Abstract: A method, system, and program product for enabling administrative recovery of a user's lost/forgotten boot-up passwords without compromising the administrative/master password(s). A restricted-use password is dynamically generated from a first hash of a random number generated on a client system and a secret retrieved from a secure device associated with the client system. The restricted-use password operates as a master password but is not the administrative password of the client system. Once the password is generated, it is provided to the user/client system to enable user access to said client system and hardfile and reset of the user passwords.

Abstract: A public-key-encryption data-communication system includes a public-key-certificate issuer authority. The public-key-certificate issuer authority performs the issuance of a public key certificate and management operations, certification of a subject to be certificated, which is a certificate issuing request, and management such as registration processing are executed by a root registration authority or each registration authority. The public-key-certificate issuer authority performs processing for validating, invalidating, and deleting the certificate in accordance with a request from the root registration authority. The root registration authority accepts a request for issuing a public key certificate corresponding to the subject to be certificated which is under the control of a certificated registration authority, and transfers it to the public-key-certificate issuer authority in a form in which a signature is added to it.