Password Recovery Service

US 20130159699A1
Filed: 12/16/2011
Published: 06/20/2013
Est. Priority Date: 12/16/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, the method comprising:

receiving a user secret from the user;

encrypting the encryption key with the user secret to produce a user encrypted key and storing the user encrypted key on the client device;

encrypting the encryption key with a service operator secret to produce a back-up encrypted key and storing the back-up encrypted key; and

removing the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to aspects of the present invention there are provided methods and apparatus for enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, enabling the user to change a user secret previously used to secure the encryption key, and enabling a server to update the user secret with a new user secret for securing a previous user encrypted key. The new user encrypted key can be used by the client device for encrypting and decrypting data, including data encrypted and decrypted using the previous user encrypted key. The methods for enabling a user to secure and back-up the encryption key and enabling a user to change the user secret may be performed on the client device or a trusted third party or service provider device. The method for updating the user secret with a new user secret may be performed on a service operator server or system.

146 Citations

30 Claims

1. A method of enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, the method comprising:
- receiving a user secret from the user;
  
  encrypting the encryption key with the user secret to produce a user encrypted key and storing the user encrypted key on the client device;
  
  encrypting the encryption key with a service operator secret to produce a back-up encrypted key and storing the back-up encrypted key; and
  
  removing the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 28)
- - 2. A method according to claim 1, wherein the client device performs encryption or decryption of data by:
    - prompting the user for the user secret;
      
      decrypting the user encrypted key with the user secret to produce the encryption key;
      
      encrypting or decrypting data using the produced encryption key; and
      
      removing the produced encryption key;
  - 3. A method according to claim 1, wherein the step of storing the back-up encrypted key further comprises storing the back-up encrypted key in a machine readable format.
  - 4. A method according to claim 1, wherein the step of storing the back-up encrypted key further comprises storing the back-up encrypted key externally to the client device in a machine readable format.
  - 5. A method according to claim 1, wherein the user secret includes at least one form of secret information from the group of:
    - a user password;
      
      a user passcode;
      
      biometric data;
      
      a secret gesture;
      
      a biometric fingerprint;
      
      facial recognition data;
      
      voice recognition data;
      
      information or data of the user to secure the encryption key; and
      
      information or data selected by the user to secure the encryption key.
  - 6. A method according to claim 1, wherein the step of receiving the user secret further comprises the steps of:
    - inputting a plaintext user secret; and
      
      encrypting the plaintext user secret to produce the user secret.
  - 7. A method according to claim 1, wherein the client device is unable to decrypt the back-up encrypted key using the service operator secret.
  - 8. A method according to claim 7, wherein the service operator secret is a public encryption key and the service operator has a corresponding private encryption key.
  - 9. A method according to claim 1, further comprising synchronising the user encrypted key with a further client device for encrypting and decrypting data using the further client device.
  - 28. A computer readable medium including computer program instructions stored thereon which, when executed on one or more processors, performs the method steps of claim 1.

10. A method for enabling a user to change a user secret previously used to secure an encryption key for use by a client device in encrypting and decrypting data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the method comprising the steps of:
- receiving the back-up encrypted key and a new user secret;
  
  encrypting the new user secret and the back-up encrypted key with the service operator secret to produce encrypted back-up information;
  
  transmitting the encrypted back-up information to the service operator for securely encrypting the encryption key using the new user secret to produce a new user encrypted key, wherein the new user encrypted key is used for updating the previous user encrypted key stored on the client device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 29)
- - 11. A method according to claim 10 further comprising the step of receiving the new user encrypted key for updating the previous user encrypted key stored on the client device.
  - 12. A method according to claim 10, wherein the back-up encrypted key is stored externally to the client device in a machine readable format.
  - 13. A method according to claim 10, wherein the step of receiving the new user encrypted key further comprises retrieving from the service operator the new user encrypted key for use in updating the previous user encrypted key stored on the client device.
  - 14. A method according to claim 10, wherein:
    - the step of receiving further comprises the client device or a third party device performing the step of receiving the back-up encrypted key and the new user secret;
      
      the step of encrypting further comprises the client device or the third party device encrypting the new user secret and the back-up encryption key with the service operator secret to produce encrypted back-up information;
      
      the step of transmitting further comprises the client device or the third party device transmitting the encrypted back-up information to the service operator.
  - 15. A method according to claim 14, further comprising authenticating the identity of the user prior to transmitting the encrypted back-up information to the service operator.
  - 16. A method according to claim 14, wherein the step of transmitting the encrypted back-up information to the service operator further comprises transmitting the encrypted back-up information to the service operator via a third party.
  - 17. A method according to claim 16, further comprising transmitting authentication information from the client device for use by the third party in authenticating the user prior to the third party transmitting the back-up encrypted information to the service operator.
  - 18. A method according to claim 10, wherein the service operator secret is a public encryption key and the service operator has a corresponding private encryption key for decrypting the back-up encrypted information.
  - 29. A computer readable medium including computer program instructions stored thereon which, when executed on one or more processors, performs the method steps of claim 10.

