Assisted password generation

US 10,423,775 B1
Filed: 06/05/2014
Issued: 09/24/2019
Est. Priority Date: 06/05/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a request for a new password, the new password associated with a user account, the request including text designated as a seed value;

submitting the seed value to one or more services other than an authentication service, the one or more services generating a set of words associated with the seed value;

receiving the set of words from the one or more services;

generating the plurality of passwords based at least in part on the set of words such that the plurality of passwords satisfy at least one entropy requirement;

transmitting the plurality of passwords to a user device associated with the user account;

receiving, from the user device, an indication of a selected password from the plurality of passwords;

setting the selected password as indicated by the user device as the new password associated with the user account;

detecting submission, in connection with the user account, of a password;

as a result of determining that the submission does not include the new password, determining whether the submission includes at least one password of the plurality of passwords that is different from the selected password; and

as a result of determining that the submission includes the at least one password of the plurality of passwords that is different from the new password, performing one or more actions to protect the user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Entities of an organization may have difficulties generating and remembering strong passwords. A password management service may generate passwords with high entropy and aid entities in remembering generated passwords. The password management service may generate a list of passwords based on a seed value provided by the entities. The entities may then select a password from the list of passwords to be used at the entities'"'"' password. Furthermore, the entities may be allowed to save the list of passwords to aid the entities in remembering their selected password from the list of passwords.

13 Citations

View as Search Results

23 Claims

1. A computer-implemented method comprising:
- receiving a request for a new password, the new password associated with a user account, the request including text designated as a seed value;
  
  submitting the seed value to one or more services other than an authentication service, the one or more services generating a set of words associated with the seed value;
  
  receiving the set of words from the one or more services;
  
  generating the plurality of passwords based at least in part on the set of words such that the plurality of passwords satisfy at least one entropy requirement;
  
  transmitting the plurality of passwords to a user device associated with the user account;
  
  receiving, from the user device, an indication of a selected password from the plurality of passwords;
  
  setting the selected password as indicated by the user device as the new password associated with the user account;
  
  detecting submission, in connection with the user account, of a password;
  
  as a result of determining that the submission does not include the new password, determining whether the submission includes at least one password of the plurality of passwords that is different from the selected password; and
  
  as a result of determining that the submission includes the at least one password of the plurality of passwords that is different from the new password, performing one or more actions to protect the user account.
- View Dependent Claims (2, 3, 4, 21, 23)
- - 2. The computer-implemented method of claim 1, wherein the request for the new password includes a seed value determined based at least in part on information associated with the user device.
  - 3. The computer-implemented method of claim 2, wherein the computer-implemented method further includes:
    - prompting the user device for a book title to be used as the seed value; and
      
      generating the plurality of passwords based at least in part on the seed value.
  - 4. The computer-implemented method of claim 1, wherein the computer-implemented method further includes enabling the user device to store the plurality of passwords such that the plurality of passwords may be accessed during authentication of the user device.
  - 21. The computer-implemented method of claim 1, wherein generating the plurality of passwords based at least in part on the request further includes:
    - providing a plurality of categories to the user device in response to receiving a request for a new password;
      
      receiving at least one selected category of the plurality of categories from the user device; and
      
      generating the plurality of passwords based at least in part on a seed value, the seed value determined based at least in part on the at least one selected category.
  - 23. The computer-implemented method of claim 1, wherein generating the plurality of passwords based at least in part on the request such that the plurality of passwords satisfy the at least one entropy requirement further includes:
    - injecting at least one alphanumeric character into a first password of the plurality of passwords, the plurality of passwords randomly generated based at least in part on the request being used as a random seed value;
      
      determining the first password with the at least one alphanumeric character exceeds a threshold entropy value; and
      
      as a result of the first password with the at least one alphanumeric character does not exceed the threshold entropy value, injecting one or more additional numerical characters into the first password of the plurality of password until the first password exceeds the threshold entropy value.

5. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services are configured to:
- receive a request for a new password, the new password associated with a user account, the request including text designated as a seed value;
  
  submit the seed value to one or more services other than an authentication service, the one or more services generating one or more password components associated with the seed value;
  
  receive the one or more password components from the one or more services;
  
  generate the plurality of passwords based at least in part on the one or more password components such that the plurality of passwords satisfy at least one entropy requirement;
  
  transmit the plurality of passwords to a user computing device associated with the user account;
  
  receive, from the user computing device, authentication information comprising an indication of a selected password from the plurality of passwords;
  
  set the selected password as indicated by the user device as the new password associated with the user account;
  
  detect submission, in connection with the user account, of a password;
  
  as a result of determining that the submission does not include the new password, determine whether the submission includes at least one password of the plurality of passwords that is different from the selected password; and
  
  as a result of determining that the submission includes at least one password of the plurality of passwords that is different from the selected password, perform one or more actions in response to receiving the authentication information.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 22)
- - 6. The system of claim 5, wherein the seed value includes an instance of media and the one or more password components include one or more attributes of the instance of media.
  - 7. The system of claim 6, wherein the media instance includes at least one song title and the one or more attributes of the instance of media include at least one corresponding song lyric of the song title indicated by the user.
  - 8. The system of claim 5, wherein the one or more services are further configured todetermine the seed value based on information based at least in part on one or more preferences indicated by the user.
  - 9. The system of claim 5, wherein the one or more services are further configured to provide the selected password to one or more other services, where the one or more other services are configured to use the selected password as part of the authentication process.
  - 10. The system of claim 5, wherein the one or more actions include locking out a user account associated with an attempt based at least in part on receiving the authentication information.
  - 11. The system of claim 5, wherein the one or more services are further configured to store a subset of the plurality of passwords containing the selected password by causing the subset of the plurality of passwords containing the selected password to be printed out.
  - 12. The system of claim 11, wherein storing the subset of the plurality of passwords containing the selected password includes transmitting the subset of the plurality of passwords containing the selected password to the user as an electronic message.
  - 22. The system of claim 6, wherein the instance of media is selected based on a number of times the instance of media was accessed by another user, and wherein the one or more services are further configured to identify a set of new instances of media usable to generate another seed value, the other seed value used by the other service to generate a second set of password components.

13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- receive a request for a new passphrase, the new passphrase associated with a user account, the request including text designated as a seed value;
  
  submit the seed value to another computer system, the other computer system retrieving one or more words associated with the seed value;
  
  receive the one or more words from the other computer system;
  
  generate the plurality of passphrases based at least in part on the one or more words such that the plurality of passphrases satisfy at least one entropy requirement;
  
  transmit the plurality of passphrases to a user device associated with the user account;
  
  receive, from the user device, an indication of a selected passphrase from the plurality of passphrases;
  
  set the selected passphrase as indicated by the user device as the new passphrase associated with the user account;
  
  detect submission, in connection with the user account, of a passphrase; and
  
  as a result of determining that the submission includes the new passphrase, allow access to one or more resources of an organization.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the other computer system is configured to retrieve one or more media files in response to receiving the seed value.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the instructions that cause the computer system to generate the plurality of passphrases further include instructions that cause the computer system to generate a plurality of mnemonic passphrases.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the information used to generate the plurality of passphrases include one or more song lyrics indicated by locations of one or more song titles, the one or more song titles and locations indicated in the seed value.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein the one or more words comprise at least one word from a language other than English.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the instructions that cause the computer system to generate the plurality of passphrases further include instructions that cause the computer system to generate the plurality of passphrases by at least:
    - selecting at least two words from the one or more words; and
      
      adding at least one additional character between the at least two words to generate the plurality of passphrases.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the instructions that cause the computer system to select the at least two words from the one or more words further include instructions that cause the computer system to determine the set of passphrase components based at least in part on a seed value.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to determine a set of quotes usable as the one or more words, the set of quotes obtained from information included in the seed value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Kane-Parry, David James, Aristides, Phivos Costas, Canavor, Darren Ernest, Gregory, Scott Donald, Jezorek, Matthew Ryan, Johansson, Jesper Mikael, Lee, Brian Young
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Jones, William B

Application Number

US14/297,385
Time in Patent Office

1,937 Days
Field of Search

726 2, 726 6
US Class Current
CPC Class Codes

G06F 21/46 by designing passwords or c...

Assisted password generation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Assisted password generation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links