METHOD AND SYSTEM FOR AUTOMATING THE RECOVERY OF A CREDENTIAL STORE
First Claim
1. A method of recovering a user'"'"'s credential store, comprising:
- generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
receiving, by said recovery process, an approval message from a help desk administrator;
obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
encrypting, by said recovery process, said recovery information using said public key;
downloading said encrypted recovery information to said client computer system;
decrypting said recovery information on said client computer system using said private key; and
obtaining a decrypted copy of said credential store based on said decrypted recovery information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user'"'"'s name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user'"'"'s identity and approves the user'"'"'s request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.
-
Citations
19 Claims
-
1. A method of recovering a user'"'"'s credential store, comprising:
-
generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
receiving, by said recovery process, an approval message from a help desk administrator;
obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
encrypting, by said recovery process, said recovery information using said public key;
downloading said encrypted recovery information to said client computer system;
decrypting said recovery information on said client computer system using said private key; and
obtaining a decrypted copy of said credential store based on said decrypted recovery information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system including a computer readable medium, said computer readable medium having program code stored thereon for recovering a user'"'"'s credential store, said program code comprising:
-
program code for generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
program code for sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
program code for receiving, by said recovery process, an approval message from a help desk administrator;
program code for obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
program code for encrypting, by said recovery process, said recovery information using said public key;
program code for downloading said encrypted recovery information to said client computer system;
program code for decrypting said recovery information on said client computer system using said private key; and
program code for obtaining a decrypted copy of said credential store based on said decrypted recovery information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product including a computer readable medium, said computer readable medium having program code stored thereon for recovering a user'"'"'s credential store, said program code comprising:
-
program code for generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
program code for sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
program code for receiving, by said recovery process, an approval message from a help desk administrator;
program code for obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
program code for encrypting, by said recovery process, said recovery information using said public key;
program code for downloading said encrypted recovery information to said client computer system;
program code for decrypting said recovery information on said client computer system using said private key; and
program code for obtaining a decrypted copy of said credential store based on said decrypted recovery information.
-
-
18. A computer data signal embodied in a carrier wave, said computer data signal have program code stored thereon for recovering a user'"'"'s credential store, said program code comprising:
-
program code for generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
program code for sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
program code for receiving, by said recovery process, an approval message from a help desk administrator;
program code for obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
program code for encrypting, by said recovery process, said recovery information using said public key;
program code for downloading said encrypted recovery information to said client computer system;
program code for decrypting said recovery information on said client computer system using said private key; and
program code for obtaining a decrypted copy of said credential store based on said decrypted recovery information.
-
-
19. A system for recovering a user'"'"'s credential store, comprising:
-
means for generating, on a client computer system, a temporary encryption key pair based on a new password obtained from said user, said temporary encryption key pair including a public key and a private key;
means for sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
means for receiving, by said recovery process, an approval message from a help desk administrator;
means for obtaining, by said recovery process, responsive to receipt of said approval message, recovery information associated with said credential store;
means for encrypting, by said recovery process, said recovery information using said public key;
means for downloading said encrypted recovery information to said client computer system;
means for decrypting said recovery information on said client computer system using said private key; and
means for obtaining a decrypted copy of said credential store based on said decrypted recovery information.
-
Specification