Method and system for automating the recovery of a credential store when a user has forgotten their password using a temporary key pair created based on a new password provided by the user
First Claim
1. A method, embodied in at least one computer system, of recovering a user'"'"'s credential store, comprising at least the following steps performed by said computer system:
- receiving an indication from said user that said user has forgotten their previous password;
responsive to receipt of said indication that said user has forgotten their password, generating a user interface object in a user interface displayed to said user, said user interface object for receiving a new password from said user;
receiving said new password from said user through said user interface object;
generating, on a client computer system, a temporary encryption key pair based on said new password obtained from said user, said temporary encryption key pair including a public key and a private key;
sending said public key from said client computer system to a recovery process executing on a recovery server computer system;
receiving, by said recovery process, an approval message from a help desk administrator;
obtaining, by said recovery process, recovery information associated with said credential store;
encrypting, by said recovery process responsive to receipt of said approval message, said recovery information using said public key;
downloading said encrypted recovery information to said client computer system;
decrypting said recovery information on said client computer system using said private key; and
obtaining a decrypted copy of said credential store based on said decrypted recovery information to recover the credential store.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user'"'"'s name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user'"'"'s identity and approves the user'"'"'s request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.
-
Citations
17 Claims
-
1. A method, embodied in at least one computer system, of recovering a user'"'"'s credential store, comprising at least the following steps performed by said computer system:
-
receiving an indication from said user that said user has forgotten their previous password; responsive to receipt of said indication that said user has forgotten their password, generating a user interface object in a user interface displayed to said user, said user interface object for receiving a new password from said user; receiving said new password from said user through said user interface object; generating, on a client computer system, a temporary encryption key pair based on said new password obtained from said user, said temporary encryption key pair including a public key and a private key; sending said public key from said client computer system to a recovery process executing on a recovery server computer system; receiving, by said recovery process, an approval message from a help desk administrator; obtaining, by said recovery process, recovery information associated with said credential store; encrypting, by said recovery process responsive to receipt of said approval message, said recovery information using said public key; downloading said encrypted recovery information to said client computer system; decrypting said recovery information on said client computer system using said private key; and obtaining a decrypted copy of said credential store based on said decrypted recovery information to recover the credential store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for recovering a user'"'"'s credential store, comprising:
-
at least one processor; at least one non-transitory computer readable memory, said computer readable memory having program code stored thereon for, when executed on said processor, recovering the user'"'"'s credential store, said program code comprising; program code for receiving an indication from said user that said user has forgotten their previous password; program code for, responsive to receipt of said indication that said user has forgotten their password, generating a user interface object in a user interface displayed to said user, said user interface object for receiving a new password from said user; program code for receiving said new password from said user through said user interface object; program code for generating, on a client computer system, a temporary encryption key pair based on said new password obtained from said user, said temporary encryption key pair including a public key and a private key; program code for sending said public key from said client computer system to a recovery process executing on a recovery server computer system; program code for receiving, by said recovery process, an approval message from a help desk administrator; program code for obtaining, by said recovery process, recovery information associated with said credential store; program code for encrypting, by said recovery process responsive to receipt of said approval message, said recovery information using said public key; program code for downloading said encrypted recovery information to said client computer system; program code for decrypting said recovery information on said client computer system using said private key; and program code for obtaining a decrypted copy of said credential store based on said decrypted recovery information to recover the credential store. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product including a computer readable storage medium, said computer readable storage medium not comprising a propagated signal, said computer readable storage medium having program code stored thereon for recovering a user'"'"'s credential store, said program code comprising:
-
program code for receiving an indication from said user that said user has forgotten their previous password; program code for, responsive to receipt of said indication that said user has forgotten their password, generating a user interface object in a user interface displayed to said user, said user interface object for receiving a new password from said user; program code for receiving said new password from said user through said user interface object; program code for generating, on a client computer system, a temporary encryption key pair based on said new password obtained from said user, said temporary encryption key pair including a public key and a private key; program code for sending said public key from said client computer system to a recovery process executing on a recovery server computer system; program code for receiving, by said recovery process, an approval message from a help desk administrator; program code for obtaining, by said recovery process, recovery information associated with said credential store; program code for encrypting, by said recovery process responsive to receipt of said approval message, said recovery information using said public key; program code for downloading said encrypted recovery information to said client computer system; program code for decrypting said recovery information on said client computer system using said private key; and program code for obtaining a decrypted copy of said credential store based on said decrypted recovery information to recover the credential store.
-
Specification