SE2151305A1 - Recovering access to a user account - Google Patents

Recovering access to a user account

Info

Publication number
SE2151305A1
SE2151305A1 SE2151305A SE2151305A SE2151305A1 SE 2151305 A1 SE2151305 A1 SE 2151305A1 SE 2151305 A SE2151305 A SE 2151305A SE 2151305 A SE2151305 A SE 2151305A SE 2151305 A1 SE2151305 A1 SE 2151305A1
Authority
SE
Sweden
Prior art keywords
recovery
access
secret keys
threshold
control device
Prior art date
Application number
SE2151305A
Inventor
Andrzej Bohdan Kostyk
Frans Lundberg
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Priority to SE2151305A priority Critical patent/SE2151305A1/en
Priority to PCT/EP2022/079993 priority patent/WO2023073050A1/en
Priority to PCT/EP2022/079976 priority patent/WO2023073040A1/en
Publication of SE2151305A1 publication Critical patent/SE2151305A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

It is provided a method for recovering access to a user account, the method being performed by a recovery control device (1). The method comprises: triggering (40) generation of a plurality of partial secret keys (10a-g) by respective recovery devices (4ag), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; providing (42) the public key (12) to an access verification device (2, 3); and triggering (44) an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secret keys (10a-g) are required to be applied in the threshold cryptography scheme (11) for recovering access to the user account.

