Abstract: A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user's name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user's identity and approves the user's request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair.

Abstract: A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.

Abstract: A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.

Abstract: The invention provides a method for managing cryptographically generated data tokens, the method comprising: decoding a data file to retrieve a first cryptographically generated data token, identifying a second cryptographically generated data token associated with the first data token, and updating the second data token according to a security preference related to a characteristic of the first or the second data token.

Abstract: The invention relates generally secure mail operations. More particularly, the invention provides a method for managing a user security credential, the method comprising: storing, in a file contained in a data store communicatively coupled to a mail server, a security credential associated with a user; authorizing a client to access the data store according to an access permission associated with the user; retrieving the security credential from the file; and initiating a security-related mail operation from the client using the security credential without the security credential leaving the server.