1. Technical Field
The present invention relates generally to the field of computer and network security, and in particular to password administration.
2. Description of the Related Art
Data stored in the memory of a communication and/or computing device, such as a mobile communication device, may be secured by encrypting using a content protection key. This key, in turn, is preferably protected by, or derived in part from, a user-entered password, PIN, or other piece of user-supplied data. This is one means to ensure that sensitive data stored on the communication device is accessible only by a designated user.
Because user-entered passwords are often dependent on the user mentally recalling the password, it is sometimes necessary for the user, an administrator or other person to reset the user's password to another value when the user forgets the existing password. The resetting procedure may be invoked remotely from another device in communication with the user's device, for example from a server located on the same network as the user's device. However, when content protection is enabled and data on the communication device is encrypted using a content protection key protected by or derived from the existing user password, the content protection key cannot be recovered without the existing user password. If the user cannot recall the existing password, the protected data is rendered inaccessible.
It is therefore desirable to provide a system and method for resetting a password that is used to protect or derive a content protection key on a device from a remote location, while continuing to provide access to device content that is encrypted using the content protection key.