Secure credential unlock using trusted execution environments

1. 1
   Title

   What the patent document calls the invention.

2. 2
   Abstract

   A short plain-language summary of the technical disclosure.

3. 3
   Assignees and inventors

   Who owns or filed the patent and who is credited as inventor.

4. 4
   Key dates

   Filing, priority, publication, and grant dates set the timeline.

5. 5
   First independent claim

   The legal scope of protection — read this for what is actually claimed.

6. 6
   CPC / IPC classifications

   Technology tags used to group this patent with similar filings.

7. 7
   Citations and related patents

   Prior art links and similar publications in this corpus.

Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

What is claimed is: 1. A method performed on a computing device that includes a trusted platform module (“TPM”), the method comprising: generating, by the computing device, an authentropy; generating, by the TPM, a virtual smart card key; locking, by the TPM, the virtual smart card key; encrypting, by the TPM, the authentropy with the virtual smart card key; storing, by the TPM, the encrypted authentropy and the locked virtual smart card key in the TPM; and protecting a…

• Microsoft Corp
• Microsoft Technology Licensing Llc

• Thom Stefan
• Spiger Robert K
• Nyström Magnus
• Soni Himanshu
• Barbour Marc R
• Voicu Nick
• Zhou Xintong
• Shoop Kirk

View patent family 47439385

• Original source
• Google Patents

Request deeper analysis

What does patent US9015490B2 cover?

Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. I…

Who is the assignee on this patent?

Microsoft Corp, Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification G06F21/31. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 21 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).