| 摘要 |
The described embodiments relate to methods, systems, and products for providing verification code recovery and remote authentication for a plurality of devices configured for electronic communication with a server. Specifically, in the methods, systems, and products, the user entrusts information about the user's verification code to the service provider, and only with cooperation between the user and the service provider can a lost verification code be recovered. The service provider can further authenticate the user before cooperating in the recovery process by way of a time-sensitive authentication sequence that involves the user device. |
| 主权项 |
1. A method for recovering a verification code defined by a user in an encryption agent installed on at least one device controlled by the user, each device configured for communication with a remote service provider server, the method comprising:
for each device of the at least one device, operating a processor of that device under control of the encryption agent to:
generate a local recovery code based on the verification code and a remote recovery code based on the verification code, wherein the verification code is determinable from a combination of the local recovery code and the remote recovery code, but is not determinable from the remote recovery code alone;determine remote recovery code information based on the remote recovery code;transmit the remote recovery code information to the remote service provider server and erase the remote recovery code from the device; andstore the local recovery code on a non-volatile device memory; for each device of the at least one device, storing the remote recovery code information for that device in a non-volatile service provider storage module on the remote service provider server; receiving at the remote service provider server, a code recovery request; in response to receiving the code recovery request, authenticating the user, and after the authenticating the user, operating a processor of the remote service provider server to:
determine server recovery code information based on the stored remote recovery code information; andtransmit the server recovery code information to the user; receiving the server recovery code information at a recovery device of the at least one device; operating a processor of the recovery device under control of the encryption agent to:
determine the remote recovery code from the server recovery code information;determine the verification code using the remote recovery code and the local recovery code; anddisplay the verification code on the recovery device; for each device of the at least one device, operating the processor of that device under control of the encryption agent to:
generate a plurality of codewords from the verification code, wherein the verification code is determinable from all of the codewords in the plurality of codewords, but is not determinable from less than all of the codewords;generate the local recovery code using the plurality of codewords, wherein the local recovery code comprises a one-way function value generated from the verification code; andgenerate the remote recovery code using the plurality of codewords; wherein the plurality of codewords comprise a first codeword and a second codeword and the verification code is determinable from a combination of the first codeword and the second codeword, but is not determinable from either of the first codeword and the second codeword alone; and for each device of the at least one device:
the local recovery code is generated by operating the processor of that device under control of the encryption agent to:
generate a first local recovery value from the first codeword and the second codeword wherein neither of the first codeword and the second codeword is determinable from the first local recovery value alone;generate a second local recovery value from the second codeword; anddetermine the local recovery code to comprise the first local recovery value and the second local recovery value; andthe remote recovery code is generated based on the first codeword and the second codeword, wherein neither of the first codeword and the second codeword is determinable from the remote recovery code alone. |