Description

RECOVERING ACCESS TO A USER ACCOUNT TECHNICAL FIELD id="p-1" id="p-1" id="p-1" id="p-1"
[0001] The present disclosure relates to the field of recovering access to a user account and in particular to recovering access to a user account using a threshold cryptography scheme.
BACKGROUND id="p-2" id="p-2" id="p-2" id="p-2"
[0002] Almost every person today has access to electronic devices with login accounts. Sometimes, the passcode or password for a device is lost or forgotten. To regain access, reset links can often be sent to a pre-registered e-mail address. But the user may have lost access also to the pre-registered e-mail address. Services often then apply the use of previously answered personal question, such as "what was your mother"s maiden name?", "who was your favourite teacher in primary school?" or "what was the name of your first pet?". This poses another problem, since there are often multiple questions to answer, and while your mother"s maiden name may be remembered, the favourite teacher might not be so conclusively remembered, or you may not remember if you originally counted your goldfish as a five-year old as your first pet or the dog that your family got when you were eight years old. These problems are only aggravated by the fact that often years have passed since the account was opened and these validation questions were first answered. id="p-3" id="p-3" id="p-3" id="p-3"
[0003] It is thus a real problem of recovering access to a user account without having access to a specific e-mail address or needing to remember the answers to detailed questions.
SUMMARY id="p-4" id="p-4" id="p-4" id="p-4"
[0004] One object is to provide a more convenient yet secure way to regain access to a IlSCI' aCCOUIlt. id="p-5" id="p-5" id="p-5" id="p-5"
[0005] According to a first aspect, it is provided a method for recovering access to a user account, the method being performed by a recovery control device. The method comprises: triggering generation of a plurality of partial secret keys by respective recovery devices, the plurality of partial secret keys forming part of a threshold cryptography scheme associated with a public key, wherein the threshold cryptography scheme is associated with the user account; providing the public key to an access verification device; and triggering an access recovery, whereby access recovery messages are transmitted to the recovery devices, wherein a threshold number of the plurality of partial secret keys are required to be applied in the threshold cryptography scheme for recovering access to the user account. [0006] The threshold number may be less than the plurality of partial secret keys. [0007] The threshold number may be equal to or greater than two. id="p-8" id="p-8" id="p-8" id="p-8"
[0008] The threshold cryptography scheme may be based on an Elliptic Curve Digital Signature Algorithm, ECDSA. id="p-9" id="p-9" id="p-9" id="p-9"
[0009] According to a second aspect, it is provided a recovery control device for recovering access to a user account. The recovery control device comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the recovery control device to: trigger generation of a plurality of partial secret keys by respective recovery devices, the plurality of partial secret keys forming part of a threshold cryptography scheme associated with a public key, wherein the threshold cryptography scheme is associated with the user account; provide the public key to an access verification device; and trigger an access recovery, whereby access recovery messages are transmitted to the recovery devices, wherein a threshold number of the plurality of partial secret keys are required to be applied in the threshold cryptography scheme for recovering access to the user account. [0010] The threshold number may be less than the plurality of partial secret keys. [0011] The threshold number may be equal to or greater than two. id="p-12" id="p-12" id="p-12" id="p-12"
[0012] The threshold cryptography scheme may be based on an Elliptic Curve Digital Signature Algorithm, ECDSA. id="p-13" id="p-13" id="p-13" id="p-13"
[0013] According to a third aspect, it is provided a computer program for recovering access to a user account. The computer program comprises computer program code which, when executed on a recovery control device causes the recovery control device to: trigger generation of a plurality of partial secret keys by respective recovery devices, the plurality of partial secret keys forming part of a threshold cryptography scheme 3 associated with a public key, wherein the threshold cryptography scheme is associated with the user account; provide the public key to an access verification device; and trigger an access recovery, whereby access recovery messages are transmitted to the recovery devices, wherein a threshold number of the plurality of partial secret keys are required to be applied in the threshold cryptography scheme for recovering access to the user aCCOUIlt. id="p-14" id="p-14" id="p-14" id="p-14"
[0014] According to a fourth aspect, it is provided a computer program product comprising a computer program according to the third aspect and a computer readable means comprising non-transitory memory in which the computer program is stored. id="p-15" id="p-15" id="p-15" id="p-15"
[0015] Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/ an /the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS id="p-16" id="p-16" id="p-16" id="p-16"
[0016] Aspects and embodiments are now described, by way of example, with refer- ence to the accompanying drawings, in which: id="p-17" id="p-17" id="p-17" id="p-17"
[0017] Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied; id="p-18" id="p-18" id="p-18" id="p-18"
[0018] Fig 2 is a schematic diagram illustrating the concept of threshold cryptography; id="p-19" id="p-19" id="p-19" id="p-19"
[0019] Fig 3 is a flow chart illustrating embodiments of methods for recovering EICCCSS tO a IlSCI' aCCOUIlt; id="p-20" id="p-20" id="p-20" id="p-20"
[0020] Figs 4A-D are schematic diagrams illustrating embodiments of where the recovery control device can be implemented; id="p-21" id="p-21" id="p-21" id="p-21"
[0021] Fig 5 is a schematic diagram illustrating components of the recovery control device 1 of Fig 1 and Figs 4A-D; and 4 id="p-22" id="p-22" id="p-22" id="p-22"
[0022] Fig 6 shows one example of a computer program product comprising computer readable means.
DETAILED DESCRIPTION id="p-23" id="p-23" id="p-23" id="p-23"
[0023] The aspects of the present disclosure will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. These aspects may, however, be embodied in many different forms and should not be construed as limiting; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and to fully convey the scope of all aspects of invention to those skilled in the art. Like numbers refer to like elements throughout the description. id="p-24" id="p-24" id="p-24" id="p-24"
