Systems and methods for account recovery using a platform attestation credential

摘要

Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

主权项

1. An authentication device, comprising:
a processor; communications circuitry; a first memory having an operating system (OS) agent module stored thereon, said OS agent module comprising computer readable OS agent instructions that are executable by said processor from within a OS runtime environment of said authentication device; and a second memory having a pre boot authentication module (PBAM) stored thereon, said PBAM comprising computer readable instructions that are executable by said processor from within a pre boot environment of said authentication device; wherein said OS agent instructions are configured to cause said authentication device to reboot and transfer control to said PBAM within said pre boot environment; and said PBAM is configured to perform the following operations within said pre-boot environment:
producing a platform authentication credential (PAC) from within said pre boot environment of said authentication device, said PAC based on identifying indicia specific to said authentication device and on user input, said user input comprising at least one of a keystroke pattern, one or more passwords, biometric information, or account information; andtransmitting a copy of said PAC to an account management device that manages access to a user account associated with a user.