System and method for key recovery

US 7,831,833 B2
Filed: 05/06/2005
Issued: 11/09/2010
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing access to a resource on a server, the method comprising:

receiving, by a password manager agent executing on a server, a first authenticator for a user;

encrypting, by the password manager agent using a first key, in response to receipt of the first authenticator, a user credential required for access to at least one resource;

destroying the first key;

receiving, by the password manager agent subsequent to the destruction of the first key, a second authenticator used to authenticate the user;

receiving, by the server, a request from the user to access the at least one resource;

regenerating, by the password manager agent, the first key following validation of the identity of the user;

decrypting the encrypted user credential using the regenerated first key;

providing the decrypted user credential to the at least one resource;

encrypting the user credential using a second key created following the receipt of the second authenticator; and

destroying the second key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mechanism for transparent key recovery for a user who has changed authentication information is disclosed. A password manager agent intercepts requests by a user to access secure resources that require user credentials. Upon detecting changed authentication information for the user, the password manager agent automatically regenerates the components of a cryptographic key associated with the user that was previously used to encrypt user credentials for the user and then destroyed. After regeneration of the original cryptographic key, the password manager agent uses the key to decrypt the user credentials necessary for the requested application. The regenerated key is then destroyed and the user credentials are re-encrypted by the password manager agent using a new cryptographic key associated with the user made up of multiple components. Following the re-encryption of the user credentials, the components used to assemble the new key are securely stored in multiple locations and the new key is destroyed.

Citations

32 Claims

1. A method of providing access to a resource on a server, the method comprising:
- receiving, by a password manager agent executing on a server, a first authenticator for a user;
  
  encrypting, by the password manager agent using a first key, in response to receipt of the first authenticator, a user credential required for access to at least one resource;
  
  destroying the first key;
  
  receiving, by the password manager agent subsequent to the destruction of the first key, a second authenticator used to authenticate the user;
  
  receiving, by the server, a request from the user to access the at least one resource;
  
  regenerating, by the password manager agent, the first key following validation of the identity of the user;
  
  decrypting the encrypted user credential using the regenerated first key;
  
  providing the decrypted user credential to the at least one resource;
  
  encrypting the user credential using a second key created following the receipt of the second authenticator; and
  
  destroying the second key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - wherein the first authenticator and the second authenticator are at least one of the group of user-supplied domain passwords, tokens, or smart cards, biometrics, SAML assertions and assertions.
  - 3. The method of claim 1, comprising the further step of:
    - receiving a third authenticator from a user prior to the regeneration of the first key.
  - 4. The method of claim 1, comprising the further step of:
    - receiving a third authenticator from an administrator prior to the regeneration of the first key.
  - 5. The method of claim 1, comprising the further step of:
    - receiving a third authenticator from a user; and
      
      receiving a fourth authenticator from an administrator, the third authenticator and the fourth authenticator received prior to the regeneration of the first key.
  - 6. The method of claim 1 wherein the first key used to encrypt the user credential is generated from a plurality of components which are stored in separate locations prior to the first key being regenerated.
  - 7. The method of claim 6 wherein at least some of the components stored in separate locations are retrieved and used to regenerate the first key following the validation of the identity of the user.
  - 8. The method of claim 1, further comprising:
    - destroying the regenerated first key after using the first key to decrypt the encrypted user credential.
  - 9. The method of claim 1 wherein the first key is used to encrypt an authentication key which is used to encrypt the user credential.
  - 10. The method of claim 9 wherein the authentication key is used to encrypt a credential key which is used to encrypt the user credential.
  - 11. The method of claim 1 wherein the first key is created using a plurality of cryptographically strong random numbers generated from a first source.
  - 12. The method of claim 11 wherein the key is created using a cryptographically strong random number generated from a second source.
  - 13. The method of claim 11 wherein at least two of the plurality of cryptographically strong random numbers are combined and hashed as part of the creation of the key.
  - 14. The method of claim 11 wherein at least one of the plurality of cryptographically strong random numbers used to create the key is encrypted prior to being stored in a separate location from the rest of the plurality of cryptographically strong random numbers.
  - 15. The method of claim 1 wherein the resource is an application.

