Enterprise Device Recovery

US 20090276623A1
Filed: 05/02/2009
Published: 11/05/2009
Est. Priority Date: 07/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for an administrator of an enterprise to recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password, the method comprising:

communicatively coupling an administrator secure storage device with a host computer;

communicatively coupling the user secure storage device with a host computer;

authenticating the administrator secure storage device to the third-party service;

performing one or more decryptions on an encrypted portion of data with an enterprise private key and a shared administrator private key to produce information associated with the user secure storage device password; and

logging the administrator into the user secure storage device using the information associated with user secure storage device password without the administrator knowing the user secure storage device password.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An administrator of an enterprise can recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password. The administrator secure storage device is communicatively coupled with a host computer. A user secure storage device is communicatively coupled with a host computer. The administrator secure storage device is authenticated to the third-party service. One or more decryptions are performed on an encrypted portion of data with an enterprise private key and a shared administrator private key to produce information associated with the user secure storage device password. The administrator is logged into the user secure storage device using the information associated with the user secure storage device password without the administrator knowing the user secure storage device password.

165 Citations

View as Search Results

36 Claims

1. A method for an administrator of an enterprise to recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password, the method comprising:
- communicatively coupling an administrator secure storage device with a host computer;
  
  communicatively coupling the user secure storage device with a host computer;
  
  authenticating the administrator secure storage device to the third-party service;
  
  performing one or more decryptions on an encrypted portion of data with an enterprise private key and a shared administrator private key to produce information associated with the user secure storage device password; and
  
  logging the administrator into the user secure storage device using the information associated with user secure storage device password without the administrator knowing the user secure storage device password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein an administrator cannot recover the user secure storage device without being authorized and authenticating to the third-party service.
  - 3. The method of claim 1, wherein the third-party service cannot recover a user secure storage device without cooperation of an administrator.
  - 4. The method of claim 1, further comprising specifying which applications can be on the user secure storage device.
  - 5. The method of claim 1, wherein the information associated with the user secure storage device password is a hash of the user secure storage device password.
  - 6. The method of claim 1, wherein the information associated with the user secure storage device password is the user secure storage device password.
  - 7. The method of claim 1, further comprising receiving, at the administrator secure storage device, a password for a recovery box.
  - 8. The method of claim 1, further comprising receiving, at the administrator secure storage device, a shared administrator keypair.
  - 9. The method of claim 1, further comprising taking a hash of a key and comparing the result against a stored value.
  - 10. The method of claim 9, wherein the stored value is a hash of a key.
  - 11. The method of claim 1, further comprising obtaining password recovery data having an encrypted key portion.
  - 12. The method of claim 1, further comprising decrypting a third encrypted portion of data with the enterprise private key to produce a second encrypted portion of data.
  - 13. The method of claim 12, further comprising decrypting the second encrypted portion of data with the shared administrator private key to produce a first encrypted portion of data.
  - 14. The method of claim 13, wherein the first encrypted portion of data comprises a first key and a hash of a second key, the method further comprising taking a hash of the first key to determine if there is a match with the hash of the second key.
  - 15. The method of claim 14, wherein the hash of the first key is the same as the hash of the second key.
  - 16. The method of claim 14, further comprising:
    - decrypting the hash of the user secure storage device password with a key that was used for encrypting the hash of the user secure storage device password; and
      
      submitting a decrypted hash of the user secure storage device password to the user secure storage device for login.
  - 17. The method of claim 16, wherein the key used to encrypt the hash of the user secure storage device password is a randomly generated key.

18. A system for facilitating an administrator of an enterprise to recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password, the system comprising:
- an administrator secure storage device communicatively coupled with a host computer;
  
  the user secure storage device communicatively coupled with a host computer; and
  
  an administrator recovery module located on the administrator secure storage device, the administrator recovery module configured to recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. The system of claim 18, wherein the administrator recovery module includes an administrator authentication module.
  - 20. The system of claim 19, wherein the administrator recovery module includes an administrator cryptography module.
  - 21. The system of claim 20, wherein the administrator cryptography module is configured to perform one or more decryptions on an encrypted portion of data with an enterprise public key and a shared administrator private key to produce information associated with the user secure storage device password.
  - 22. The system of claim 18, further comprising a password recovery box located on the user secure storage device, wherein the administrator secure storage device is configured to receive a password for the password recovery box.
  - 23. The system of claim 18, further comprising a shared administrator keypair that is received at the administrator secure storage device.
  - 24. The system of claim 18, wherein the administrator recovery module further comprises an administrator cryptography module that is configured to decrypt a third encrypted portion of data with the enterprise private key to produce a second encrypted portion of data.
  - 25. The system of claim 24, wherein the administrator cryptography module is further configured to decrypt the second encrypted portion of data with the shared administrator private key to produce a first encrypted portion of data.
  - 26. The system of claim 25, wherein the first encrypted portion of data comprises a first key and a hash of a second key, the administrator cryptography module further configured to take a hash of the first key to determine if there is a match with the hash of the second key.
  - 27. The system of claim 26, wherein the hash of the first key is the same as the hash of the second key.
  - 28. The system of claim 27, wherein the administrator cryptography module is configured to decrypt the hash of the user secure storage device password with a key that was used for encrypting the hash of the user secure storage device password, wherein the decrypted hash of the user secure storage device password is then submitted to the user secure storage device for login.

29. A computer readable storage medium having a program embodied thereon, the program executable by a processor to perform a method for an administrator of an enterprise to recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password, the method comprising:
- communicatively coupling an administrator secure storage device with a host computer;
  
  communicatively coupling the user secure storage device with a host computer;
  
  authenticating the administrator secure storage device to the third-party service;
  
  performing one or more decryptions on an encrypted portion of data with an enterprise private key and a shared administrator private key to produce information associated with the user secure storage device password; and
  
  logging the administrator into the user secure storage device using the information associated with the user secure storage device password without the administrator knowing the user secure storage device password.

30. A method for recovering a user secure storage device in conjunction with a third-party service, the method comprising:
- communicatively coupling the user secure storage device with a host computer;
  
  obtaining a password provided by the third-party service; and
  
  recovering the user secure storage device using the password.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The method of claim 30, the wherein password unlocks the user secure storage device.
  - 32. The method of claim 30, wherein the password allows a user secure storage device password to be retrieved.
  - 33. The method of claim 30, wherein the password is a one-time password.
  - 34. The method of claim 30, wherein the user contacts the administrator and the administrator contacts the third-party service.
  - 35. The method of claim 34, wherein the contacting is done by phone.
  - 36. The method of claim 34, wherein the contacting is via the web.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Marble Security, Inc. (Proofpoint Incorporated)
Inventors
Jevans, David, Spencer, Gil

Granted Patent

US 8,505,075 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/78   to assure secure storage of...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/102   Entity profiles

Enterprise Device Recovery

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

165 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise Device Recovery

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links