Credential Recovery

摘要

In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.

主权项

1. A method of credential recovery, comprising the steps of:
i. receiving a credential request for a credential using a mobile application on a mobile communication device; ii. securely establishing a session key between the mobile application and a mobile application server; iii. recovering the credential in encrypted form at the mobile application server; iv. decrypting the credential, and re-encrypting the credential to form a re-encrypted credential using the session key, at the mobile application server; v. providing the re-encrypted credential to the mobile application; vi. decrypting the re-encrypted credential at the mobile application to form a decrypted credential; and vii. outputting the decrypted credential from the mobile application.