19. A method for enabling a server to update a previous user encrypted key secured by encrypting an encryption key with a user secret, the encryption key for use by a client device of the user to encrypt and decrypt data, and the user having access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the method comprising the steps of:
- receiving encrypted back-up information from the user at the server, the encrypted back-up information comprising a new user secret and the back-up encrypted key encrypted with the service operator secret;
  
  decrypting the encrypted back-up information using a corresponding service operator secret to produce the encryption key and the new user secret;
  
  encrypting the encryption key with the new user secret producing a new user encrypted key;
  
  removing the received back-up encrypted information, the decrypted new user secret and the decrypted encryption key such that the server only has access to the new user encrypted key;
  
  storing the new user encrypted key for use by the user in updating the previous user encrypted key on the client device.
- View Dependent Claims (20, 21, 30)
- - 20. A method according to claim 19, further comprising the step of synchronising the client device with the new user encrypted key on the server.
  - 21. A method according to claim 19, wherein the service operator secret is a public encryption key and the corresponding service operator secret is a private encryption key for decrypting the back-up encrypted information and back-up encrypted key.
  - 30. A computer readable medium including computer program instructions stored thereon, which when executed on one or more processors, performs the method steps of claim 19.

22. An apparatus for use in enabling a user to secure and back-up an encryption key for use by a client device of the user in encrypting and decrypting data, the apparatus comprising:
- a receiver, a transmitter, a memory unit, and a processor, the processor being connected to the receiver, to the transmitter, and to the memory unit, wherein;
  
  the processor is configured to;
  
  receive a user secret;
  
  encrypt the encryption key with the user secret to produce a user encrypted key and store the user encrypted key on the memory unit;
  
  encrypt the encryption key with a service operator secret to produce a back-up encrypted key and store the back-up encrypted key; and
  
  remove the encryption key such that the encryption key can only be accessed by the client device via the user encrypted key and the user secret.
- View Dependent Claims (23)
- - 23. An apparatus according to claim 22, wherein the processor and transmitter are further configured to synchronise the new user encrypted key with a further client device for encrypting and decrypting data using the further client device.

24. An apparatus for use in enabling a user to change a user secret previously used to secure an encryption key for use by a client device in encrypting and decrypting data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the apparatus comprising:
- a receiver, a transmitter, a memory unit, and processor, the processor being connected to the receiver, to the transmitter, and to the memory unit, wherein;
  
  the processor is configured to;
  
  receive a new user secret and the back-up encrypted key;
  
  encrypt the new user secret and the back-up encryption key with the service operator secret to produce encrypted back-up information; and
  
  the transmitter is configured to transmit the encrypted back-up information to the service operator for securely encrypting the encryption key using the new user secret to produce a new user encrypted key for use in updating the previous user encrypted key stored on the client device.
- View Dependent Claims (25)
- - 25. An apparatus according to claim 24, wherein the processor, transmitter, and receiver are further configured to synchronise the new user encrypted key with the client device for encrypting and decrypting data.

26. An apparatus for use in enabling a service operator to update a previous user encrypted key secured by encrypting an encryption key with a user secret, the encryption key for use by a user'"'"'s client device to encrypt and decrypt data, wherein the user has access to a back-up encrypted key comprising the encryption key encrypted by a service operator secret, the apparatus comprising:
- a receiver, a transmitter, a memory unit, and processor, the processor being connected to the receiver, to the transmitter, and to the memory unit wherein;
  
  the receiver is configured for receiving encrypted back-up information from the user, the encrypted back-up information comprising a new user secret and the back-up encrypted key encrypted with the service operator secret; and
  
  the processor is configured to;
  
  decrypt the encrypted back-up information using a corresponding service operator secret producing the encryption key and the new user secret;
  
  encrypt the encryption key with the new user secret producing a new user encrypted key;
  
  remove the received back-up encrypted information, the decrypted new user secret and the decrypted encryption key such that the service operator only has access to the new user encrypted key; and
  
  store the new user encrypted key for use by the user in updating the previous user encrypted key on the client device.
- View Dependent Claims (27)
- - 27. An apparatus according to claim 26, wherein the transmitter is configured to send the new user encrypted key to the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F-Secure Corporation (F-Secure Oyj)
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
TORKKEL, Juha

Application Number

US13/328,002
Publication Number

US 20130159699A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

H04L 9/0897 involving additional device...

Password Recovery Service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

146 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Password Recovery Service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links