Credential Recovery
First Claim
1. A method of credential recovery, comprising the steps of:
- i. receiving a credential request for a credential using a mobile application on a mobile communication device;
ii. securely establishing a session key between the mobile application and a mobile application server;
iii. recovering the credential in encrypted form at the mobile application server;
iv. decrypting the credential, and re-encrypting the credential to form a re-encrypted credential using the session key, at the mobile application server;
v. providing the re-encrypted credential to the mobile application;
vi. decrypting the re-encrypted credential at the mobile application to form a decrypted credential; and
vii. outputting the decrypted credential from the mobile application.
3 Assignments
0 Petitions
Accused Products
Abstract
In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.
-
Citations
12 Claims
-
1. A method of credential recovery, comprising the steps of:
-
i. receiving a credential request for a credential using a mobile application on a mobile communication device; ii. securely establishing a session key between the mobile application and a mobile application server; iii. recovering the credential in encrypted form at the mobile application server; iv. decrypting the credential, and re-encrypting the credential to form a re-encrypted credential using the session key, at the mobile application server; v. providing the re-encrypted credential to the mobile application; vi. decrypting the re-encrypted credential at the mobile application to form a decrypted credential; and vii. outputting the decrypted credential from the mobile application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a server to provide a credential to a mobile application on a mobile communication device, the method comprising the steps of:
-
i. securely establishing a session key with the mobile application; ii. recovering the credential in encrypted form; iii. decrypting the credential, and re-encrypting the credential using the session key to form a re-encrypted credential; and iv. providing the re-encrypted credential to the mobile application; v. decrypting and outputting, by the mobile application, the credential. - View Dependent Claims (11)
-
-
12. A method of operating a mobile application to recover a credential on a mobile communication device, comprising the steps of:
-
i. receiving a user request for a credential from a server; ii. securely establishing a session key with the server; iii. receiving the credential, encrypted with the session key, from the server; iv. decrypting the credential using the session key to form a decrypted credential; and v. outputting the decrypted credential.
-
Specification