Password recovering for mobile applications

US 9,760,710 B2
Filed: 02/28/2014
Issued: 09/12/2017
Est. Priority Date: 02/28/2014
Status: Active Grant

First Claim

Patent Images

1. A mobile device comprising:

at least one processor;

a memory including a data vault for storing a remote password for a user of the mobile device, the remote password being received from the user for use in accessing a remote application executing on a remote server; and

a non-transitory computer readable storage medium for storing instructions included in a mobile application including an encryption manager and a mobile password recovery manager,the at least one processor executing the instructions included in the mobile application causing the encryption manager to;

derive a data vault password from a mobile password provided by the user of the mobile device; and

securely store mobile data stored in the data vault using the data vault password, the mobile data being associated with the mobile application and utilized by the remote application; and

the at least one processor executing the instructions included in the mobile application causing the mobile password recovery manager to;

derive a mobile password recovery key from the remote password;

encrypt the mobile password using the mobile password recovery key; and

recover the mobile data, in case of loss of the mobile password, the recovery including;

receiving, by the mobile password recovery manager and from the data vault, the remote password;

decrypting the encrypted mobile password using the received remote password; and

recovering the data vault password using the decrypted mobile password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.

25 Citations

View as Search Results

20 Claims

1. A mobile device comprising:
- at least one processor;
  
  a memory including a data vault for storing a remote password for a user of the mobile device, the remote password being received from the user for use in accessing a remote application executing on a remote server; and
  
  a non-transitory computer readable storage medium for storing instructions included in a mobile application including an encryption manager and a mobile password recovery manager,the at least one processor executing the instructions included in the mobile application causing the encryption manager to;
  
  derive a data vault password from a mobile password provided by the user of the mobile device; and
  
  securely store mobile data stored in the data vault using the data vault password, the mobile data being associated with the mobile application and utilized by the remote application; and
  
  the at least one processor executing the instructions included in the mobile application causing the mobile password recovery manager to;
  
  derive a mobile password recovery key from the remote password;
  
  encrypt the mobile password using the mobile password recovery key; and
  
  recover the mobile data, in case of loss of the mobile password, the recovery including;
  
  receiving, by the mobile password recovery manager and from the data vault, the remote password;
  
  decrypting the encrypted mobile password using the received remote password; and
  
  recovering the data vault password using the decrypted mobile password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The mobile device of claim 1,wherein the instructions included in the mobile application that when executed by the at least one processor cause the encryption manager to derive the data vault password from the mobile password further include instructions to derive a key from the mobile password, andwherein the instructions included in the mobile application that when executed by the at least one processor cause the encryption manager to securely store the mobile data in the data vault using the data vault password further include instructions to encrypt the mobile data using an encryption algorithm that does not require storage of the mobile password on the mobile device.
  - 3. The mobile device of claim 1,wherein the non-transitory computer readable storage medium further stores instructions included in a browser application, the instructions included in the browser application being executed by the at least one processor;
    - andwherein receiving the remote password includes receiving the remote password from the user of the mobile device interacting with the browser application.
  - 4. The mobile device of claim 2, wherein the instructions included in the mobile application when executed by the at least one processor further cause the mobile password recovery manager to encrypt the key derived from the mobile password using the mobile password recovery key, the encrypting using an encryption algorithm that does not require storage of the mobile password on the mobile device.
  - 5. The mobile device of claim 1, wherein the instructions included in the mobile application that when executed by the at least one processor cause the mobile password recovery manager to encrypt the mobile password using the mobile password recovery key further include instructions to use an encryption algorithm that does not require storage of the mobile password on the mobile device.
  - 6. The mobile device of claim 1, wherein the encrypted mobile password, and/or a key derived from the mobile password, is stored using local storage of a browser application of the mobile device.
  - 7. The mobile device of claim 6, wherein the instructions included in the mobile application when executed by the at least one processor further cause the mobile password recovery manager to:
    - receive the remote password by way of the browser application, anddecrypt the mobile password, and/or the key derived from the mobile password, using the mobile password recovery key.
  - 8. The mobile device of claim 1, wherein the mobile password, and/or a key derived from the mobile password, is stored at the remote server, and further wherein the encrypted mobile password, or encrypted key derived from the mobile password, is also stored at the remote server.
  - 9. The mobile device of claim 8, wherein the instructions included in the mobile application that cause the mobile password recovery manager to recover the mobile data further include instructions that when executed by the at least one processor cause the mobile password recovery manager to:
    - receive the remote password by way of a browser application of the mobile device, andcommunicate with the remote server to decrypt the encrypted mobile password using the mobile password recovery key.
  - 10. The mobile device of claim 1, wherein the instructions included in the mobile application when executed by the at least one processor further cause the mobile password recovery manager to:
    - recover the mobile data without providing the decrypted mobile password to the user of the mobile device, andenforce a password re-set procedure to obtain a new mobile password from the user.