[0024] Embodiments presented herein allow recovery of a user account based on threshold cryptography. As explained in more detail below, the use of threshold cryptography enables authorisation of an action based on any t number of n partial secret keys being applied. To set this up (prior to the credentials for the user account being lost), n trusted recovery devices generate their respective partial secret keys. For recovery of the credentials, any t out of the n trusted recovery devices need to apply their partial signature. For instance, 3 out of 5 trusted recovery devices can apply their signature for recovery of a user account e.g. for accessing a smartphone when the passcode has been lost. The trusted recovery devices can e.g. be other devices of the user and/ or devices of family members or trusted friends. id="p-25" id="p-25" id="p-25" id="p-25"
[0025] Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied. A user device 2 of a user 5 can be any suitable electronic device, e.g. a smartphone, mobile phone, wearable device, tablet computer, laptop computer, desktop computer, etc. id="p-26" id="p-26" id="p-26" id="p-26"
[0026] The user device 2 is connected to a communication network 7, such as the Internet. There are also a number of at least partly trusted recovery devices 4a-g. The recovery devices can be under control of the user 5 and/ or can be devices of friends or family of the user 5. The recovery devices 4a-g can be any type of electronic device, e.g. smartphones, computers, wearable devices, IoT (Internet of Things) devices, such as home speakers, light bulbs, sensors, fridge, etc. id="p-27" id="p-27" id="p-27" id="p-27"
[0027] A recovery control device 1 is used to allow the user 5 to regain access to a user account, e.g. for accessing the user device 2 or a service provided by a server 3 (e.g. as a web service or an app-based service). The access to the user account could have been lost e.g. if a credential, such as a passcode or password, is lost by the user or if the user 5 passes away and surviving family members need access to the user account. Prior to the credential being lost, the user 5 initiates the recovery possibility, which causes a recovery threshold cryptography scheme to be set up and the partial secret keys 10a-g being generated, respectively, by each one of the recovery devices 4a-g. A public key 12 of the threshold cryptography scheme is provided to the recovery control device 1. The recovery control device 1 can also be a recovery device itself. id="p-28" id="p-28" id="p-28" id="p-28"
[0028] As explained in more detail below, if the user 5 subsequently loses access to the user account (e.g. by losing the passcode for accessing the user device 2, access can be recovered if a predetermined number of the recovery devices 4a-g apply their respective partial secret keys, which can be verified against the public key 12 in the recovery control device 1, resulting in access being granted to the user account. At that point, a new everyday authentication can be selected, e.g. based on biometrics or passcode / password. id="p-29" id="p-29" id="p-29" id="p-29"
[0029] Fig 2 is a schematic diagram illustrating the concept of threshold cryptography, which is employed by embodiments presented herein. id="p-30" id="p-30" id="p-30" id="p-30"
[0030] Starting with a summary of traditional asymmetric cryptography, there is a key pair consisting of a public key and a secret key. The public key is associated with an entity or user and is shared publicly. The secret key is coupled to the public key, but the secret key is kept secret. Using the secret key, a user device can perform a cryptographic operation, e.g. cryptographic signing or decryption, which can be used to gain access to a IlSCI' aCCOUIlt. id="p-31" id="p-31" id="p-31" id="p-31"
[0031] A development in asymmetric cryptography, from its original key pair of a secret key can and a public key, is threshold cryptography. In threshold cryptography, there is still a single public key 12, but cryptographic operations are achieved by a threshold number of associated partial secret keys 10a-g for respective entities. J ointly, the group of entities computes and communicates to generate the set of partial secret keys and the associated public key. Each entity its partial secret key. It is to be noted that each partial secret key is secret and is only known to the entity itself. There is no need for this partial secret key to be exposed to any other entity, not even in the key creation phase. Hence, there is no need for a central authority that distributes these partial secret keys. id="p-32" id="p-32" id="p-32" id="p-32"
[0032] The threshold condition can be expressed as (t, n), where n denotes the number of available partial secret keys and t denotes the number of partial secret keys that are needed to perform a cryptographic operation (e.g. signing or decryption) corresponding to the (single) public key. For instance, in correspondence with the example of Fig 2, a (3, 7) threshold cryptography scheme requires that at least 3 out of 7 associated partial secret keys 10a-g are applied to perform the cryptographic operation. When at least the threshold number of partial secret keys are applied, this cryptographic operation, that is secured by the threshold cryptography scheme 11, is performed. It does not matter which ones of the partial secret keys that are applied, as long as at least the threshold number of partial secret keys are applied. The threshold cryptography scheme is defined when the partial secret keys are generated. id="p-33" id="p-33" id="p-33" id="p-33"
[0033] Optionally, the partial secret keys can be refreshed. This can be done to limit the lifetime of the partial secret keys, (which makes it even harder for an attacker who needs to compromise at least t parties within a time window defined by the lifetime). The refresh can also be performed done to consolidate the partial secret keys. For instance, if an entity holding a partial secret key is lost, it makes sense to regenerate the partial secret keys, now for the remaining entities of the group. It is to be noted that the refresh does not affect the public key - the same public key that was used prior to the refresh can be used after the refresh. Again, the refresh is performed without sharing any of the partial secret keys while doing the collaborative refresh computation, e.g. based on multi-party computation, known in the art per se, see the Wikipedia article httpsz/ len.warikipediatorg/vvikzl /Secure multïi-party' computation available at the time that this patent application is filed. id="p-34" id="p-34" id="p-34" id="p-34"
[0034] Using threshold cryptography, a compromise of a single device never least to a compromise of the whole threshold cryptography scheme, significantly increasing security. id="p-35" id="p-35" id="p-35" id="p-35"
[0035] Threshold cryptography can e.g. be implemented using an Elliptic Curve Digital Signature Algorithm (ECDSA). An example implementation is the Binance 7 implementation, available at littns: / lgitliul).com/binaricewzliainitssàil; at the time of filing of this patent application. id="p-36" id="p-36" id="p-36" id="p-36"
[0036] Fig 3 is a flow chart illustrating embodiments of methods for recovering access to a user account. The method is performed by a recovery control device 1. id="p-37" id="p-37" id="p-37" id="p-37"
