公开(公告)号：US08612766B2

公开(公告)日：2013-12-17

申请号：US13176735

申请日：2011-07-05

申请人： Stefan Thom ,  Robert K. Spiger ,  Magnus Nyström ,  Himanshu Soni ,  Marc R. Barbour ,  Nick Voicu ,  Xintong Zhou ,  Kirk Shoop

发明人： Stefan Thom ,  Robert K. Spiger ,  Magnus Nyström ,  Himanshu Soni ,  Marc R. Barbour ,  Nick Voicu ,  Xintong Zhou ,  Kirk Shoop

IPC分类号： G06F21/00

CPC分类号： G06F21/602 ,  G06F21/30 ,  G06F21/31 ,  G06F21/57 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2131 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/3271 ,  H04L2209/127

摘要： Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

公开(公告)号：US20130013928A1

公开(公告)日：2013-01-10

申请号：US13176735

申请日：2011-07-05

申请人： Stefan Thom ,  Robert K. Spiger ,  Magnus Nystrôm ,  Himanshu Soni ,  Marc R. Barbour ,  Nick Voicu ,  Xintong Zhou ,  Kirk Shoop

发明人： Stefan Thom ,  Robert K. Spiger ,  Magnus Nystrôm ,  Himanshu Soni ,  Marc R. Barbour ,  Nick Voicu ,  Xintong Zhou ,  Kirk Shoop

IPC分类号： G06F21/00

CPC分类号： G06F21/602 ,  G06F21/30 ,  G06F21/31 ,  G06F21/57 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2131 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/3271 ,  H04L2209/127

摘要： Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

摘要翻译： 利用可信执行环境作为虚拟智能卡的计算设备被设计为当用户凭证（例如，个人识别号码（PIN），密码等）已被忘记或未知时，支持预期凭证恢复操作。 计算设备生成由管理实体提供的PIN解锁密钥（PUK）保护的加密密钥。 如果用户PIN不能输入到计算设备，则可以输入PUK以解锁锁定的密码密钥，从而提供对受保护数据的访问。 计算设备还可以或替代地产生一组挑战并且对其做出响应。 制定的响应各自用于保护计算设备加密密钥。 如果用户PIN不能输入到计算设备，则实体可以请求挑战。 计算设备从一组生成的挑战中发出挑战。 在接收到有效响应之后，计算设备可以解除与发出的挑战相关联的安全计算设备加密密钥，并随后提供对受保护数据的访问。