PASSWORD RETRIEVAL SYSTEM AND METHOD INVOLVING TOKEN USAGE WITHOUT PRIOR KNOWLEDGE OF THE PASSWORD

US 20150312249A1
Filed: 04/28/2014
Published: 10/29/2015
Est. Priority Date: 04/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to:

store the master password in a first file in a memory of the network device;

store the master password in a second file in the memory of the network device;

encrypt access to the first file using a first password;

encrypt access to the second file using a second password;

send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device;

when the first password is unavailable, send a password retrieval request including the identifier;

receive the second password configured as a one-time use password;

decrypt access to the second file to retrieve the master password; and

,initiate a reset process for subsequent storage of the master password in the memory of the network device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to: store the master password in a first file in a memory of the network device; store the master password in a second file in the memory of the network device; encrypt access to the first file using a first password; encrypt access to the second file using a second password; send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device; when the first password is unavailable, send a password retrieval request including the identifier; receive the second password configured as a one-time use password; decrypt access to the second file to retrieve the master password; and, initiate a reset process for subsequent storage of the master password in the memory of the network device.

16 Citations

View as Search Results

22 Claims

1. A method for managing a master password on a network device, the method stored as a set of instructions executable by a computer processor to:
- store the master password in a first file in a memory of the network device;
  
  store the master password in a second file in the memory of the network device;
  
  encrypt access to the first file using a first password;
  
  encrypt access to the second file using a second password;
  
  send the second password and an identifier associated with the network device over a communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device;
  
  when the first password is unavailable, send a password retrieval request including the identifier;
  
  receive the second password configured as a one-time use password;
  
  decrypt access to the second file to retrieve the master password; and
  
  ,initiate a reset process for subsequent storage of the master password in the memory of the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising to implement the reset process the set of instructions executable by the computer processor to:
    - delete the first file from the memory;
      
      delete the second file from the memory;
      
      store the master password in a third file in the memory;
      
      store the master password in a fourth file in the memory;
      
      encrypt access to the third file using a third password different from the first password;
      
      encrypt access to the fourth file using a fourth password different from the second password; and
      
      ,send the fourth password and the identifier associated with the network device over the communications network to the registration server, the registration server configured for storing the fourth password for subsequent retrieval by the network device.
  - 3. The method of claim 1, wherein the second password is a unique identifier embodied as a token.
  - 4. The method of claim 1, wherein the second password is generated by a user of the network device.
  - 5. The method of claim 1, wherein the second password is generated by the registration server and sent to the network device for use in said encrypt access to the second file, said send the second password contains a confirmation of use of the second password to encrypt the second file rather than the second password itself.
  - 6. The method of claim 2, further comprising the set of instructions executable by the computer processor to:
    - receive by the network device an update password request from the registration server prior to said send the fourth password.
  - 7. The method of claim 1, wherein said send a password retrieval request including the identifier is communicated by a user of the network device manually via a phone call with an administrator of the registration server.
  - 8. The method of claim 1, wherein the set of instructions is implemented as a password manager provisioned on the network device, the password manager configured as a client of the registration server.
  - 9. The method of claim 8, further comprising the set of instructions executable by the computer processor to:
    - restrict subsequent usage of the second password for access to the master password after said decrypt access to the second file in order to enforce one-time use of said one-time use password.
  - 10. The method of claim 1, wherein the first file includes a memory address of the memory, the memory address being the memory location of the stored master password.

11. A method of a registration server for coordinating storage of a master password on a network device, the method stored as a set of instructions executable by a computer processor to:
- implement a password policy for the network device requiring storage of the master password in a first file encrypted by a first password in a memory of the network device and storage of the master password in a second file encrypted by a second password in the memory of the network device;
  
  receive over a communications network from the network device the second password and an identifier associated with the network device;
  
  store in a memory the second password associated with the identifier for subsequent retrieval by the network device;
  
  when the first password is unavailable, receive a password retrieval request including the identifier;
  
  send the second password configured as a one-time use password in response to the password retrieval request; and
  
  ,initiate a reset process for subsequent storage of the master password in the memory of the network device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the password policy requires deletion of the first file from the memory of the network device and deletion of the second file from the memory of the network device, the method further comprising to implement the reset process the set of instructions executable by the computer processor to:
    - receive a third password and the identifier associated with the network device over the communications network from the network device, the third password different from the second password such that the third password represents a password used to encrypt access to a third file storing the master password in the memory of the network device; and
      
      ,store the third password for subsequent retrieval by the network device.
  - 13. The method of claim 11, wherein the second password is a unique identifier embodied as a token.
  - 14. The method of claim 11, wherein the second password is generated by a user of the network device.
  - 15. The method of claim 11, wherein the second password is generated by the registration server and sent to the network device for use in encrypting access to the second file, said receive the second password contains a confirmation of use of the second password to encrypt the second file rather than the second password itself.
  - 16. The method of claim 12, further comprising the set of instructions executable by a computer processor to:
    - send to the network device an update password request prior to said receive the third password.
  - 17. The method of claim 11, wherein said receive a password retrieval request is the identifier communicated by a user of the network device manually via a phone call with an administrator of the registration server.
  - 18. The method of claim 11, wherein the set of instructions is implemented as a password agent provisioned on the registration server, the password agent configured in a client-server relationship with a password manager of the network device.
  - 19. The method of claim 18, further comprising the set of instructions executable by the computer processor to:
    - restrict subsequent usage of the second password for access to the master password in order to enforce one-time use of said one-time use password.
  - 20. The method of claim 11, wherein the first file includes a memory address of the memory, the memory address being the memory location of the stored master password.

21. A network device for managing a master password, comprising:
- a processor coupled to memory and a communications network; and
  
  ,one or more modules within the memory and executable by the processor to;
  
  store the master password in a first file in the memory of the network device;
  
  store the master password in a second file in the memory of the network device;
  
  encrypt access to the first file using a first password;
  
  encrypt access to the second file using a second password;
  
  send the second password and an identifier associated with the network device over the communications network to a registration server, the registration server configured for storing the second password for subsequent retrieval by the network device;
  
  when the first password is unavailable, send a password retrieval request including the identifier;
  
  receive the second password configured as a one-time use password;
  
  decrypt access to the second file to retrieve the master password; and
  
  ,initiate a reset process for subsequent storage of the master password in the memory of the network device.

22. A registration server for coordinating storage of a master password on a network device, comprising:
- a processor coupled to server memory and a communications network; and
  
  ,one or more modules within the server memory and executable by the processor to;
  
  implement a password policy for the network device requiring storage of the master password in a first file encrypted by a first password in a memory of the network device and storage of the master password in a second file encrypted by a second password in the memory of the network device;
  
  receive over the communications network from the network device the second password and an identifier associated with the network device;
  
  store in a memory the second password associated with the identifier for subsequent retrieval by the network device;
  
  when the first password is unavailable, receive a password retrieval request including the identifier;
  
  send the second password configured as a one-time use password in response to the password retrieval request; and
  
  ,initiate a reset process for subsequent storage of the master password in the memory of the network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Fixmo US Incorporated (Blackberry Limited)
Inventors
LAU, Alex, KAPADIA, Mihir, ZHAO, Yunan

Granted Patent

US 9,996,686 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

G06F 21/6209   to a single file or object,...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

PASSWORD RETRIEVAL SYSTEM AND METHOD INVOLVING TOKEN USAGE WITHOUT PRIOR KNOWLEDGE OF THE PASSWORD

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

PASSWORD RETRIEVAL SYSTEM AND METHOD INVOLVING TOKEN USAGE WITHOUT PRIOR KNOWLEDGE OF THE PASSWORD

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links