Systems and methods for setting and resetting a password

US 20030182584A1
Filed: 03/22/2002
Published: 09/25/2003
Est. Priority Date: 03/22/2002
Status: Active Grant

First Claim

Patent Images

1. A method for resetting a user password on a computer system, comprising:

retrieving a private key from a removable computer-readable medium;

locating an encrypted user password encrypted with a public key that corresponds to the private key;

attempting to decrypt the encrypted user password with the private key;

allowing a user password to be reset if decryption is successful; and

wherein the encrypted user password is the user password that specified by the user during a most recent password change operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for recovering from a lost password are described. A password reset disk is created by generating a key pair consisting of a private key and a corresponding public key. The private key is stored on a removable computer-readable medium so that it can be removed and securely stored remote from the computer system on which it was created. The public key is stored on the computer system and used to maintain an up-to-date encrypted copy of the current password. This encrypted copy is stored on the computer system. If, at a later time, the user forgets a user password, the user may insert the password reset disk into the computer system. The private key is retrieved from the password reset disk and the encrypted password is decrypted using the private key. If the decryption is successful, the user is allowed to set a new password. The password reset disk is effective even if the user password has been changed since the creation of the password reset disk. In this way, a user does not have to contact customer service to recover from a forgotten password. The user may also create the password reset disk when there is no password set. When a password is set, the password is encrypted with the public key and stored.

127 Citations

38 Claims

1. A method for resetting a user password on a computer system, comprising:
- retrieving a private key from a removable computer-readable medium;
  
  locating an encrypted user password encrypted with a public key that corresponds to the private key;
  
  attempting to decrypt the encrypted user password with the private key;
  
  allowing a user password to be reset if decryption is successful; and
  
  wherein the encrypted user password is the user password that specified by the user during a most recent password change operation.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, further comprising
  - 3. The method as recited in claim 1, further comprising selecting a removable media drive in which the removable computer-readable medium is located prior to retrieving the private key.
  - 4. The method as recited in claim 1, wherein the decryption is successful when a decrypted version of the encrypted password is identical to the user password specified by the user during the most recent password change operation.

5. A computer system, comprising:
- a password module configured to receive a user password and to control access to the computer system with the user password;
  
  a disk creator configured to generate a public key/private key pair, encrypt the user password with the public key and store the private key on a removable computer-readable medium; and
  
  wherein the removable computer-readable medium can be stored remote from the computer system and subsequently used to retrieve the private key stored therein, decrypt the encrypted user password and, if successful, allow the user password to be reset.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The computer system as recited in claim 5, further comprising a password file that contains the public key and a public key encrypted user password.
  - 7. The computer system as recited in claim 6, further comprising a digital signature module configured to digitally sign the password file.
  - 8. The computer system as recited in claim 5, further comprising a password reset module configured to retrieve the private key from the removable computer-readable medium, attempt to decrypt the encrypted user password with the private key and, if the decryption is successful, to reset the user password.
  - 9. The computer system as recited in claim 8, wherein the password module is further configured to query whether to activate the password reset module if an incorrect user password is received.
  - 10. The computer system as recited in claim 8, wherein the password module is further configured to query whether to activate the password reset module if an incorrect user password is received and the private key has been created and stored on the removable computer-readable medium.
  - 11. The computer system as recited in claim 5, wherein the disk creator is further configured to forego encrypting a user password if there is no user password currently set.
  - 12. The computer system as recited in claim 5, wherein the disk creator is further configured to encrypt the user password and store the encrypted user password whenever the user password is changed.

13. A method for creating a password reset disk, comprising:
- generating a key pair having a public key and a corresponding private key;
  
  storing the private key on a removable computer readable medium to create the password reset disk;
  
  creating a password file that contains the public key and a user password encrypted with the public key; and
  
  wherein the password reset disk can be stored remote from the password file, and a lost user password can subsequently be replaced by retrieving the private key from the password reset disk and using the private key with the contents of the password file to authorize a user to reset the user password.
- View Dependent Claims (14, 15, 16)
- - 14. The method as recited in claim 13, further comprising removing any version of the private key that may exist somewhere other than on the removable computer-readable medium.
  - 15. The method as recited in claim 13, further comprising selecting a removable media drive in which the removable computer-readable medium is located.
  - 16. The method as recited in claim 13, wherein the public key and the encrypted version of the user password are created at different times.