[0037] In a trigger generation of partial secret keys step 40, the recovery control device 1 triggers generation of a plurality of partial secret keys 10a-g by respective recovery devices 4a-g. The plurality of partial secret keys form part of a threshold cryptography scheme 11 associated with a public key 12. It is to be noted that the coordination does not require any hierarchical relationship; the coordination can imply that the recovery control device participates in the generation of the partial secret keys along with the recovery device 4a-g. The threshold cryptography scheme 11, and thus also the public key 12, are both associated with the user account. As explained above, the recovery devices 4a-g can be devices of the user (of the user account) and/ or devices belonging to family or trusted friends. id="p-38" id="p-38" id="p-38" id="p-38"
[0038] As explained above, the threshold cryptography scheme 11 can e.g. be based on an Elliptic Curve Digital Signature Algorithm (ECDSA). id="p-39" id="p-39" id="p-39" id="p-39"
[0039] In a provide public key step 42, the recovery control device 1 provides the public key 12 to an access verification device 1, 2, 3. The access verification device can be the device that verifies access normally, and can be e.g. the user device 2, an application server 3 or it could also be combined with the role of the recovery control device 1. id="p-40" id="p-40" id="p-40" id="p-40"
[0040] After step 42, the next step can occur much later, at a point in time when access to the user account is to be recovered. id="p-41" id="p-41" id="p-41" id="p-41"
[0041] In a trigger access recovery step 44, the recovery control device 1 triggers an access recovery. This can be based on the user requesting the recovery, in a similar way to a "lost password" action. When the access recovery is triggered, access recovery messages are transmitted (e.g. by the recovery control device 1 or by another entity by request from the recovery control device 1) to the recovery devices 4a-g. In order to recover access to the user account, the threshold number of the plurality of partial secret keys 10a-g are required to be applied in the threshold cryptography scheme 11. Each recovery device 4a-g can prompt the user of that device whether to apply its partial 8 secret key 10a-g, which the user can then approve, optionally after a separate authentication of the user of the respective device 4a-g. id="p-42" id="p-42" id="p-42" id="p-42"
[0042] The threshold number can be less than the plurality of partial secret keys 10a- g, whereby not all of the recovery devices 4a-g need to apply their respective partial secret keys 10a-g, as this might not be possible (e.g. if somebody has lost or lost access to their recovery device 4a-g or that person is not available at the time). The threshold number is equal to or greater than two. This ensures that no single recovery device can be used to recover the user account, which could otherwise pose a security risk. id="p-43" id="p-43" id="p-43" id="p-43"
[0043] When the threshold number of the plurality of partial secret keys 10a-g have been applied, the device verifying the user access checks against the public key and approves access to the user account. It is to be noted that the public key verification can be performed identically to traditional (non-threshold) asymmetric cryptography. id="p-44" id="p-44" id="p-44" id="p-44"
[0044] Using the embodiments presented herein a convenient and secure solution is provided for recovering access to a user account, e.g. if the user loses the credential to the device or the user passes away. id="p-45" id="p-45" id="p-45" id="p-45"
[0045] A secure way to recover an account is thus provided where no details need to be remembered by the user other than what devices, or what family members or friends, have been given the partial secret keys. id="p-46" id="p-46" id="p-46" id="p-46"
[0046] Figs 4A-D are schematic diagrams illustrating embodiments of where the recovery control device 1 can be implemented. id="p-47" id="p-47" id="p-47" id="p-47"
[0047] In Fig 4A, the recovery control device 1 shown as implemented in the user device 2. The user device 2 is thus the host device for the recovery control device 1 in this implementation. id="p-48" id="p-48" id="p-48" id="p-48"
[0048] In Fig 4B, the recovery control device 1 shown as implemented in a server 3, such as an application server for providing a web service or supporting an app. The server 3 is thus the host device for the recovery control device 1 in this implementation. id="p-49" id="p-49" id="p-49" id="p-49"
[0049] In Fig 4C, the recovery control device 1 shown as implemented in a recovery device 4, e.g. one of the recovery devices illustrated in Fig 1. The recovery device 4 is thus the host device for the recovery control device 1 in this implementation. 9 id="p-50" id="p-50" id="p-50" id="p-50"
[0050] In Fig 4D, the recovery control device 1 is shown as implemented as a stand- alone device. The recovery control device 1 thus does not have a host device in this implementation. id="p-51" id="p-51" id="p-51" id="p-51"
[0051] Fig 5 is a schematic diagram illustrating components of the recovery control device 1 of Fig 1 and Figs 4A-D. It is to be noted that when the recovery control device 1 is implemented in a host device, one or more of the mentioned components can be shared with the host device. A processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), graphics processing unit (GPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions 67 stored in a memory 64, which can thus be a computer program product. The processor 60 could alternatively be implemented using an application specific integrated circuit (ASIC), field programmable gate array (FPGA), etc. The processor 60 can be configured to execute the method described with reference to Fig 4 above. id="p-52" id="p-52" id="p-52" id="p-52"
[0052] The memory 64 can be any combination of random-access memory (RAM) and/ or read-only memory (ROM). The memory 64 also comprises non-transitory persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid-state memory or even remotely mounted memory. id="p-53" id="p-53" id="p-53" id="p-53"
[0053] A data memory 66 is also provided for reading and/ or storing data during execution of software instructions in the processor 60. The data memory 66 can be any combination of RAM and/ or ROM. id="p-54" id="p-54" id="p-54" id="p-54"
[0054] The recovery control device 1 further comprises an I/ O interface 62 for communicating with external and/ or internal entities. id="p-55" id="p-55" id="p-55" id="p-55"
[0055] Other components of the recovery control device 1 are omitted in order not to obscure the concepts presented herein. id="p-56" id="p-56" id="p-56" id="p-56"
[0056] Fig 6 shows one example of a computer program product 90 comprising computer readable means. On this computer readable means, a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein. In this example, the computer program 1O product is in the form of a removable solid-state memory, e.g. a Universal Serial Bus (USB) drive. As explained above, the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5. While the computer program 91 is here schematically shown as a section of the removable solid- state memory, the computer program can be stored in any way which is suitable for the computer program product, such as another type of removable solid-state memory, or an optical disc, such as a CD (compact disc), a DVD (digital versatile disc) or a Blu-Ray disc. id="p-57" id="p-57" id="p-57" id="p-57"
[0057] The aspects of the present disclosure have mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims. Thus, while various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.

