Method for enabling an administrator to configure a recovery password
First Claim
1. A method for enabling a user to protect a password stored in a central repository and maintained by a plurality of recovery authorities and to initiate a backup copy of the user'"'"'s credentials, the method comprising:
- retrieving recovery information embedded in the user'"'"'s credentials;
generating a symmetric key and a public key private key pair;
encrypting the user'"'"'s credentials with the public key, wherein the private key is operable to decrypt the user'"'"'s credentials encrypted with the public key;
encrypting said private key with said symmetric key;
identifying a plurality of recovery authorities from the recovery information embedded in the user'"'"'s credentials;
retrieving a public key for each of the plurality of recovery authorities;
generating a recovery password for each of the plurality of recovery authorities based on at least a portion of a user-defined password for the plurality of recovery authorities;
encrypting the symmetric key with each recovery password, wherein the symmetric key encryption includes a quorum requirement of the recovery password generated for each of the plurality of recovery authorities, wherein decrypting the symmetric key includes retrieving the generated recovery passwords from the plurality of recovery authorities; and
encrypting each recovery password of the plurality of recovery authorities with each respective recovery authority'"'"'s public key.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for a enabling a user to initiate a password protected backup copy of the user'"'"'s credentials. The method includes providing a user with a credential store containing information relating to the user'"'"'s identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.
-
Citations
24 Claims
-
1. A method for enabling a user to protect a password stored in a central repository and maintained by a plurality of recovery authorities and to initiate a backup copy of the user'"'"'s credentials, the method comprising:
-
retrieving recovery information embedded in the user'"'"'s credentials; generating a symmetric key and a public key private key pair; encrypting the user'"'"'s credentials with the public key, wherein the private key is operable to decrypt the user'"'"'s credentials encrypted with the public key; encrypting said private key with said symmetric key; identifying a plurality of recovery authorities from the recovery information embedded in the user'"'"'s credentials; retrieving a public key for each of the plurality of recovery authorities; generating a recovery password for each of the plurality of recovery authorities based on at least a portion of a user-defined password for the plurality of recovery authorities; encrypting the symmetric key with each recovery password, wherein the symmetric key encryption includes a quorum requirement of the recovery password generated for each of the plurality of recovery authorities, wherein decrypting the symmetric key includes retrieving the generated recovery passwords from the plurality of recovery authorities; and encrypting each recovery password of the plurality of recovery authorities with each respective recovery authority'"'"'s public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for enabling a user to protect a password stored in a central repository and to initiate a backup copy of the user'"'"'s credentials, the method comprising:
-
providing a user with a credential store containing information relating to the user'"'"'s identity; retrieving recovery information embedded in the information relating to the user'"'"'s identity; querying the user for a password for encrypting at least a portion of said information; receiving a user'"'"'s password in response to said query; generating a symmetric key and a public key private key pair, the symmetric key generated from the user'"'"'s password; encrypting the information relating to the user'"'"'s identity with the public key, wherein the private key is operable to decrypt the information encrypted with the public key; encrypting said private key with said symmetric key; identifying a plurality of recovery authorities from the recovery information embedded in the information relating to the user'"'"'s identity; retrieving a public key for each of the plurality of recovery authorities; generating a recovery password for each of the plurality of recovery authorities based on at least a portion of a user-defined password for the plurality of recovery authorities; encrypting the symmetric key with each recovery password, wherein the symmetric key encryption includes a quorum requirement of the recovery password generated for each of the plurality of recovery authorities, wherein decrypting the symmetric key includes retrieving the generated recovery passwords from the plurality of recovery authorities; encrypting each recovery password of the plurality of recovery authorities with each respective recovery authority'"'"'s public key; linking said user'"'"'s password with said recovery password generated for each of the plurality of recovery authorities; storing said user'"'"'s password and said recovery password generated for each of the plurality of recovery authorities in the credential store; and sending said portion of said information together with said user'"'"'s password and said recovery password generated for each of the plurality of recovery authorities by the user from the credential store to the central repository. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for enabling a user to protect a password stored in a central repository and to initiate a backup copy of the user'"'"'s credentials, the system comprising:
-
a recovery authority server operable to generate a recovery authority public key for each of a plurality of recovery authorities; a user server operable to; retrieve recovery information embedded in the user'"'"'s credentials; generate a symmetric key and a public key private key pair; encrypt the user'"'"'s credentials with the public key, wherein the private key is operable to decrypt the user'"'"'s credentials encrypted with the public key; encrypt the private key with the symmetric key; identify the plurality of recovery authorities from the recovery information embedded in the user'"'"'s credentials; retrieve the recovery authority public key for each of a plurality of recovery authorities from the recovery authority server; generate a recovery password for each of a plurality of recovery authorities based on at least a portion of a user-defined password for the plurality of recovery authorities; encrypt the symmetric key with each recovery password, wherein the symmetric key encryption includes a quorum requirement of the recovery password generated for each of the plurality of recovery authorities, wherein decrypting the symmetric key includes retrieving the generated recovery passwords from the plurality of recovery authorities; encrypt each recovery password of the plurality of recovery authorities with each respective recovery authority'"'"'s public key; a credential store operable to store the recovery password generated for each of the plurality of recovery authorities and the symmetric key; and a central repository operable to store one or more backup copies of content items from the credential store.
-
Specification