, the system 125 is configured to allocate the access to the secure data for the UE 105. The system 125 further performs the allocation needs to be triggered by the UE 105 via the user interface 215 or the CLI. Further, the system 125 is configured to notify the UE 105 regarding change in settings of the secure data. By doing so, the system 125 provides for transmitting the secure data to the applications in a trusted and secure manner.
[0054] Hence, for the sake of brevity, a similar description related to the working and operation of the system 125 as illustrated in FIG. 2 has been omitted to avoid repetition. The limited description provided for the system 125 in FIG. 3, should be read with the description as provided for the system 125 in the FIG. 2 above.
[0055] FIG. 4 is a signal flow diagram illustrating handling secure data for the at least one UE 105, according to the one or more embodiments of the present disclosure.
[0056] At step 402, the at least one UE 105 transmits the request from one or more applications to the validation module 225. In one embodiment, the request includes authentication information. In another embodiment, the request includes the authentication information such as permission to access the secure data and the data identifier corresponding to the secure data to be accessed by the UE 105. The validation module 225 determines whether the authentication information is valid or not when the request is received.
[0057] As per the above illustrated embodiment, the secure data includes, but not limited to, Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes. After receiving the authentication information from the UE 105, the validation module 225 determines whether the received authentication information is valid or invalid.
[0058] As per one or more embodiments, let us consider for a real-time example of Application Programming Interface (API) tokens in the context of the streaming service. Multiple users are subscribed to the streaming service and are required to create an account on a platform for the purpose of accessing the streaming service. Upon successful subscription, the streaming service generates a unique API token for the user's account. The API token is associated with the user's account which includes the username and passwords, and includes specific permissions to access the streaming catalog, user profile settings, and viewing history. The streaming service's user equipment or web application securely stores the API token locally on the UE 105.
[0059] When the user opens the streaming app and requests to watch a movie or a TV show, the one or more applications are configured to include the API token in the API request.
[0060] At step 404, the validation module 225 receives the API request and checks the included token for authenticity. The server 115 also verifies the permissions associated with the API token to ensure the user has the right to access the requested content. If the API token is valid and the received authentication information is retrieved from the database 240 (as shown in FIG. 2).
[0061] At step 406, the validation module 225 also verifies the permissions associated with the API token to ensure the user has the right to access the requested content. If the API token is invalid, the request is discarded. At step 408, if the API token is valid, the received authentication information is retrieved from the database 240. The retrieved data is encrypted from the database 240 by using the encryption module 230.
[0062] At step 410, the encrypted data is transmitted to the at least one UE 105. Furthermore, the encrypted data is decrypted by the at least one UE 105. The API token may have an expiration time to enhance security. Before the API token expires, the streaming app can request a new token for extending subscription to the secure data for the UE 105, and also notify the UE 105 regarding the change in settings of the API token.
[0063] FIG. 5 is a flow diagram of a method 500 for handling secure data for at least one UE 105 (as shown in FIG. 1), according to the one or more embodiments of the present disclosure. The method 500 is adapted to manage secure data for at least one UE 105. For the purpose of description, the method 500 is described with the embodiments as illustrated in FIG. 2 and should nowhere be construed as limiting the scope of the present disclosure.
[0064] At step 505, the method 500 includes the step of receiving the request from one or more applications hosted by the UE 105. In an embodiment, the request includes the authentication information. In another embodiment, the request includes the authentication information such as permission to access secure data and the data identifier corresponding to the secure data to be accessed by the UE 105. In one embodiment, the one or more applications hosted by the UE 105 may include, but not limited to, mobile applications such as messaging and streaming apps. In one embodiment, the data identifier refers to the specific piece of data or resource that the UE 105 of the user is requesting access to, and the data is identified by the unique identifier for secure and efficient data access in the system 125.
[0065] At step 510, the method 500 includes the step of determining validity of the received authentication information by the validation module 225. In one embodiment, if the received authentication information is determined as invalid, then the request is discarded. In another embodiment, if the received authentication information is determined as valid, subsequently the request is forwarded to the database 240. The database 240 is configured to retrieve the data in response to the authentication information being valid. Further, the retrieved data from the database 240 is encrypted by the encryption module 230. The database 240 is responsible for storing and accessing the encrypted data in the database 240 and allow the UE 105 to access the encrypted data.
[0066] Further, as per one or more embodiments, the validation module 225 is configured to validate the received authentication information by verifying at least one of, the username and password, the instance ID, the Application Programming Interface (API) token. In one embodiment, the received authentication information is required to be accessed and verified before the predefined expiration time period. The API token may have the expiration time to enhance security. Before the token expires, the one or more applications of the UE 105 can request the new token by authenticating with the service using the existing token or other authentication credentials.
[0067] At step 515, the method 500 includes the step of encrypting the data pertaining to the request. After encrypting the data by the encryption module 230, the encrypted data is transmitted to the at least one UE 105.
[0068] At step 520, the method 500 includes the step of transmitting the encrypted data to the at least one UE 105 by the transceiver 220. In an embodiment, the encrypted data is decrypted by the at least one UE 105, which provides the updated version of the one or more applications.
[0069] Further, the method 500 includes the step of revoking and re-issuing the access to the secure data for the at least one UE 105. Further, the method 500 includes the step of extending subscription to the secure data for the at least one UE 105. The method 500 includes the step of allocating the access to the secure data for the at least one UE 105. Further, the method 500 includes notifying the at least one UE 105 regarding change in settings of the secure data. In an embodiment, the change in settings include access rights and subscription information. By doing so, the method 500 provides for transmitting the secure data to the applications in a trusted and secure manner.
[0070] The present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions. The computer-readable instructions are executed by a processor 205 (as shown in FIG.2). The processor 205 is configured to receive a request from one or more applications hosted by the UE 105 (as shown in FIG.1). The processor 205 is further configured to determine validity of the received authentication information. The processor 205 is further configured to encrypt the data pertaining to the request. The data is retrieved from a database 240 (as shown in FIG.2) in response to the authentication information being valid. The processor 205 is further configured to transmit the encrypted data to the at least one UE 105. The encrypted data is decrypted by the at least one UE 105.
[0071] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIG.1-5) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0072] The present disclosure incorporates technical advancement of storing the encrypted data and the SSL certificates in the database 240 (as shown in FIG.2). The disclosure provides for authenticating the authorized users and the application to have access to the secure data as and when required/requested. Further, the transceiver 220 (as shown in FIG.2) transmits the secure data to the applications in a trusted and secure manner. The disclosure also provides for customisation wherein the user can configure profiles for the applications to restrict access to the resources it doesn’t need.
[0073] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.