Claims (9)

1. A method for recovering access to a user account, the method being performed by a recovery control device (1), the method comprising: triggering (40) generation of a plurality of partial secret keys (1oa-g) by respective recovery devices (4a-g), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; providing (42) the public key (12) to an access verification device (2, 3); and triggering (44) an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secret keys (1oa-g) are required to be applied in the threshold cryptography scheme (11) for recovering access to the user account.
2. The method according to claim 1, wherein the threshold number is less than the plurality of partial secret keys (1oa-g).
3. The method according to claim 1 or 2, wherein the threshold number is equal to or greater than two.
4. The method according to any one of the preceding claims, wherein the threshold cryptography scheme (11) is based on an Elliptic Curve Digital Signature Algorithm, ECDSA.
5. A recovery control device (1) for recovering access to a user account, the recovery control device (1) comprising: a processor (60); and a memory (64) storing instructions (67) that, when executed by the processor, cause the recovery control device (1) to: trigger generation of a plurality of partial secret keys (1oa-g) by respective recovery devices (4a-g), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; provide the public key (12) to an access verification device (2, 3); and trigger an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secretkeys (1oa-g) are required to be applied in the threshold cryptography scheme (11) for TCCOVCTlIIg EICCCSS tO the IlSCI' aCCOUIlt.
6. The recovery control device (1) according to claim 5, wherein the threshold number is less than the plurality of partial secret keys (1oa-g).
7. The recovery control device (1) according to claim 5 or 6, wherein the threshold number is equal to or greater than two.
8. The recovery control device (1) according to any one of claims 5 to 7, wherein the threshold cryptography scheme (11) is based on an Elliptic Curve Digital Signature Algorithm, ECDSA.
9. A computer program (67, 91) for recovering access to a user account, the computer program comprising computer program code which, when executed on a recovery control device (1) causes the recovery control device (1) to: trigger generation of a plurality of partial secret keys (1oa-g) by respective recovery devices (4a-g), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; provide the public key (12) to an access verification device (2, 3); and trigger an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secret keys (1oa-g) are required to be applied in the threshold cryptography scheme (11) for TCCOVCTlIIg EICCCSS tO the IlSCI' aCCOUIlt. 1o. A computer program product (64, 90) comprising a computer program according to claim 9 and a computer readable means comprising non-transitory memory in which the computer program is stored.
SE2151305A 2021-10-26 2021-10-26 Recovering access to a user account SE2151305A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
SE2151305A SE2151305A1 (en) 2021-10-26 2021-10-26 Recovering access to a user account
PCT/EP2022/079993 WO2023073050A1 (en) 2021-10-26 2022-10-26 Recovering access to a user account
PCT/EP2022/079976 WO2023073040A1 (en) 2021-10-26 2022-10-26 Authenticating an electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2151305A SE2151305A1 (en) 2021-10-26 2021-10-26 Recovering access to a user account

