WO2006116147A3 - System and method for key recovery - Google Patents

System and method for key recovery Download PDF

Info

Publication number
WO2006116147A3
WO2006116147A3 PCT/US2006/015189 US2006015189W WO2006116147A3 WO 2006116147 A3 WO2006116147 A3 WO 2006116147A3 US 2006015189 W US2006015189 W US 2006015189W WO 2006116147 A3 WO2006116147 A3 WO 2006116147A3
Authority
WO
WIPO (PCT)
Prior art keywords
user
key
password manager
manager agent
destroyed
Prior art date
Application number
PCT/US2006/015189
Other languages
French (fr)
Other versions
WO2006116147A2 (en
Inventor
Timothy Gaylor
Original Assignee
Citrix Systems Inc
Timothy Gaylor
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citrix Systems Inc, Timothy Gaylor filed Critical Citrix Systems Inc
Priority to GB0721161A priority Critical patent/GB2440854B/en
Publication of WO2006116147A2 publication Critical patent/WO2006116147A2/en
Publication of WO2006116147A3 publication Critical patent/WO2006116147A3/en
Priority to HK08108941.5A priority patent/HK1117244A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Abstract

A secure mechanism for transparent key recovery for a user who has changed authentication information is disclosed. A password manager agent intercepts requests by a user to access secure resources that require user credentials. Upon detecting changed authentication information for the user, the password manager agent automatically regenerates the components of a cryptographic key associated with the user that was previously used to encrypt user credentials for the user and then destroyed. After regeneration of the original cryptographic key, the password manager agent uses the key to decrypt the user credentials necessary for the requested application. The regenerated key is then destroyed and the user credentials are re-encrypted by the password manager agent using a new cryptographic key associated with the user made up of multiple components. Following the re-encryption of the user credentials, the components used to assemble the new key are securely stored in multiple locations and the new key is destroyed.
PCT/US2006/015189 2005-04-22 2006-04-21 System and method for key recovery WO2006116147A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0721161A GB2440854B (en) 2005-04-22 2006-04-21 System and method for key recovery
HK08108941.5A HK1117244A1 (en) 2005-04-22 2008-08-13 System and method for key recovery

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US59460405P 2005-04-22 2005-04-22
US60/594,604 2005-04-22

Publications (2)

Publication Number Publication Date
WO2006116147A2 WO2006116147A2 (en) 2006-11-02
WO2006116147A3 true WO2006116147A3 (en) 2006-12-28

Family

ID=37038278

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/015189 WO2006116147A2 (en) 2005-04-22 2006-04-21 System and method for key recovery

Country Status (4)

Country Link
US (1) US7831833B2 (en)
GB (1) GB2440854B (en)
HK (1) HK1117244A1 (en)
WO (1) WO2006116147A2 (en)