16. A system for providing secure access to a resource on a server, comprising:
- a password management agent executing on a server, the password manager agent detecting a user request to access a secure resource from a user and determining the authenticator associated with the user has changed subsequent to the encryption of a user credential required to access the requested secure resource;
  
  a first key used to encrypt the user credential required to access the requested secure resource, the first key generated from a plurality of cryptographically strong components, destroyed after encrypting the user credential, and regenerated following the detection by the password manager agent of the user request; and
  
  a second key used to encrypt the user credential subsequent to the decryption of the user credential using the regenerated key, the second key generated from a plurality of cryptographically strong components and destroyed after encrypting the user credential.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16 wherein the secure resource is an application.
  - 18. The system of claim 16 wherein the plurality of cryptographically strong components are cryptographically strong random numbers generated by at least two separate processes.
  - 19. The system of claim 18 wherein at least two of the plurality of cryptographically strong random numbers are stored on physically separate devices following the generation of the first and second key.
  - 20. The system of claim 18 wherein at least two of the plurality of cryptographically strong random numbers are stored on logically separate devices following the generation of the first and second key.
  - 21. The system of claim 18 wherein at least two of the plurality of cryptographically strong random numbers are combined and hashed and a result of the hash is used to generate the first or second encryption key.
  - 22. The system of claim 16 wherein at least part of the first or second authenticator is used to generate the first or second encryption key.

23. An article of manufacture having embodied thereon computer-readable program means for providing access to a secure resource on the server, the article of manufacture comprising:
- computer-readable program means for receiving, by a password manager agent executing on a server, a first authenticator for a user;
  
  computer-readable program means for encrypting, by the password manager agent using a first key, in response to receipt of the first authenticator, a user credential required for access to at least one resource;
  
  computer-readable program means for destroying the first key;
  
  computer-readable program means for receiving, by the password manager agent subsequent to the destruction of the first key, a second authenticator used to authenticate the user;
  
  computer-readable program means for receiving, by the server, a request from the user to access the at least one resource;
  
  computer-readable program means for regenerating, by the password manager agent, the first key following validation of the identity of the user;
  
  computer-readable program means for decrypting the encrypted user credential using the regenerated first key;
  
  computer-readable program means for providing the decrypted user credential to the at least one resource;
  
  computer-readable program means for encrypting the user credential using a second key created following the receipt of the second authenticator; and
  
  computer-readable program means for destroying the second key.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The article of manufacture of claim 23 wherein the first authenticator and the second authenticator are at least one of the group of user-supplied domain passwords, tokens, or smart cards, biometrics, SAML assertions and assertions.
  - 25. The article of manufacture of claim 23, comprising further:
    - computer-readable program means for receiving a third authenticator from a user prior to the regeneration of the first key.
  - 26. The article of manufacture of claim 23, comprising further:
    - computer-readable program means for receiving a third authenticator from an administrator prior to the regeneration of the first key.
  - 27. The article of manufacture of claim 23, comprising further:
    - computer-readable program means for receiving a third authenticator from a user; and
      
      computer-readable program means for receiving a fourth authenticator from an administrator, the third authenticator and the fourth authenticator received prior to the regeneration of the first key.
  - 28. The article of manufacture of claim 23 wherein the first key used to encrypt the user credential is generated from a plurality of components which are stored in separate locations prior to the first key being regenerated.
  - 29. The article of manufacture of claim 28 wherein at least some of the components stored in separate locations are retrieved and used to regenerate the first key following the validation of the identity of the user.
  - 30. The article of manufacture of claim 23 wherein the first key is created using a plurality of cryptographically strong random numbers generated from a first source.
  - 31. The article of manufacture of claim 23 wherein the key is created using a cryptographically strong random number generated from a second source.
  - 32. The article of manufacture of claim 30 wherein at least two of the plurality of cryptographically strong random numbers are combined and hashed as part of the creation of the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Gaylor, Timothy R.
Primary Examiner(s)
Laforgia; Christian
Assistant Examiner(s)
Jackson; Jenise E

Application Number

US10/908,318
Publication Number

US 20060242415A1
Time in Patent Office

2,013 Days
Field of Search

713/176, 713/156, 713/171, 713/173, 726 5- 8, 726 18- 19
US Class Current

713/176
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 2221/2107   File encryption

G06F 2221/2115   Third party

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3271   using challenge-response

System and method for key recovery

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for key recovery

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links