Auto-creation of application passwords

US 10,447,692 B2
Filed: 03/31/2015
Issued: 10/15/2019
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting, by one or more server computers, an attempt, by an application on a client device, to log in to a user account associated with the application using a first password, the one or more server computers being configured to implement a two-factor authentication process;

determining, by the one or more server computers, that the first password is stored in account information for the user account as the first factor of the two-factor authentication process;

obtaining, by the one or more server computers, device information associated with the client device, the device information including a device identifier of the client device and a geographic location of the client device;

obtaining, by the one or more server computers, historical login information associated with the user account;

determining, by the one or more server computers from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the geographic location or a recency with which the client device has previously logged in to the user account from the geographic location;

determining, by the one or more server computers, whether the client device is a trusted device based, at least in part, on at least one of the number of times that the client device has previously logged in to the user account from the geographic location or the recency with which the client device has previously logged in to the user account from the geographic location;

generating and storing, by the one or more server computers, without human intervention, a second password in association with the client device and the user account at least in part in response to determining that the client device is a trusted device andlogging, by the one or more server computers, the application into the user account using the second password as the second factor of the two-factor authentication process.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an attempt to log in to a user account, by an application on a client device, is detected. It is determined whether the client device is a trusted device. An application password is generated and stored, by a server, in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.

42 Citations

22 Claims

1. A method, comprising:
- detecting, by one or more server computers, an attempt, by an application on a client device, to log in to a user account associated with the application using a first password, the one or more server computers being configured to implement a two-factor authentication process;
  
  determining, by the one or more server computers, that the first password is stored in account information for the user account as the first factor of the two-factor authentication process;
  
  obtaining, by the one or more server computers, device information associated with the client device, the device information including a device identifier of the client device and a geographic location of the client device;
  
  obtaining, by the one or more server computers, historical login information associated with the user account;
  
  determining, by the one or more server computers from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the geographic location or a recency with which the client device has previously logged in to the user account from the geographic location;
  
  determining, by the one or more server computers, whether the client device is a trusted device based, at least in part, on at least one of the number of times that the client device has previously logged in to the user account from the geographic location or the recency with which the client device has previously logged in to the user account from the geographic location;
  
  generating and storing, by the one or more server computers, without human intervention, a second password in association with the client device and the user account at least in part in response to determining that the client device is a trusted device andlogging, by the one or more server computers, the application into the user account using the second password as the second factor of the two-factor authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, wherein determining whether the client device is a trusted device is performed based, at least in part, on the number of times that the client device has previously logged in to the user account from the geographic location.
  - 3. The method as recited in claim 1, wherein detecting an attempt, by an application on a client device, to log in to a user account comprises receiving the first password, the method further comprising:
    - determining, from the account information for the user account, whether the first password is an active password of the user account.
  - 4. The method as recited in claim 1, wherein determining whether the client device is a trusted device further comprises:
    - determining whether a push channel has been established for the client device.
  - 5. The method as recited in claim 1, wherein the second password is further stored in the account information for the user account such that both the first password and the second password are active passwords for the user account.
  - 6. The method as recited in claim 1, wherein the application is an electronic mail application and the user account is an electronic mail account.
  - 7. The method as recited in claim 1, wherein determining whether the client device is a trusted device is performed based, at least in part, on the recency with which the client device has previously logged in to the user account from the geographic location.
  - 8. The method as recited in claim 1, wherein determining whether the client device is a trusted device is performed based, at least in part, on the number of times that the client device has previously logged in to the user account from the geographic location and the recency with which the client device has previously logged in to the user account from the geographic location.
  - 9. The method as recited in claim 1, wherein the second password is not transmitted to the client device.
  - 10. The method as recited in claim 1;
    - wherein generating and storing the second password are performed after determining that the first password is stored in the account information for the user account, the second password being stored such that both the first password and the second password are stored in the account information for the user account.
  - 11. The method as recited in claim 1, further comprising:
    - applying the first password according to the two-factor authentication process prior to generating the second password.
  - 12. The method as recited in claim 1, wherein the second password and the first password are both concurrently active passwords for the user account.
  - 13. The method as recited in claim 1, wherein the second password does not replace the first password.