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117239B1 (en) 2000-07-28 2006-10-03 Axeda Corporation Reporting the state of an apparatus to a remote computer
US7185014B1 (en) 2000-09-22 2007-02-27 Axeda Corporation Retrieving data from a server
US8108543B2 (en) 2000-09-22 2012-01-31 Axeda Corporation Retrieving data from a server
US7254601B2 (en) 2001-12-20 2007-08-07 Questra Corporation Method and apparatus for managing intelligent assets in a distributed environment
US7178149B2 (en) 2002-04-17 2007-02-13 Axeda Corporation XML scripting of soap commands
US7966418B2 (en) 2003-02-21 2011-06-21 Axeda Corporation Establishing a virtual tunnel between two computer programs
US9281945B2 (en) * 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US8094811B2 (en) * 2005-03-31 2012-01-10 Panasonic Corporation Data encryption device and data encryption method
WO2007017882A1 (en) * 2005-08-05 2007-02-15 Hewlett-Packard Development Company L.P. System, method and apparatus for cryptography key management for mobile devices
US8095960B2 (en) * 2005-11-21 2012-01-10 Novell, Inc. Secure synchronization and sharing of secrets
US8296827B2 (en) * 2005-12-29 2012-10-23 International Business Machines Corporation Method for enabling an administrator to configure a recovery password
JP4352054B2 (en) * 2006-01-23 2009-10-28 株式会社東芝 Information processing apparatus and key restoration method
US8370479B2 (en) 2006-10-03 2013-02-05 Axeda Acquisition Corporation System and method for dynamically grouping devices based on present device conditions
US20080104410A1 (en) * 2006-10-25 2008-05-01 Brown Daniel R Electronic clinical system having two-factor user authentication prior to controlled action and method of use
US8424077B2 (en) * 2006-12-18 2013-04-16 Irdeto Canada Corporation Simplified management of authentication credentials for unattended applications
US8619978B2 (en) * 2006-12-22 2013-12-31 Pagebites, Inc. Multiple account authentication
US8065397B2 (en) 2006-12-26 2011-11-22 Axeda Acquisition Corporation Managing configurations of distributed devices
US20100250937A1 (en) * 2007-03-05 2010-09-30 Vidoop, Llc Method And System For Securely Caching Authentication Elements
US7864960B2 (en) * 2007-05-31 2011-01-04 Novell, Inc. Techniques for securing content in an untrusted environment
US8862893B2 (en) * 2008-06-11 2014-10-14 Microsoft Corporation Techniques for performing symmetric cryptography
US8132019B2 (en) * 2008-06-17 2012-03-06 Lenovo (Singapore) Pte. Ltd. Arrangements for interfacing with a user access manager
US8989383B2 (en) * 2009-01-05 2015-03-24 Imation Corp. Data authentication using plural electronic keys
US8707082B1 (en) * 2009-10-29 2014-04-22 Symantec Corporation Method and system for enhanced granularity in fencing operations
CA2701061C (en) * 2010-04-19 2014-03-25 Diversinet Corp. Method and system for recovering a security credential
US8949939B2 (en) * 2010-10-13 2015-02-03 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system
US9280650B2 (en) * 2010-10-15 2016-03-08 Hewlett-Packard Development Company, L.P. Authenticate a fingerprint image
US9105009B2 (en) 2011-03-21 2015-08-11 Microsoft Technology Licensing, Llc Email-based automated recovery action in a hosted environment
US9141779B2 (en) 2011-05-19 2015-09-22 Microsoft Technology Licensing, Llc Usable security of online password management with sensor-based authentication
US8687814B2 (en) 2011-05-20 2014-04-01 Citrix Systems, Inc. Securing encrypted virtual hard disks
US8839257B2 (en) 2011-11-22 2014-09-16 Microsoft Corporation Superseding of recovery actions based on aggregation of requests for automated sequencing and cancellation
US8769303B2 (en) 2011-12-05 2014-07-01 Microsoft Corporation Infrastructure independent recovery key release
US8656180B2 (en) * 2011-12-06 2014-02-18 Wwpass Corporation Token activation
US9489528B2 (en) 2011-12-12 2016-11-08 Microsoft Technology Licensing, Llc Single use recovery key
US20130159699A1 (en) * 2011-12-16 2013-06-20 F-Secure Corporation Password Recovery Service
US8561209B2 (en) 2011-12-19 2013-10-15 Microsoft Corporation Volume encryption lifecycle management
RU2481632C1 (en) * 2011-12-28 2013-05-10 Закрытое акционерное общество "Лаборатория Касперского" System and method of recovering password and encrypted data on mobile devices
US8819443B2 (en) * 2012-02-14 2014-08-26 Western Digital Technologies, Inc. Methods and devices for authentication and data encryption
US9698975B2 (en) 2012-02-15 2017-07-04 Blackberry Limited Key management on device for perimeters
EP2629227B1 (en) * 2012-02-15 2016-04-27 BlackBerry Limited Key management on device for perimeters
US9460303B2 (en) 2012-03-06 2016-10-04 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
US9935768B2 (en) * 2012-08-06 2018-04-03 Samsung Electronics Co., Ltd. Processors including key management circuits and methods of operating key management circuits
US8881249B2 (en) 2012-12-12 2014-11-04 Microsoft Corporation Scalable and automated secret management
US9325791B1 (en) 2013-03-12 2016-04-26 Western Digital Technologies, Inc. Cloud storage brokering service
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US9461820B1 (en) * 2013-06-05 2016-10-04 Teradici Corporation Method and apparatus for providing a conditional single sign on
US9369289B1 (en) * 2013-07-17 2016-06-14 Google Inc. Methods and systems for performing secure authenticated updates of authentication credentials
GB2527603B (en) 2014-06-27 2016-08-10 Ibm Backup and invalidation of authentication credentials
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
IL242717A0 (en) * 2015-11-23 2016-02-29 Nuvoton Technology Corp Systems and methods for cache memory authentication
US10645068B2 (en) * 2015-12-28 2020-05-05 United States Postal Service Methods and systems for secure digital credentials
