Multi-user secret decay

US 10,341,359 B2
Filed: 08/10/2015
Issued: 07/02/2019
Est. Priority Date: 06/25/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;

receiving, at the first device, a communication from the second device comprising a second version of the secret information;

detecting an allowable change in a count from at least one of independent counters of the first device and the second device;

determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;

generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and

storing, at the first device, the third version of the secret information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;
  
  receiving, at the first device, a communication from the second device comprising a second version of the secret information;
  
  detecting an allowable change in a count from at least one of independent counters of the first device and the second device;
  
  determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;
  
  generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and
  
  storing, at the first device, the third version of the secret information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the second device is configured to, at each of a plurality of times, create updated versions of the secret information according to one or more secret information modification parameters.
  - 3. The computer-implemented method of claim 2, wherein the second version of the secret information is calculated by the second device, and the secret information modification parameters specify an allowed amount of deviation between (i) the first version of the secret information and (ii) the second version of the secret information.
  - 4. The computer-implemented method of claim 2, further comprising:
    - generating, at the first device, the third version of the secret information based at least in part on the allowed amount of deviation specified by the secret information modification parameters.
  - 5. The computer-implemented method of claim 1, wherein the second version of the secret information is further able to be determined at the first device when at least a determined number of previous communications were received by the first device.
  - 6. The computer-implemented method of claim 1, further comprising:
    - generating at least a portion of the third version of the secret information using an entropy algorithm executing on the first device.
  - 7. The computer-implemented method of claim 1, wherein generating the third version of the secret information includes adding or updating one or more portions of the second version of the secret information.
  - 8. The computer-implemented method of claim 1, wherein generating the third version of the secret information includes generating each variation in a set of variations and determining whether the calculated variation is consistent with the communication from the second device.
  - 9. The computer-implemented method of claim 8, further comprising:
    - determining, by the first device, that a number of communications from the second device were not received by the first device,wherein the size of the set of variations depends at least in part on the number of communications not received by the first device.

10. A computing device, comprising:
- a processor; and
  
  a memory device including instructions that, when executed by the processor, cause the computing device to;
  
  receive, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;
  
  receive, at the first device, a communication from the second device comprising a second version of the secret information;
  
  detect an allowable change in a count from at least one of independent counters of the first device and the second device;
  
  determine, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;
  
  generate, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first secret information; and
  
  store, at the first device, the third version of the secret information.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computing device of claim 10, wherein the second device is configured to, at each of a plurality of times, create updated versions of the secret information according to one or more secret information modification parameters.
  - 12. The computing device of claim 10, wherein the second version of the secret information is calculated by the second device, and the secret information modification parameters specify an allowed amount of deviation between (i) the first version of the secret information and (ii) the second version of the secret information.
  - 13. The computing device of claim 10, further comprising:
    - generating, at the first device, the third version of the secret information based at least in part on the allowed amount of deviation specified by the secret information modification parameters.
  - 14. The computing device of claim 10, wherein the second version of the secret information is further able to be determined at the first device when at least a determined number of previous communications were received by the first device.
  - 15. The computing device of claim 10, wherein generating the third version of the secret information includes adding or updating one or more portions of the second version of the secret information.
  - 16. The computing device of claim 10, wherein generating the third version of the secret information includes generating each variation in a set of variations and determining whether the calculated variation is consistent with the communication from the second device.

17. A computer-implemented method, comprising:
- receiving, at a first device, computer-generated secret information to be used for securing computer network communications from a second device communicatively coupled to the first device via the computer network;
  
  receiving, at the first device, a communication from the second device comprising an updated version of the secret information;
  
  determining, at the first device, that at least one previous communication from the second device based at least in part on a previously-updated version of the secret information was not received;
  
  detecting an allowable change in a count from at least one of independent counters of the first device and the second device;
  
  determining, at the first device, that the updated version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the secret information and the updated version of the secret information;
  
  store, at the first device, the updated secret information; and
  
  send, from the first device, a request for authorization to the second device via the computer network, the request containing the updated secret information.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - receiving, at the first device, one or more secret information modification parameters used by the second device to generate updated versions of the secret information.
  - 19. The method of claim 17, wherein the request for authorization comprises the updated secret information and time information corresponding to a current time at the first device, and further comprising:
    - receiving, at the first device in response to the request for authorization, a second communication from the second device;
      
      sending, from the first device in response to the second communication, a third communication to the second device, the third communication comprising the updated secret information and new time information corresponding to a current time at the first device.
  - 20. The method of claim 17, wherein the communication from the second device includes information signed or encrypted using the updated secret information as a key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory B., Ilac, Cristian M.
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US14/822,586
Publication Number

US 20150350226A1
Time in Patent Office

1,422 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 63/123   received data contents, e.g...

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Multi-user secret decay

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-user secret decay

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links