System and method for remote reset of password and encryption key

摘要

Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.

主权项

1. A non-transitory electronic device-readable medium bearing code which, when executed by at least one processor of an electronic device, causes the electronic device to:
receive a public key B=bP from a remote entity, wherein P is an elliptic curve point and b is a private key; compute, at the electronic device, a public key D=dP, wherein d is a random value generated at the electronic device, and store D; compute a key encryption key L=dB; encrypt a content encryption key K using the key encryption key L to provide a first encrypted content encryption key, and store the first encrypted content encryption key at the electronic device; subsequently recover the content encryption key K from the first encrypted content encryption key at the electronic device by:
generating a random value r and computing a public key D′=rD;transmitting the public key D′ to the remote entity and receiving in response a public key L′=bD′; anddecrypting the first encrypted content protection key using a value for the key encryption key L calculated as r−1L′, wherein r−1 is an inverse value of r.