US9971879B2 (en) 2016-05-26 2018-05-15 Adobe Systems Incorporated Secure recording and rendering of encrypted multimedia content
US10944571B2 (en) * 2017-06-04 2021-03-09 Apple Inc. Device re-activation
US20180375648A1 (en) * 2017-06-22 2018-12-27 Citrix Systems, Inc. Systems and methods for data encryption for cloud services
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
KR102483374B1 (en) * 2018-05-11 2022-12-30 한국전자통신연구원 Apparatus and method for generating quantum random number
US11611541B2 (en) 2018-08-07 2023-03-21 Citrix Systems, Inc. Secure method to replicate on-premise secrets in a cloud environment
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
WO2021056069A1 (en) * 2019-09-25 2021-04-01 Commonwealth Scientific And Industrial Research Organisation Cryptographic services for browser applications
US20220377061A1 (en) * 2021-05-20 2022-11-24 Zebra Technonolgies Corporation Accelerated Reconnection in Authenticated Networks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002102023A1 (en) * 2001-06-13 2002-12-19 Citrix Systems, Inc. Authentication of a user across communication sessions
WO2005036857A1 (en) * 2003-10-10 2005-04-21 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5418854A (en) * 1992-04-28 1995-05-23 Digital Equipment Corporation Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system
US6950991B2 (en) * 1995-11-13 2005-09-27 Citrix Systems, Inc. Interacting with software applications displayed in a web page
US7555529B2 (en) * 1995-11-13 2009-06-30 Citrix Systems, Inc. Interacting with software applications displayed in a web page
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
US6026440A (en) * 1997-01-27 2000-02-15 International Business Machines Corporation Web server account manager plug-in for monitoring resources
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6160891A (en) * 1997-10-20 2000-12-12 Sun Microsystems, Inc. Methods and apparatus for recovering keys
WO1999026121A2 (en) * 1997-11-13 1999-05-27 Hyperspace Communications, Inc. File transfer system
US6243816B1 (en) * 1998-04-30 2001-06-05 International Business Machines Corporation Single sign-on (SSO) mechanism personal key manager
US6886098B1 (en) * 1999-08-13 2005-04-26 Microsoft Corporation Systems and methods for compression of key sets having multiple keys
FR2802666B1 (en) * 1999-12-17 2002-04-05 Activcard COMPUTER SYSTEM FOR ACCREDITATION ACCESS APPLICATION
US20010056541A1 (en) * 2000-05-11 2001-12-27 Natsume Matsuzaki File management apparatus
US6845383B1 (en) * 2000-06-19 2005-01-18 International Business Machines Corporation System and method for managing concurrent scheduled or on-demand replication of subscriptions
US9038170B2 (en) * 2000-07-10 2015-05-19 Oracle International Corporation Logging access system events
US6947556B1 (en) * 2000-08-21 2005-09-20 International Business Machines Corporation Secure data storage and retrieval with key management and user authentication
US20020078243A1 (en) * 2000-12-15 2002-06-20 International Business Machines Corporation Method and apparatus for time synchronization in a network data processing system
US20030115452A1 (en) * 2000-12-19 2003-06-19 Ravi Sandhu One time password entry to access multiple network sites
US7085834B2 (en) * 2000-12-22 2006-08-01 Oracle International Corporation Determining a user's groups
US20050210263A1 (en) * 2001-04-25 2005-09-22 Levas Robert G Electronic form routing and data capture system and method
US20030014368A1 (en) * 2001-07-09 2003-01-16 Travelers Express Inc. Systems, methods and apparatus for secure printing of negotiable instruments
US6880002B2 (en) * 2001-09-05 2005-04-12 Surgient, Inc. Virtualized logical server cloud providing non-deterministic allocation of logical attributes of logical servers to physical resources
US7447755B1 (en) * 2002-03-18 2008-11-04 Blue Coat Systems, Inc. Method and apparatus for policy management in a network device
US6931133B2 (en) * 2002-09-03 2005-08-16 Verisign, Inc. Method and system of securely escrowing private keys in a public key infrastructure
US7499401B2 (en) * 2002-10-21 2009-03-03 Alcatel-Lucent Usa Inc. Integrated web cache
US7363500B2 (en) * 2002-12-03 2008-04-22 Juniper Networks, Inc. Tunneled authentication protocol for preventing man-in-the-middle attacks
US7103772B2 (en) * 2003-05-02 2006-09-05 Giritech A/S Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US7546630B2 (en) * 2003-07-17 2009-06-09 International Business Machines Corporation Methods, systems, and media to authenticate a user
US7735114B2 (en) * 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7353499B2 (en) * 2003-09-25 2008-04-01 Sun Microsystems, Inc. Multiple instruction dispatch tables for application program obfuscation
US20050086477A1 (en) * 2003-10-16 2005-04-21 Taiwan Semiconductor Manufacturing Co. Integrate PGP and Lotus Notes to encrypt / decrypt email
US7827590B2 (en) * 2003-12-10 2010-11-02 Aventail Llc Controlling access to a set of resources in a network
US8255973B2 (en) * 2003-12-10 2012-08-28 Chris Hopen Provisioning remote computers for accessing resources
US7437736B2 (en) * 2004-03-10 2008-10-14 Citibank, N.A. Method and apparatus for managing workflow in a single sign-on framework
US8340283B2 (en) * 2004-06-30 2012-12-25 International Business Machines Corporation Method and system for a PKI-based delegation process
US7797342B2 (en) * 2004-09-03 2010-09-14 Sybase, Inc. Database system providing encrypted column support for applications
US8112789B2 (en) * 2005-10-11 2012-02-07 Citrix Systems, Inc. Systems and methods for facilitating distributed authentication
US20070174429A1 (en) * 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
JP4863777B2 (en) * 2006-06-07 2012-01-25 富士通株式会社 Communication processing method and computer system
US7934253B2 (en) * 2006-07-20 2011-04-26 Trustwave Holdings, Inc. System and method of securing web applications across an enterprise

