Managing security credentials

US 10,362,019 B2
Filed: 08/17/2017
Issued: 07/23/2019
Est. Priority Date: 07/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a computing device; and

a first application executing on the at least one computing device, wherein, when executed, the first application causes the computing device to at least;

transmit a plurality of existing security credentials associated with a plurality of network sites to a remote computing device, the plurality of existing security credentials being associated with a particular user account, and the plurality of existing security credentials being managed and stored on the remote computing device via a second application;

obtain network content associated with a particular network site in response to a request from a user;

obtain a configuration file sent by a third computing device, the configuration file including a security credential specification of at least one of an account creation endpoint or an authentication endpoint associated with the particular network site, and the configuration file describing an interface of at least one of the account creation endpoint or the authentication endpoint associated with the particular network site;

determine that the particular network site requires authentication based at least in part on the configuration file;

transmit a master security credential and at least one answer to at least one question to the remote computing device to authenticate a connection with the second application being executed on the remote computing device, the authentication based at least in part on the master security credential, the at least one answer, and an authentication score associated with the at least one answer;

receive a particular security credential from the remote computing device in response to authenticating the connection; and

automatically establish access to the network content according to the particular security credential and the interface of the authentication endpoint.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for managing security credentials. In one embodiment, network content for a network site is obtained in response to a user request. A connection with a remote computing device that stores and manages security credentials for accessing network sites is authenticated using a master security credential and answers to knowledge-based questions. A security credential associated with the network site is provided to the client from the remote computing device based at least in part on the answers. Access to the network site is authenticated according to the security credential.

221 Citations

20 Claims

1. A system, comprising:
- a computing device; and
  
  a first application executing on the at least one computing device, wherein, when executed, the first application causes the computing device to at least;
  
  transmit a plurality of existing security credentials associated with a plurality of network sites to a remote computing device, the plurality of existing security credentials being associated with a particular user account, and the plurality of existing security credentials being managed and stored on the remote computing device via a second application;
  
  obtain network content associated with a particular network site in response to a request from a user;
  
  obtain a configuration file sent by a third computing device, the configuration file including a security credential specification of at least one of an account creation endpoint or an authentication endpoint associated with the particular network site, and the configuration file describing an interface of at least one of the account creation endpoint or the authentication endpoint associated with the particular network site;
  
  determine that the particular network site requires authentication based at least in part on the configuration file;
  
  transmit a master security credential and at least one answer to at least one question to the remote computing device to authenticate a connection with the second application being executed on the remote computing device, the authentication based at least in part on the master security credential, the at least one answer, and an authentication score associated with the at least one answer;
  
  receive a particular security credential from the remote computing device in response to authenticating the connection; and
  
  automatically establish access to the network content according to the particular security credential and the interface of the authentication endpoint.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the connection is authenticated in response to a determination that the master security credential is valid and the authentication score meeting or exceeding a predefined threshold.
  - 3. The system of claim 2, wherein the authentication score is based at least in part on assigning individual answers of the at least one answer a respective different weight based at least in part on the at least one question.
  - 4. The system of claim 1, wherein determining that the particular network site requires authentication is further based at least in part on at least one of:
    - a user input or an authentication form.
  - 5. The system of claim 1, wherein the configuration file describes the interface of the authentication endpoint, wherein automatically establishing access to the network content occurs at the interface of the authentication endpoint.
  - 6. The system of claim 1, wherein, when executed, the first application further causes the computing device to at least:
    - determine that the particular network site is unverified;
      
      generate a notification including a warning to present to the user that the particular network site is unverified; and
      
      render the notification via a display.
  - 7. The system of claim 1, wherein the first application comprises a browser plugin.

8. A method, comprising:
- obtaining, via a first computing device, network content associated with a network site in response to a user request;
  
  obtaining, via the first computing device, a configuration file sent by a third computing device, the configuration file including a security credential specification of at least one of an account creation endpoint or an authentication endpoint associated with the network site, and the configuration file describing an interface of at least one of the account creation endpoint or the authentication endpoint associated with the network site;
  
  determining, via the first computing device, that the network site requires authentication based at least in part on the configuration file;
  
  authenticating, via the first computing device, a connection with an application executing on a second computing device with respect to a user account based at least in part on a master security credential associated with the user account, at least one answer to at least one question, and an authentication score associated with the at least one answer, the application being configured to store and manage a plurality of security credentials associated with the user account; and
  
  automatically establishing access to the network site according to a particular security credential received from the second computing device in response to authenticating the connection and according to the interface of the network site.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - causing to render, via the first computing device, a plurality of questions received from the second computing device; and
      
      transmitting, via the first computing device, a plurality of answers corresponding to the plurality of questions to the second computing device, the plurality of answers being provided by a user.
  - 10. The method of claim 9, wherein the authentication score is based at least in part on the plurality of answers and individual answers of the plurality of answers being assigned a respective different weight.
  - 11. The method of claim 10, wherein the connection is authenticated in response to the master security credential being valid and the authentication score meeting or exceeding a predefined threshold.
  - 12. The method of claim 8, further comprising:
    - determining, via the first computing device, that the particular security credential to access the network site fails to exist for the user account;
      
      sending, via the first computing device, a request to the second computing device to generate the particular security credential for the user account; and
      
      receiving, via the first computing device, the particular security credential from the second computing device.
  - 13. The method of claim 12, wherein the request comprises the security credential specification, the particular security credential being generated by the application according to the security credential specification.
  - 14. The method of claim 8, wherein determining that the network site requires authentication is further based at least in part on at least one of:
    - a user input or an authentication form.
  - 15. The method of claim 8, further comprising:
    - receiving, via the first computing device, a plurality of security credentials associated with the user account; and
      
      selecting, via the first computing device, the particular security credential of the plurality of security credentials, the particular security credential being associated with the network site.

16. A non-transitory computer-readable medium embodying a program executable in a first computing device, wherein, when executed, the program causes the first computing device to at least:
- receive a request for network content associated with a network site in response to a user request;
  
  obtain the network content from the network site;
  
  obtain a configuration file sent by a third computing device, the configuration file including a security credential specification of an authentication endpoint associated with the network site, and the configuration file describing an interface of the authentication endpoint associated with the network site;
  
  determine that the network site requires authentication based at least in part on the configuration file;
  
  authenticate a connection to a remote application executing on a second computing device based at least in part on a master security credential associated with a user account, at least one answer to at least one question received from the second computing device and provided by a user, and an authentication score associated with the at least one answer;
  
  receive a particular security credential from the second computing device in response to authenticating the connection, the particular security credential corresponding to the network site and being unique to the user account; and
  
  authenticate access to the network site for the user account using the particular security credential and the interface of the authentication endpoint.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the connection is authenticated in response to a determination that the master security credential is valid and the authentication score meeting or exceeding a predefined threshold.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the authentication score is based at least in part on assigning individual answers a respective different weight.
  - 19. The non-transitory computer-readable medium of claim 16, wherein, when executed, the program causes the first computing device to at least verify the network site based at least in part on an examination of a domain name and a trusted certificate associated with the network content.
  - 20. The non-transitory computer-readable medium of claim 16, wherein the first computing device is a client device and the second computing device is a remote computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Canavor, Darren Ernest, Johansson, Jesper Mikael
Primary Examiner(s)
Bechtel, Kevin

Application Number

US15/679,205
Publication Number

US 20180026968A1
Time in Patent Office

705 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

Managing security credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

221 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing security credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

221 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links