Kaspersky Lab patented technology of recovery of the password

Filed under: Security company news |

Kaspersky Lab issued patent for advanced technology of recovery of the password and keys of enciphering of data on mobile devices which almost completely excludes possibility of extraction of the classified information.

Kaspersky Lab issued patent for advanced technology of recovery of the password and keys.

Kaspersky Lab issued patent for advanced technology of recovery of the password and keys.

MOSCOW, 19 Jul 2013. Though the patent is taken out only recently, the technology is already available in the protective decision to mobile Kaspersky Internet Security devices for Android.

Enciphering proved long ago the reliability in protection of confidential data. However quite often people forget or lose passwords for access to the ciphered data. It, on the one hand, creates danger of loss of important information – after all if the password can’t be restored, it will be impossible to restore and the ciphered data. On the other hand, if the password can be restored, there is a risk of unauthorized access to valuable information as the method of protection of backup copies of passwords which uses vendor, can contain vulnerabilities.

Developing own technology of recovery of passwords and enciphering keys which are used for data security on the mobile device, specialists of Kaspersky Lab sought to find a compromise between convenience in use and protection level.

For recovery of passwords and keys of enciphering of data the patented technology of Kaspersky Lab uses three independent factors: identifier of the user, identifier of the mobile device and random number.

When the user establishes for the first time the protective decision of Kaspersky Lab on the mobile device, the system of authentication asks it to enter the e-mail address. Kaspersky Internet Security for Android calculates a hash of the address of mail (the sequence of symbols received as a result of transformation of the alphabetic address of mail on special algorithm) and, besides, leaning on a number of hardware characteristics of the device, its unique identifier creates, and also generates a random number.

After registration the random number in the ciphered look together with hashes of mail and the ID device is transferred to Kaspersky Lab servers.

The random number is used to provide peculiar “protection of protection”. As well as many other decisions, for Kaspersky Internet Security data security provision for Android the special key of enciphering uses. Usually the key is protected by means of the password of the user.

Every time when the user enters the password, at first is deciphered a key and only then – information ciphered with its help. Respectively if the password is lost or forgotten, it is almost impossible to decipher a key. For this reason Kaspersky Internet Security for Android, using the patented technology, stores two copies of a key on the device: the main user ciphered by means of the password, and reserve, ciphered by means of generated earlier random number.

In case the user of the device loses or forgets the password, he addresses on service of recovery of passwords of Kaspersky Lab where enters the address of the e-mail. Service calculates a hash of this address and verifies it that are stored in own database. If compliance is revealed, the system sends on email specified by the user at registration, his unique number, and also the instruction on creation of the new password.

Kaspersky Internet Security for Android uses this unique number for interpretation of a reserve key which, in turn, opens to the user access to the data which are storing on the device.

As a result specialists of Kaspersky Lab managed to realize on the one hand convenient, and with another – safe algorithm of recovery of data as any of the parties participating in this process, has no access to all data necessary for interpretation of the classified information.

Kaspersky Lab doesn’t store neither backup copies of passwords, nor copies of keys, any personal information of clients on the servers – only the ciphered values of specific data which can help the user to return access to its data and which will be absolutely useless for the malefactor.