Password Recovery Service
First Claim
1. A method of enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, the method comprising:
- receiving a user secret from the user;
encrypting the encryption key with the user secret to produce a user encrypted key and storing the user encrypted key on the client device;
encrypting the encryption key with a service operator secret to produce a back-up encrypted key and storing the back-up encrypted key; and
removing the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret.
1 Assignment
0 Petitions
Accused Products
Abstract
According to aspects of the present invention there are provided methods and apparatus for enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, enabling the user to change a user secret previously used to secure the encryption key, and enabling a server to update the user secret with a new user secret for securing a previous user encrypted key. The new user encrypted key can be used by the client device for encrypting and decrypting data, including data encrypted and decrypted using the previous user encrypted key. The methods for enabling a user to secure and back-up the encryption key and enabling a user to change the user secret may be performed on the client device or a trusted third party or service provider device. The method for updating the user secret with a new user secret may be performed on a service operator server or system.
146 Citations
30 Claims
-
1. A method of enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, the method comprising:
-
receiving a user secret from the user; encrypting the encryption key with the user secret to produce a user encrypted key and storing the user encrypted key on the client device; encrypting the encryption key with a service operator secret to produce a back-up encrypted key and storing the back-up encrypted key; and removing the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 28)
-
-
10. A method for enabling a user to change a user secret previously used to secure an encryption key for use by a client device in encrypting and decrypting data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the method comprising the steps of:
-
receiving the back-up encrypted key and a new user secret; encrypting the new user secret and the back-up encrypted key with the service operator secret to produce encrypted back-up information; transmitting the encrypted back-up information to the service operator for securely encrypting the encryption key using the new user secret to produce a new user encrypted key, wherein the new user encrypted key is used for updating the previous user encrypted key stored on the client device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 29)
-
-
19. A method for enabling a server to update a previous user encrypted key secured by encrypting an encryption key with a user secret, the encryption key for use by a client device of the user to encrypt and decrypt data, and the user having access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the method comprising the steps of:
-
receiving encrypted back-up information from the user at the server, the encrypted back-up information comprising a new user secret and the back-up encrypted key encrypted with the service operator secret; decrypting the encrypted back-up information using a corresponding service operator secret to produce the encryption key and the new user secret; encrypting the encryption key with the new user secret producing a new user encrypted key; removing the received back-up encrypted information, the decrypted new user secret and the decrypted encryption key such that the server only has access to the new user encrypted key; storing the new user encrypted key for use by the user in updating the previous user encrypted key on the client device. - View Dependent Claims (20, 21, 30)
-
-
22. An apparatus for use in enabling a user to secure and back-up an encryption key for use by a client device of the user in encrypting and decrypting data, the apparatus comprising:
-
a receiver, a transmitter, a memory unit, and a processor, the processor being connected to the receiver, to the transmitter, and to the memory unit, wherein; the processor is configured to; receive a user secret; encrypt the encryption key with the user secret to produce a user encrypted key and store the user encrypted key on the memory unit; encrypt the encryption key with a service operator secret to produce a back-up encrypted key and store the back-up encrypted key; and remove the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret. - View Dependent Claims (23)
-
-
24. An apparatus for use in enabling a user to change a user secret previously used to secure an encryption key for use by a client device in encrypting and decrypting data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the apparatus comprising:
-
a receiver, a transmitter, a memory unit, and processor, the processor being connected to the receiver, to the transmitter, and to the memory unit, wherein; the processor is configured to; receive a new user secret and the back-up encrypted key; encrypt the new user secret and the back-up encryption key with the service operator secret to produce encrypted back-up information; and the transmitter is configured to transmit the encrypted back-up information to the service operator for securely encrypting the encryption key using the new user secret to produce a new user encrypted key for use in updating the previous user encrypted key stored on the client device. - View Dependent Claims (25)
-
-
26. An apparatus for use in enabling a service operator to update a previous user encrypted key secured by encrypting an encryption key with a user secret, the encryption key for use by a user'"'"'s client device to encrypt and decrypt data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the apparatus comprising:
-
a receiver, a transmitter, a memory unit, and processor, the processor being connected to the receiver, to the transmitter, and to the memory unit wherein; the receiver is configured for receiving encrypted back-up information from the user, the encrypted back-up information comprising a new user secret and the back-up encrypted key encrypted with the service operator secret; and the processor is configured to; decrypt the encrypted back-up information using a corresponding service operator secret producing the encryption key and the new user secret; encrypt the encryption key with the new user secret producing a new user encrypted key; remove the received back-up encrypted information, the decrypted new user secret and the decrypted encryption key such that the service operator only has access to the new user encrypted key; and store the new user encrypted key for use by the user in updating the previous user encrypted key on the client device. - View Dependent Claims (27)
-
Specification