Recovery of managed security credentials
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a first computing device, the program comprising:
- code that sends a request for an account data to an authentication management service executed in at least one second computing device, the request for the account data specifying a security credential for accessing the account data and a client-identifying token, the account data including a plurality of security credentials of a user for accessing a plurality of network sites, wherein the authentication management service is configured to maintain the account data in an encrypted form;
code that obtains the account data from the authentication management service in response to the request for the account data;
code that obtains a master security credential from the user;
code that decrypts the account data using the master security credential;
code that obtains a request from the user to reset the security credentials to a single temporary security credential specified by the user; and
code that, responsive to the request from the user to reset the security credentials, after the decrypting, automatically resets individual ones of the security credentials included in the account data to the single temporary security credential by;
authenticating with a respective authentication service executed in a respective at least one third computing device using a respective one of the security credentials included in the account data; and
sending a corresponding reset request specifying the single temporary security credential to the respective authentication service.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.
-
Citations
27 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a first computing device, the program comprising:
-
code that sends a request for an account data to an authentication management service executed in at least one second computing device, the request for the account data specifying a security credential for accessing the account data and a client-identifying token, the account data including a plurality of security credentials of a user for accessing a plurality of network sites, wherein the authentication management service is configured to maintain the account data in an encrypted form; code that obtains the account data from the authentication management service in response to the request for the account data; code that obtains a master security credential from the user; code that decrypts the account data using the master security credential; code that obtains a request from the user to reset the security credentials to a single temporary security credential specified by the user; and code that, responsive to the request from the user to reset the security credentials, after the decrypting, automatically resets individual ones of the security credentials included in the account data to the single temporary security credential by; authenticating with a respective authentication service executed in a respective at least one third computing device using a respective one of the security credentials included in the account data; and sending a corresponding reset request specifying the single temporary security credential to the respective authentication service. - View Dependent Claims (2, 3)
-
-
4. A method, comprising:
-
sending, in a first computing device, a request for account data to an authentication management service executed in at least one second computing device, the request specifying a security credential for accessing the account data, the account data including a plurality of security credentials of a user for accessing a plurality of network sites; obtaining, in the first computing device, the account data from the authentication management service in response to the request for the account data; obtaining, in the first computing device, a master security credential associated with the account data indicated by the request; decrypting, in the first computing device, the account data using the master security credential, thereby generating decrypted account data; and automatically resetting, in the first computing device, after the decrypting, individual ones of the security credentials to a single temporary security credential by; authenticating, in the first computing device, with a respective authentication service executed in a respective at least one third computing device and associated with at least one of the network sites using a respective one of the security credentials included in the decrypted account data; and sending, in the first computing device, a corresponding reset request specifying the single temporary security credential to the respective authentication service. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system, comprising:
at least one first computing device, configured to at least; send a request for account data to an authentication management service executed in at least one second computing device, the request specifying a security credential for accessing the account data, the account data including a plurality of security credentials of a user for accessing a plurality of network sites; obtain the account data from the authentication management service in response to the request for the account data; obtain a master security credential associated with the account data indicated by the request; decrypt the account data using the master security credential, thereby generating decrypted account data; and automatically reset, after the decrypting, individual ones of the security credentials to a single temporary security credential by; authenticating with a respective authentication service executed in a respective at least one third computing device and associated with at least one of the network sites using a respective one of the security credentials included in the decrypted account data; and sending a corresponding reset request specifying the single temporary security credential to the respective authentication service. - View Dependent Claims (22, 23, 24, 25, 26, 27)
Specification