CREDENTIAL STORAGE ACROSS MULTIPLE DEVICES

US 20170201550A1
Filed: 09/23/2016
Published: 07/13/2017
Est. Priority Date: 01/10/2016
Status: Abandoned Application

First Claim

Patent Images

1. A computer system, comprising:

one or more processors; and

memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations including;

storing registration information identifying a plurality of devices as being registered to an organization;

receiving, over a network from a first device, a first request for credential information of a first of a plurality of users associated with the organization;

authenticating the first request, including;

verifying that the first device is being used by the first user; and

determining, based on the registration information, whether the first device is one of the plurality of devices; and

based on the authenticating, granting or denying the first request for the credential information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed relating to accessing credential information on multiple devices. In one embodiment, a computer system is disclosed that includes one or processors and memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations. The operations include storing registration information identifying a plurality of devices as being registered to an organization and receiving, over a network from a first device, a request for credential information of a first of a plurality of users associated with the organization. The operations further include authenticating the first request, including verifying that the first device is being used by the first user and determining, based on the registration information, whether the first device is one of the plurality of devices. The operations include granting or denying the first request for the credential information based on the authenticating.

Citations

20 Claims

1. A computer system, comprising:
- one or more processors; and
  
  memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations including;
  
  storing registration information identifying a plurality of devices as being registered to an organization;
  
  receiving, over a network from a first device, a first request for credential information of a first of a plurality of users associated with the organization;
  
  authenticating the first request, including;
  
  verifying that the first device is being used by the first user; and
  
  determining, based on the registration information, whether the first device is one of the plurality of devices; and
  
  based on the authenticating, granting or denying the first request for the credential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer system of claim 1, wherein the verifying includes receiving a password information of the first user from the first device, wherein the password information is derived from a password usable by the first user to log into the first device.
  - 3. The computer system of claim 1, wherein the credential information includes one or more user names and passwords of the first user.
  - 4. The computer system of claim 1, wherein the operations include:
    - receiving, from a second device, a second request for credential information of the first user;
      
      authenticating the second request, including;
      
      verifying that the second device is being used by the first user; and
      
      determining, based on the registration information, whether the second device is one of the plurality of devices; and
      
      based on the authenticating of the second request, granting or denying the second request for the credential information.
  - 5. The computer system of claim 1, wherein the operations include:
    - initializing an account for the first user, wherein the initializing includes creating an initial password for the account;
      
      in response to receiving information indicative of the initial password, instructing the first user to create a new password that is simpler than the initial password; and
      
      authenticating the first request by using the new password to verify that the first device is being used by the first user.
  - 6. The computer system of claim 5, wherein the operations include:
    - receiving, from the organization, registration information identifying a plurality of users associated with the organization; and
      
      initializing the account for the first user in response to receiving the registration information.
  - 7. The computer system of claim 5, wherein the operations include:
    - storing different, organization-specified password policies for ones of the plurality of devices, wherein the different password policies identify different criteria for permissible passwords; and
      
      wherein the instructing includes indicating, based on one of the different password policies, a permissible complexity for the new password to the first user.
  - 8. The computer system of claim 1, further comprising:
    - one or more hardware security modules (HSMs) configured to;
      
      store encryption keys usable to decrypt credential information for the plurality of users including the requested credential information of the first user; and
      
      grant the first request by using one of the stored encryption keys to decrypt the requested credential information to the first device.
  - 9. The computer system of claim 1, wherein the operations include:
    - storing administration information defining a hierarchical relationship among a plurality of administrators such that a higher-level administrator is able to administer a superset of user accounts that includes a set of accounts administered by a lower-level administrator;
      
      receiving a request from one of the plurality of administrators to reset an account of the first user;
      
      based on the administration information, verifying whether the administrator has authority to administer the account of the first user; and
      
      resetting the account of the first user in response to verifying that the administrator has the authority.
  - 10. The computer system of claim 1, wherein the operations include:
    - establishing an access code associated with a second device that is not one of the plurality of devices;
      
      receiving, from the second device, a second request for the credential information of the first user;
      
      authenticating the second request, including;
      
      verifying that the second device is being used by the first user; and
      
      confirming that an access code received from the second device matches the established access code; and
      
      based on the authenticating of the second request, granting the second request for the credential information.

11. A computing device, comprising:
- one or more processors; and
  
  memory having program instructions stored therein that are executable by the computing device to cause the computing device to perform operations including;
  
  storing information indicative of a first password usable by a first user to access the computing device and information indicative of a second password usable by a second user to access the computing device;
  
  while storing credential information for the first user, issuing a request for credential information of the second user to a remote storage system, wherein the request specifies the information indicative of second password of the second user; and
  
  in response to receiving the credential information of the second user from the storage system, storing the credential information of the second user on the computing device, wherein the credential information of the second user includes information usable to authenticate the second user.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computing device of claim 11, wherein the operations include:
    - storing an organization token that is usable to verify that the computing device is associated with an organization; and
      
      wherein issuing the request includes providing the organization token to the remote storage system.
  - 13. The computing device of claim 11, wherein the operations include:
    - receiving, from the first user, an input modifying the credential information for the first user; and
      
      sending the modified credential information to the remote storage system.
  - 14. The computing device of claim 13, wherein the operations include:
    - generating an encryption key for encrypting the modified credential information; and
      
      using the encryption key to encrypt the modified credential information sent to the remote storage system.
  - 15. The computing device of claim 11, wherein the operations include:
    - receiving policy information including a first password policy and a second password policy, wherein the first password policy defines password criteria for a first set of users, and wherein the second password policy defines password criteria for a second, different set of users; and
      
      verifying that the first password complies with the first password policy; and
      
      verifying that the second password complies with the second password policy.
  - 16. The computing device of claim 11, wherein the credential information of the second user includes a user name and password usable to authenticate the second user to a website.

17. A method, comprising:
- a storage system storing credential information for a plurality of users that share a plurality of devices associated with an organization;
  
  the storage system receiving policy information from the organization, wherein the policy information specifies a first policy and a second policy, wherein the first policy defines criteria for passwords usable by a first set of users in the plurality of users to access the credential information, wherein the second policy defines criteria for passwords usable by a second set of users in the plurality of users to access the credential information, and wherein the criteria defined by the first policy differ from the criteria defined by the second policy; and
  
  the storage system permitting a user of the first set to access credential information associated with the user in response to the user presenting a password that is in accordance with the first policy.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the storage system includes a plurality of hardware security modules (HSMs) that store the credential information and permit the user to access the credential information associated with the user in response to the user presenting the password that is in accordance with the first policy.
  - 19. The method of claim 17, wherein the passwords usable by a first set of users to access the credential information are further usable to log into devices operated by the first set of users.
  - 20. The method of claim 17, wherein the credential information includes transaction account information usable to facilitate a purchase.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Pai, Raghu, Benson, Wade, Santos, Michael D., Rangaswamy, Gopi K., Subramaniam, Selvarajan, Hannon, Timothy P., Martel, Pierre-Olivier, Whalley, Andrew R., Brouwer, Michael, O'Rourke, David M.

Application Number

US15/274,880
Publication Number

US 20170201550A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

CREDENTIAL STORAGE ACROSS MULTIPLE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CREDENTIAL STORAGE ACROSS MULTIPLE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links