News Column

Researchers Submit Patent Application, "Credential Recovery", for Approval

June 28, 2014

By a News Reporter-Staff News Editor at Investment Weekly News -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Lalwani, Akhil (London, GB); French, George (Bedford, GB), filed on December 4, 2013, was made available online on June 12, 2014.

The patent's assignee is Barclays Bank PLC.

News editors obtained the following quote from the background information supplied by the inventors: "Users of electronic payments systems and the like are typically required to authenticate themselves using one or more credential, such as a PIN or a passcode. For security reasons, it is important that the credentials are protected from unauthorised access; however, a legitimate user may forget a credential, and may therefore need to be re-advised of it in a secure manner.

"Conventionally, a user is authenticated manually, and the credential is sent out to the registered address of the user by mail.

"The applicant's PCT Published Application No. WO-A-2007/096590 discloses a PIN servicing system using a smart card reader, in which a PIN servicing request is encrypted by the smart card and sent to a PIN servicing facility, which returns an encrypted PIN servicing message for decryption by the smart card. The PIN servicing message may include the user's PIN. Although this method is secure, it requires a dedicated smart card reader.

"PCT Published Application No. WO-A-2010/028163 discloses a method of retrieving a PIN online, one character at a time. The PIN characters are decrypted before being sent to the user, and are therefore vulnerable to interception if the connection to the user is compromised."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "In an embodiment of the invention, there is provided a credential recovery process in which a user is authenticated using an application running on a mobile communication device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, wherein the credential has been encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application running on a mobile communication device, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user on a mobile communication device and may be made available for use immediately, or nearly so.

"There may be provided a device, a credential server and associated computer programs arranged to carry out the above method.


"There now follows, by way of example only, a detailed description of embodiments of the present invention, with reference to the figures identified below:

"FIG. 1 is a diagram of the main components of a credential recovery system according to embodiments of the invention:

"FIG. 2 is a flow diagram illustrating method steps in an embodiment of the invention:

"FIG. 3 is a diagram of a mobile communication device for use in embodiments of the invention: and

"FIG. 4 is a diagram showing details of a computer system for use in embodiments of the invention."

For additional information on this patent application, see: Lalwani, Akhil; French, George. Credential Recovery. Filed December 4, 2013 and posted June 12, 2014. Patent URL:

Keywords for this news article include: Barclays Bank PLC, Banking and Finance.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories on investments and markets, please see HispanicBusiness' Finance Channel

Source: Investment Weekly News

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters