×

Credential recovery

  • US 9,800,562 B2
  • Filed: 12/04/2013
  • Issued: 10/24/2017
  • Est. Priority Date: 12/04/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method of credential recovery, comprising the steps of:

  • authenticating a user with a mobile application on a mobile communication device, by entry of a previously registered passcode;

    receiving from the user an identification of a forgotten credential to be recovered using the mobile application;

    requesting the identified credential from a mobile application server using the mobile application;

    securely establishing a session key between the mobile application and the mobile application server;

    recovering from a credential depository the credential in encrypted form, encrypted using an encryption key different from the session key and independent from any information received by the mobile application server from the mobile application;

    decrypting the credential using said encryption key, and encrypting the credential using the session key, at the mobile application server;

    providing the credential encrypted using the session key to the mobile application;

    decrypting the credential encrypted using the session key at the mobile application to form a decrypted credential; and

    displaying the decrypted credential to the user from the mobile application;

    wherein securely establishing a session key comprises generating the session key, encrypting the session key using one of a public key and a private key corresponding to the public key to form an encrypted session key, sending the encrypted session key, and decrypting the encrypted session key using the other of the public key and the private key corresponding to the public key.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×