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002102023A1 (en) * 2001-06-13 2002-12-19 Citrix Systems, Inc. Authentication of a user across communication sessions
WO2005036857A1 (en) * 2003-10-10 2005-04-21 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES A J ET AL: "Handbook of Appied Cryptography , CHAPTER 5 - PSEUDORANDOM BITS AND SEQUENCES", HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS, BOCA RATON, FL, CRC PRESS, US, 1997, pages 169 - 190, XP002403364 *

Also Published As

Publication number Publication date
GB0721161D0 (en) 2007-12-12
GB2440854B (en) 2010-03-31
GB2440854A (en) 2008-02-13
HK1117244A1 (en) 2009-01-09
WO2006116147A2 (en) 2006-11-02
US7831833B2 (en) 2010-11-09
US20060242415A1 (en) 2006-10-26

Similar Documents

Publication Publication Date Title
WO2006116147A3 (en) System and method for key recovery
JP6609010B2 (en) Multiple permission data security and access
WO2004040410A3 (en) Password encryption key
Deshmukh et al. Transparent Data Encryption--Solution for Security of Database Contents
MXPA05005218A (en) Secure storage on recordable medium in a content protection system.
GB2496354B (en) A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
WO2006089160A3 (en) Videonline security network architecture and methods therefor
WO2008121157A3 (en) Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
WO2009158086A3 (en) Techniques for ensuring authentication and integrity of communications
WO2007044276A3 (en) Partial encryption techniques for media data
RU2010114241A (en) MULTIFACTOR CONTENT PROTECTION
CN103236930A (en) Data encryption method and system
MXPA06000364A (en) Method for generating and managing a local area network.
TW200707255A (en) Data transcription in a data storage device
ATE433245T1 (en) DATA TRANSFER AND MANAGEMENT PROCEDURES
WO2004034184A3 (en) Encrypting operating system
WO2010141445A3 (en) Workgroup key wrapping for community of interest membership authentication
WO2008124201A3 (en) Secure file encryption
WO2014162264A1 (en) Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters
CN104601579A (en) Computer system for ensuring information security and method thereof
WO2007089266A3 (en) Administration of data encryption in enterprise computer systems
WO2007126794A3 (en) Accessing data storage devices
WO2010011921A3 (en) Http authentication and authorization management
WO2008030991A3 (en) Security methods for preventing access to educational information by third parties
JP2007515723A5 (en)

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 0721161

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20060421

WWE Wipo information: entry into national phase

Ref document number: 0721161.8

Country of ref document: GB

NENP Non-entry into the national phase

Ref country code: RU

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06758482

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 06758482

Country of ref document: EP

Kind code of ref document: A2