Publications (1)

Publication Number Publication Date
SE2151305A1 true SE2151305A1 (en) 2023-04-27

Family

ID=84359578

Family Applications (1)

Application Number Title Priority Date Filing Date
SE2151305A SE2151305A1 (en) 2021-10-26 2021-10-26 Recovering access to a user account

Country Status (2)

Country Link
SE (1) SE2151305A1 (en)
WO (1) WO2023073050A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010055388A1 (en) * 2000-03-10 2001-12-27 Kaliski Burton S. Server-assisted regeneration of a strong secret from a weak secret
EP1197032B1 (en) * 1999-06-29 2007-08-22 Verisign, Inc. Server-assisted regeneration of a strong secret from a weak secret
US9455968B1 (en) * 2014-12-19 2016-09-27 Emc Corporation Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share
US20200127835A1 (en) * 2017-06-13 2020-04-23 nChain Holdings Limited Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
US20200162246A1 (en) * 2018-11-16 2020-05-21 SafeTech BVBA Methods and Systems For Cryptographic Private Key Management For Secure Multiparty Storage And Transfer Of Information
CN112054898A (en) * 2020-08-27 2020-12-08 中信银行股份有限公司 User private key backup and recovery method and device and electronic equipment
US11057210B1 (en) * 2015-09-30 2021-07-06 Apple Inc. Distribution and recovery of a user secret

