Credential Recovery

US 20140156989A1
Filed: 12/04/2013
Published: 06/05/2014
Est. Priority Date: 12/04/2012
Status: Active Grant

First Claim

Patent Images

1. A method of credential recovery, comprising the steps of:

i. receiving a credential request for a credential using a mobile application on a mobile communication device;

ii. securely establishing a session key between the mobile application and a mobile application server;

iii. recovering the credential in encrypted form at the mobile application server;

iv. decrypting the credential, and re-encrypting the credential to form a re-encrypted credential using the session key, at the mobile application server;

v. providing the re-encrypted credential to the mobile application;

vi. decrypting the re-encrypted credential at the mobile application to form a decrypted credential; and

vii. outputting the decrypted credential from the mobile application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.

Citations

12 Claims

1. A method of credential recovery, comprising the steps of:
- i. receiving a credential request for a credential using a mobile application on a mobile communication device;
  
  ii. securely establishing a session key between the mobile application and a mobile application server;
  
  iii. recovering the credential in encrypted form at the mobile application server;
  
  iv. decrypting the credential, and re-encrypting the credential to form a re-encrypted credential using the session key, at the mobile application server;
  
  v. providing the re-encrypted credential to the mobile application;
  
  vi. decrypting the re-encrypted credential at the mobile application to form a decrypted credential; and
  
  vii. outputting the decrypted credential from the mobile application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the mobile application server decrypts and re-encrypts the credential within a hardware security module.
  - 3. The method of claim 2, including providing to the hardware security module an authentication code based on one or more elements of the credential request, wherein the hardware security module validates the authentication code and provides the re-encrypted credential only if the authentication code is valid.
  - 4. The method of claim 1, wherein securely establishing a session key comprises generating the session key at the mobile application, encrypting the session key using a public key to form an encrypted session key, sending the encrypted session key to the mobile application server, and decrypting the encrypted session key at the mobile application server using a private key corresponding to a public key.
  - 5. The method of claim 4, wherein the step of encrypting the session key includes padding the session key prior to encryption.
  - 6. The method of claim 1, wherein the session key is generated using a nonce generated by the mobile application.
  - 7. The method of claim 1, wherein the session key is generated using a nonce generated by the mobile application server.
  - 8. The method of claim 1, including authenticating a user of the mobile application.
  - 9. The method of claim 1, including deleting the credential from the mobile communication device after outputting the decrypted credential from the mobile application.

10. A method of operating a server to provide a credential to a mobile application on a mobile communication device, the method comprising the steps of:
- i. securely establishing a session key with the mobile application;
  
  ii. recovering the credential in encrypted form;
  
  iii. decrypting the credential, and re-encrypting the credential using the session key to form a re-encrypted credential; and
  
  iv. providing the re-encrypted credential to the mobile application;
  
  v. decrypting and outputting, by the mobile application, the credential.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein securely establishing a session key comprises receiving the session key, encrypted using a public key, from the mobile application, and decrypting the session key using a private key corresponding to the public key.

12. A method of operating a mobile application to recover a credential on a mobile communication device, comprising the steps of:
- i. receiving a user request for a credential from a server;
  
  ii. securely establishing a session key with the server;
  
  iii. receiving the credential, encrypted with the session key, from the server;
  
  iv. decrypting the credential using the session key to form a decrypted credential; and
  
  v. outputting the decrypted credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barclays Execution Services Ltd. (Barclays PLC)
Original Assignee
Barclays Bank PLC (Barclays PLC)
Inventors
French, George, Lalwani, Akhil

Granted Patent

US 9,800,562 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/045   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/08   for authentication of entit...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

Credential Recovery

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Credential Recovery

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links