14. A system, comprising:
- one or more servers, the one or more servers including one or more processors and one or more memories, the servers being configured to;
  
  detect an attempt, by an application on a client device, to log in to a user account associated with the application using a first password, the servers being configured to implement a two-factor authentication process;
  
  determine that the first password is stored in account information for the user account as the first factor of the two-factor authentication process;
  
  obtain device information associated with the client device, the device information including a device identifier of the client device and a geographic location of the client device;
  
  obtain historical login information associated with the user account;
  
  determine, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the geographic location or a recency with which the client device has previously logged in to the user account from the geographic location;
  
  determine whether the client device is a trusted device based, at least in part, on at least one of the number of times that the client device has previously logged in to the user account from the geographic location or the recency with which the client device has previously logged in to the user account from the geographic location;
  
  generate and store a second password in association with the client device and the user account, without human intervention, at least in part in response to determining that the client device is a trusted device; and
  
  log the application into the user account using the second password as the second factor of the two-factor authentication process.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system as recited in claim 14, wherein determining whether the client device is a trusted device further comprises:
    - sending an authorization request to an account owner associated with the user account; and
      
      ascertaining whether the account owner has approved the authorization request;
      
      wherein generating and storing the second password is performed according to whether the account owner has approved the authorization request.
  - 16. The system as recited in claim 14, wherein determining whether the client device is a trusted device is performed based, at least in part, on the number of times that the client device has previously logged in to the user account from the geographic location.
  - 17. The system as recited in claim 14, wherein determining whether the client device is a trusted device further comprises:
    - determining whether a push channel has been established for the client device.
  - 18. The system as recited in claim 14, wherein the second password is not transmitted to the client device.
  - 19. The system as recited in claim 14, wherein the second password is stored such that both the first password and the second password are stored in the account information associated with the user account.

20. A computer program product, comprising:
- one or more non-transitory computer readable storage media having computer program instructions stored therein, the computer program instructions being configured such that, when executed by one or more computing devices, the computer program instructions cause the one or more computing devices to;
  
  detect an attempt, by an application on a client device, to log in to a user account associated with the application using a first password, the one or more computing devices configured to implement a two-factor authentication process;
  
  determine that the first password is stored in account information for the user account as the first factor of the two-factor authentication process;
  
  obtain device information associated with the client device, the device information including a device identifier of the client device and a geographic location of the client device;
  
  obtain historical login information associated with the user account;
  
  determine, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the geographic location or a recency with which the client device has previously logged in to the user account from the geographic location;
  
  determine whether the client device is a trusted device based, at least in part, on at least one of the number of times that the client device has previously logged in to the user account from the geographic location or the recency with which the client device has previously logged in to the user account from the geographic location;
  
  generate and store, without human intervention, a second password in association with the client device and the user account at least in part in response to determining that the client device is a trusted device; and
  
  log the application into the user account using the second password as the second factor of the two-factor authentication process.
- View Dependent Claims (21, 22)
- - 21. The computer program product as recited in claim 20, wherein determining whether the client device is a trusted device is performed based, at least in part, on the number of times that the client device has previously logged in to the user account from the geographic location.
  - 22. The computer program product as recited in claim 20, wherein determining whether the client device is a trusted device further comprises:
    - determining whether a push channel has been established for the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Oath Inc. (Verizon Communications Inc.)
Inventors
Stoner, Chris, Kremer, Assaf
Primary Examiner(s)
Lesniewski, Victor

Application Number

US14/675,419
Publication Number

US 20160292412A1
Time in Patent Office

1,659 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

Auto-creation of application passwords

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Auto-creation of application passwords

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links