11. A computer-implemented method for executing instructions stored on a non-transitory computer readable storage medium, the method comprising:
- storing, in a data vault included in a mobile device, a remote password for a user of the mobile device, the remote password being received from the user for use in accessing a remote application executing on a remote server;
  
  deriving, by the mobile device, a data vault password from a mobile password provided by the user of the mobile device;
  
  securely storing, by the mobile device, mobile data in the data vault using the data vault password, the mobile data being associated with a mobile application executing on the mobile device;
  
  accessing, by the mobile device, the remote application executing on the remote server;
  
  deriving, by the mobile device, a mobile password recovery key from the remote password;
  
  encrypting, by the mobile device, the mobile password, the encrypting using the mobile password recovery key; and
  
  recovering, by the mobile device and in case of loss of the mobile password, the mobile data, the recovering including;
  
  retrieving the remote password from the data vault;
  
  decrypting the encrypted mobile password using the received remote password; and
  
  recovering the data vault password using the decrypted mobile password.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein securely storing the mobile data comprises:
    - encrypting the mobile data using a key derived from the mobile password using an encryption algorithm that does not require storage of the mobile password.
  - 13. The method of claim 11, wherein encrypting the mobile password using the mobile password recovery key uses an encryption algorithm that does not require storage of the mobile password.
  - 14. The method of claim 11, wherein recovering the mobile data further includes:
    - recovering the mobile data without providing the decrypted mobile password to the user of the mobile device; and
      
      enforcing a password re-set procedure to obtain a new mobile password from the user.

15. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed by at least one processor, are configured to:
- store, in a data vault included in a mobile device, a remote password for a user of the mobile device, the remote password being received from the user for use in accessing a remote application executing on a remote server;
  
  derive a data vault password from a mobile password provided by the user of the mobile device;
  
  securely store mobile data in the data vault using the data vault password, the mobile data being associated with a mobile application executing on the mobile device;
  
  derive a mobile password recovery key from the remote password;
  
  encrypt the mobile password using the mobile password recovery key; and
  
  recover the mobile data, in case of loss of the mobile password, the recovery including;
  
  retrieving the remote password from the data vault;
  
  decrypting the encrypted mobile password using the received remote password; and
  
  recovering the data vault password using the decrypted mobile password.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the instructions, when executed by the at least one processor, are further configured to encrypt the mobile data using a key derived from the mobile password using an encryption algorithm that does not require storage of the mobile password.
  - 17. The computer program product of claim 16, wherein the instructions, when executed by the at least one processor, are further configured to:
    - encrypt the mobile password including encrypting the key derived from the mobile password; and
      
      encrypt the key derived from the mobile password using the mobile password recovery key, the encrypting using an encryption algorithm that does not require storage of the mobile password.
  - 18. The computer program product of claim 15, wherein the instructions, when executed by the at least one processor, to encrypt the mobile password using the mobile password recovery key further includes instructions that when executed by the at least one processor, are further configured to use an encryption algorithm that does not require storage of the mobile password.
  - 19. The computer program product of claim 15, wherein the mobile password, and/or a key derived from the mobile password, is stored at the remote server, and further wherein the encrypted mobile password, or encrypted key derived from the mobile password, is also stored at the remote server.
  - 20. The computer program product of claim 15, wherein the instructions, when executed by the at least one processor, are further configured to:
    - recover the mobile data without providing the decrypted mobile password to the user of the mobile device; and
      
      enforce a password re-set procedure to obtain a new mobile password from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
El Khoury, Paul, Lorch, Robert
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
An, Wayne

Application Number

US14/194,361
Publication Number

US 20150248552A1
Time in Patent Office

1,292 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/083   using passwords cryptograph...

Password recovering for mobile applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Password recovering for mobile applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others