IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8612766 B1

PDFFull Text
Date of Patent:
Dec. 17, 2013

Filed:

Jul. 05, 2011

Secure credential unlock using trusted execution environments

Applicants:

Stefan Thom, Snohomish, WA (US);

Robert K. Spiger, Seattle, WA (US);

Magnus Nyström, Sammamish, WA (US);

Himanshu Soni, Redmond, WA (US);

Marc R. Barbour, Woodinville, WA (US);

Nick Voicu, Bellevue, WA (US);

Xintong Zhou, Bellevue, WA (US);

Kirk Shoop, Seattle, WA (US);

Inventors:

Stefan Thom, Snohomish, WA (US);

Robert K. Spiger, Seattle, WA (US);

Magnus Nyström, Sammamish, WA (US);

Himanshu Soni, Redmond, WA (US);

Marc R. Barbour, Woodinville, WA (US);

Nick Voicu, Bellevue, WA (US);

Xintong Zhou, Bellevue, WA (US);

Kirk Shoop, Seattle, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorneys:

L. Alan Collins

Collins & Collins Intellectual, LLC

Primary Examiner:

Samson Lemma

Int. Cl.
CPC ...
G06F 21/00 (2013.01);
U.S. Cl.
CPC ...
Abstract

Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

Find Patent Forward Citations

Loading…