17. A system, comprising:
- a password file that contains a public key and an encrypted user password that is created by encrypting a user password with the public key; and
  
  a password reset module configured to;
  
  retrieve a private key from a removable computer-readable medium, the private key corresponding to the public key;
  
  attempt to decrypt the encrypted user password with the private key;
  
  allow the user password to be replaced with a new user password if the attempt to decrypt the encrypted user password is successful.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The system as recited in claim 17, wherein the attempt to decrypt the encrypted user password is deemed to be successful if the decryption results in the user password.
  - 19. The system as recited in claim 17, wherein the current user password is present in an encrypted form.
  - 20. The system as recited in claim 17, wherein the private key and the public key were generated contemporaneously, and the user password is the user password that was active when the private key and public key were generated.
  - 21. The system as recited in claim 17, further comprising a removable media drive configured to accept the removable computer-readable medium containing the private key.
  - 22. The system as recited in claim 17, further comprising a key generator configured to generate the private key and the public key.
  - 23. The system as recited in claim 17, further comprising a digital signature module configured to digitally sign the password file.
  - 24. The system as recited in claim 17, further comprising a password module configured to activate the password reset module when an invalid user password is entered to access the system.
  - 25. The system as recited in claim 17, further comprising a password module configured to offer an option to activate the password reset module when an invalid user password is entered to access the system if a password reset disk has previously been created.

26. A removable computer-readable medium, comprising:
- a casing designed to fit into a removable drive; and
  
  a computer-readable medium contained within the casing in such a way so that the computer-readable medium may be read by a disk reading device in the disk drive, the computer-readable medium containing a private key;
  
  wherein;
  
  the private key corresponds with a public key which has been used to create an encrypted user password on a computer system; and
  
  a user password on the computer system can be reset by successfully decrypting the encrypted user password with the private key.
- View Dependent Claims (27)
- - 27. The computer disk as recited in claim 26, wherein:
    - the private key and the public key are created at the same time as a key pair; and
      
      if the private key successfully decrypts the encrypted user password, then the computer system allows access to the system to reset the user password.

28. A removable computer-readable medium assembly, comprising:
- a casing that is removably insertable into a computer drive; and
  
  a computer-readable medium contained within the casing in such a way so that the computer-readable medium may be read by a reading device in the computer drive, the computer-readable medium containing a private key; and
  
  wherein;
  
  the private key corresponds with a public key which has been used to create an encrypted user password on a computer system; and
  
  a user password on the computer system can be set or reset by successfully decrypting the encrypted user password with the private key.
- View Dependent Claims (29, 30)
- - 29. The removable computer-readable medium assembly as recited in claim 28, wherein:
    - the private key and the public key are created at the same time as a key pair; and
      
      if the private key successfully decrypts the encrypted user password, then the computer system allows the user password to be reset.
  - 30. The removable computer-readable medium assembly as recited in claim 28, wherein the removable computer-readable medium assembly comprises one of the following:
    - a magnetic strip card;
      
      a memory card;
      
      an integrated circuit card;
      
      a floppy disk;
      
      a computer disk (CD);
      
      or a digital versatile disk (DVD).

31. One or more computer-readable media containing computer-executable instructions that, when executed on a computer, performs the following steps:
- generating a public key/private key pair;
  
  storing the private key on a removable computer-readable medium;
  
  encrypting a user password with the public key to create an encrypted user password; and
  
  wherein a computer system requires the user password to access the computer system except when the private key is retrievable from the removable computer-readable medium, in which case the computer system may be accessed to reset the user password if the private key successfully decrypts the encrypted user password.
- View Dependent Claims (32, 33, 34)
- - 32. The one or more computer-readable media as recited in claim 31, further comprising computer-executable instructions to digitally sign the encrypted user password.
  - 33. The one or more computer-readable media as recited in claim 31, further comprising digitally signing a password file that contains the encrypted user password and the public key.
  - 34. The one or more computer-readable media as recited in claim 31, further comprising computer-executable instructions to remove any version of the private key that is not on the removable computer-readable medium.

35. One or more computer-readable media containing computer-executable instructions that, when executed on a computer, perform the following steps:
- retrieving a private key from a removable computer-readable medium;
  
  locating an encrypted user password that is a user password that has been encrypted with a public key that corresponds to the private key;
  
  attempting to decrypt the encrypted user password with the private key; and
  
  if the attempted decryption is successful, allowing a current user password to be reset with a new user password that allows access to a computer system.
- View Dependent Claims (36, 37, 38)
- - 36. The one or more computer-readable media as recited in claim 35, wherein the decrypted version of the encrypted user password is the same as the current user password.
  - 37. The one or more computer-readable media as recited in claim 35, further comprising validating a digital signature associated with the encrypted user password and proceeding only if the digital signature is valid.
  - 38. The one or more computer-readable media as recited in claim 35, further comprising receiving an indication identifying a removable media drive in which the removable computer-readable medium is located.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hubbard, Jonathan David, Masters, George, Skelly, Peter J., Banes, John, Pittaway, Glenn D.

Granted Patent

US 8,332,650 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 2221/2131   Lost password, e.g. recover...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Systems and methods for setting and resetting a password

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for setting and resetting a password

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links