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1197032B1 (en) * 1999-06-29 2007-08-22 Verisign, Inc. Server-assisted regeneration of a strong secret from a weak secret
US20010055388A1 (en) * 2000-03-10 2001-12-27 Kaliski Burton S. Server-assisted regeneration of a strong secret from a weak secret
US9455968B1 (en) * 2014-12-19 2016-09-27 Emc Corporation Protection of a secret on a mobile device using a secret-splitting technique with a fixed user share
US11057210B1 (en) * 2015-09-30 2021-07-06 Apple Inc. Distribution and recovery of a user secret
US20200127835A1 (en) * 2017-06-13 2020-04-23 nChain Holdings Limited Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
US20200162246A1 (en) * 2018-11-16 2020-05-21 SafeTech BVBA Methods and Systems For Cryptographic Private Key Management For Secure Multiparty Storage And Transfer Of Information
CN112054898A (en) * 2020-08-27 2020-12-08 中信银行股份有限公司 User private key backup and recovery method and device and electronic equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Dikshit P; Singh K.,'Efficient weighted threshold ECDSA for securing bitcoin wallet',ISEA Asia Security and Privacy Conference 2017, (2017-01-29); DOI: 10.1109/ISEASP.2017.7976994 *
Zhao S; Aggarwal A; Frost R; Bai X.,'A Survey of Applications of Identity-Based Cryptography in Mobile Ad-Hoc Networks', IEEE Communications Surveys and Tutorials (2012-04-01); DOI: 10.1109/SURV.2011.020211.00045 *

Also Published As

Publication number Publication date
WO2023073050A1 (en) 2023-05-04

Similar Documents

Publication Publication Date Title
EP3905078A1 (en) Identity verification method and system therefor
CN107430654B (en) Method and system for switching biometric authentication
US20170316390A1 (en) Methods and systems of revoking an attestation transaction using a centralized or distributed ledger
US10630676B2 (en) Protecting against malicious discovery of account existence
US20160125416A1 (en) Authentication system
US10897353B2 (en) Computer-implemented method for generating passwords and computer program products of same
US11930116B2 (en) Securely communicating service status in a distributed network environment
US20150256539A1 (en) User authentication
WO2020163223A1 (en) Methods, systems, and media for authenticating users using blockchains
KR102257943B1 (en) Privacy preserving knowledge/factor possession tests for persistent authentication
JP2022534677A (en) Protecting online applications and web pages that use blockchain
TW202019124A (en) Systems, methods, and media for managing user credentials
US11171958B1 (en) Secure session sharing between computing devices
US10025914B1 (en) Authentication using third-party data
SE2151305A1 (en) Recovering access to a user account
JP2017527891A (en) Using symbolic input timing for password verification
US11374915B1 (en) Security challenge bypass
FR2980011A1 (en) METHOD FOR IMPLEMENTING, FROM A TERMINAL, CRYPTOGRAPHIC DATA OF A USER STORED IN A REMOTE DATABASE
CN115987655A (en) Remote access method, system and equipment based on user identity deep recognition
US20210392126A1 (en) Methods, systems, and media for recovering identity information in verifiable claims-based systems
CN105359453B (en) User setting protection based on anonymous server
SE2151304A1 (en) Applying a server partial secret key conditional on blocked status
Rasmussen A usability study of fido2 roaming software tokens as a password replacement
FR3070516B1 (en) METHOD FOR AUTHENTICATING A USER FROM AN AUTHENTICATION SERVER
SE2151307A1 (en) Providing biometric access control using threshold cryptography