公开(公告)号：US09094194B2

公开(公告)日：2015-07-28

申请号：US11379088

申请日：2006-04-18

申请人： David S. Kern ,  Shiu F. Poon ,  Robert J. Paganetti

发明人： David S. Kern ,  Shiu F. Poon ,  Robert J. Paganetti

IPC分类号： H04L29/06 ,  H04L9/08

CPC分类号： H04L9/0894

摘要： A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user's name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user's identity and approves the user's request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.

摘要翻译： 一种用于自动恢复凭证存储的系统，其中客户端软件基于新密码生成临时密钥对，并且发送包括用户名，临时密钥对的公开一半以及临时密钥对的主机名的客户端信息 客户端计算机系统到服务器系统，客户端信息从该系统传递到恢复过程。 客户端软件进程显示一个提示，指示用户应该呼叫帮助台。 帮助台管理员通过将批准消息发送到恢复过程来验证用户的身份并批准用户的请求。 恢复过程获得由用于证书存储的解密密钥或证书存储的解密密钥组成的恢复信息，并且使用临时公钥加密恢复信息。 客户端进程从服务器下载恢复信息，并使用临时密钥对的私钥对其进行解密。 然后可以使用恢复信息来解密凭证存储，如果需要，然后基于新密码重新加密。 加密的恢复信息存储在服务器上并重新使用一段时间，之后被删除，从而可以方便地恢复凭证存储的多个副本。

公开(公告)号：US08296827B2

公开(公告)日：2012-10-23

申请号：US11323986

申请日：2005-12-29

申请人： Robert J. Paganetti ,  David S. Kern

发明人： Robert J. Paganetti ,  David S. Kern

IPC分类号： H04L29/06

CPC分类号： G06F21/31 ,  G06F2221/2131

摘要： A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.

摘要翻译： 提供了一种用于使用户能够启动用户凭据的受密码保护的备份副本的方法。 该方法包括向用户提供包含与用户身份相关的信息的凭证存储，为每个恢复机构生成任何长度的不同恢复密码，加密每个恢复授权机构的恢复密码，将加密的恢复密码存储在凭证存储器中， 并将用户信息的副本从凭证存储区发送到中央存储库。

公开(公告)号：US20100115261A1

公开(公告)日：2010-05-06

申请号：US12266470

申请日：2008-11-06

申请人： Richard F. Annicchiarico ,  David S. Kern ,  Robert J. Paganetti

发明人： Richard F. Annicchiarico ,  David S. Kern ,  Robert J. Paganetti

IPC分类号： H04L9/00

CPC分类号： H04L9/0861

摘要： Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key.

摘要翻译： 本发明的实施例解决了在解密加密数据时密封列表管理方面的技术缺陷，并提供了用于加密数据的可扩展密封管理的方法，系统和计算机程序产品。 在本发明的一个实施例中，用于加密数据的可扩展密封管理的方法可以包括识别与加密数据相关联的密封列表中的不同密封件的不同密封提示格式的多个不同的密封提示，并从多个不同的密封提示中选择密封 一个可识别的密封提示格式的提示。 该方法还可以包括根据所选择的密封提示过滤密封件列表中的密封件，并用由所选择的密封件提示指定的解密密钥尝试解密过滤的密封件，以解密过滤的密封件中的一个，以便显示批量密钥。 最后，该方法可以包括使用批量密钥解密加密的数据。