REFERENCE NUMERALS
[0074] Environment - 100;
[0075] At least one User Equipment - 105;
[0076] Network – 110;
[0077] Server – 115;
[0078] System -125;
[0079] Processor -205;
[0080] Memory – 210;
[0081] User Interface – 215;
[0082] Transceiver - 220;
[0083] Validation Module - 225;
[0084] Encryption Module - 230;
[0085] Database - 240;
[0086] Primary processor– 305;
[0087] Memory unit- 310;

,CLAIMS:CLAIMS
We Claim:
1. A method (500) of handling secure data for at least one User Equipment (UE) (105), the method (500) comprises the steps of:
receiving (505), by a processor (205), a request from one or more applications hosted by the UE (105), wherein the request includes an authentication information;
determining (510), by the processor (205), validity of the received authentication information;
encrypting (515), by the processor (205), the data pertaining to the request, wherein the data is retrieved from a database (240) in response to the authentication information being valid; and
transmitting (520), by the processor (205), the encrypted data to the UE (105), wherein the encrypted data is decrypted by the UE (105).

2. The method (500) as claimed in claim 1, wherein the request includes authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105).

3. The method (500) as claimed in claim 1, wherein the request is discarded if the authentication information is determined as invalid.

4. The method (500) as claimed in claim 1, wherein the database (240) is configured to store encrypted data therein and allow the UE (105) to access the encrypted data via the processor (205).

5. The method (500) as claimed in claim 1, wherein the data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, Application Programming Interface (API) tokens for third party APIs, database credentials, license keys and the likes.

6. The method (500) as claimed in claim 1, wherein the processor (205) is further configured to perform the steps of:
revoking, access to the secure data for the UE (105);
re-issuing, access to the secure data for the UE (105);
extending, subscription to the secure data for the UE (105);
allocating, access to the secure data for the UE (105); and
notifying, the UE (105) regarding change in settings of the secure data, wherein change in settings include access rights and subscription information.

7. The method (500) as claimed in claim 1, wherein the step of, determining (510), by the processor, validity of the received authentication information, includes the step of:
validating, by the one or more processors, the received authentication information by verifying at least one of, username and password, instance ID, API tokens, wherein the received authentication information is required to be accessed and verified before a predefined expiration time period.

8. A User Equipment (UE) (105) comprising:
one or more primary processors (305) coupled with one or more memory units (310), wherein said one or more memory units (310) store instructions which when executed by the one or more primary processors (305) causes the UE (105) to:
transmit, a request including authentication information such as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105) to a processor (205), wherein the processor (205) is further configured to perform the method as claimed in claim 1.

9. A system (125) of handling secure data for at least one User Equipment (UE) (105), the system (125) comprising:
a transceiver (220) configured to receive, a request from one or more applications hosted by the UE (105), wherein the request includes an authentication information;
a validation module (225) configured to, determine, validity of the received authentication information;
an encryption module (230) configured to, encrypt, the data pertaining to the request, wherein the data is retrieved from a database (240) in response to the authentication information being valid; and
the transceiver (220) configured to, transmit, the encrypted data to the UE (105), wherein the encrypted data is decrypted by the UE (105).

10. The system (125) as claimed in claim 9, wherein the request includes authentication information such, as permission to access the secure data and a data identifier corresponding to the secure data to be accessed by the UE (105).

11. The system (125) as claimed in claim 9, wherein the request is discarded if the authentication information is determined as invalid.

12. The system (125) as claimed in claim 9, wherein the database (240) is configured to store encrypted data therein and allow the UE (105) to access the encrypted data.

13. The system (125) as claimed in claim 9, wherein the secure data is one of a Secure Sockets Layer (SSL) keys, Secure Sockets Layer (SSL) certificates, Transport Layer Security (TLS) certificates, username and passwords, API tokens for third party APIs, database credentials, license keys and the likes.

14. The system (125) as claimed in claim 9, wherein the system (125) is further configured to:
revoke, access to the secure data for the UE (105);
re-issue, access to the secure data for the UE (105);
extend, subscription to the secure data for the UE (105);
allocate, access to the secure data for the UE (105); and
notify, the UE (105) regarding change in settings of the secure data, wherein change in settings include access rights and subscription information.

15. The system (125) as claimed in claim 9, wherein the validation module (225) is further configured to:
validate, the received authentication information by verifying at least one of, username and password, instance ID, Application Programming Interface (API) token, wherein the received authentication information is required to be accessed and verified before a predefined expiration time period.