Provisioning account credentials via a trusted channel

US 9,055,055 B1
Filed: 06/21/2013
Issued: 06/09/2015
Est. Priority Date: 06/21/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable by a client computing device, comprising:

code that, in response to receiving a security credential for an email account from a user, configures the client computing device to access the email account, the email account being designated as a trusted channel of communication by an organization associated with one of a plurality of accounts;

code that, in response to receiving an identification of the plurality of accounts from the user, automatically sends a credential access request to a plurality of services corresponding to the plurality of accounts; and

code that, in response to receiving a respective email message for individual ones of the plurality of accounts, automatically configures a plurality of applications executable by the client computing device to access the plurality of accounts based at least in part on respective security credentials received in the respective email messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for provisioning client credentials via a trusted channel. A client computing device is configured to access a trusted channel of communication. An account configuration manager automatically requests access to accounts linked to the trusted channel of communication. A respective security credential communication is received for the accounts via the trusted channel of communication. One or more applications are configured to access the accounts based at least in part on the respective security credential communications.

41 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable medium embodying a program executable by a client computing device, comprising:
- code that, in response to receiving a security credential for an email account from a user, configures the client computing device to access the email account, the email account being designated as a trusted channel of communication by an organization associated with one of a plurality of accounts;
  
  code that, in response to receiving an identification of the plurality of accounts from the user, automatically sends a credential access request to a plurality of services corresponding to the plurality of accounts; and
  
  code that, in response to receiving a respective email message for individual ones of the plurality of accounts, automatically configures a plurality of applications executable by the client computing device to access the plurality of accounts based at least in part on respective security credentials received in the respective email messages.
- View Dependent Claims (2, 3)
- - 2. The non-transitory computer-readable medium of claim 1, further comprising code that synchronizes the respective security credentials with another client computing device.
  - 3. The non-transitory computer-readable medium of claim 1, further comprises code that automatically establishes a respective replacement security credential for individual ones of the plurality of accounts.

4. A system, comprising:
- a client computing device configured to access a trusted channel of communication; and
  
  an account configuration manager executable by the client computing device, the account configuration manager comprising;
  
  logic that automatically sends an access request to a credential management endpoint corresponding to at least one account linked to the trusted channel of communication;
  
  logic that, in response to receiving a respective credential reset token for the at least one account via the trusted channel of communication, provides the respective credential reset token to a service corresponding to the at least one account; and
  
  logic that, in response to receiving a respective replacement security credential from the service, configures at least one application executable by the client computing device to access the at least one account based at least in part on the respective replacement security credential.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. The system of claim 4, wherein the at least one application accesses the at least one account using a first communication protocol, and the respective credential reset token is received via the trusted channel of communication using a second communication protocol.
  - 6. The system of claim 4, wherein the account configuration manager further comprises logic that receives an identification of the at least one account from a user.
  - 7. The system of claim 6, wherein the identification comprises a respective username for the at least one account.
  - 8. The system of claim 4, wherein the at least one application comprises a plurality of applications, and individual ones of the plurality of applications are configured to access the at least one account by the logic that configures.
  - 9. The system of claim 4, wherein the at least one application comprises a single application, the at least one account comprises a plurality of accounts, and the single application is configured to access at least two of the plurality of accounts by the logic that configures.
  - 10. The system of claim 4, wherein the trusted channel of communication comprises an email account, and the respective credential reset token is received in an email message.
  - 11. The system of claim 4, wherein the trusted channel of communication comprises a telephone line, and the respective credential reset token is received via at least one of a text message or a telephone call.
  - 12. The system of claim 4, wherein the access request corresponds to a security credential reset request.
  - 13. The system of claim 4, wherein the access request includes a public key, and the respective credential reset token is encrypted using the public key.

14. A system, comprising:
- a client computing device configured to access a trusted channel of communication; and
  
  an account configuration manager executable by the client computing device, the account configuration manager comprising;
  
  logic that automatically sends an access request to a credential management endpoint corresponding to at least one account linked to the trusted channel of communication;
  
  logic that, in response to receiving a respective security credential communication for the at least one account via the trusted channel of communication, configures at least one application executable by the client computing device to access the at least one account based at least in part on the respective security credential communication; and
  
  wherein the trusted channel of communication comprises a first trusted channel of communication and a second trusted channel of communication, a first portion of the respective security credential communication is received via the first trusted channel of communication, a second portion of the respective security credential communication is received via the second trusted channel of communication, and a security credential is split across the first portion and the second portion.

15. A system, comprising:
- a client computing device configured to access a trusted channel of communication; and
  
  an account configuration manager executable by the client computing device, the account configuration manager comprising;
  
  logic that automatically sends a security credential reset request to a credential management endpoint corresponding to at least one account linked to the trusted channel of communication;
  
  logic that, in response to receiving a respective security credential communication for the at least one account via the trusted channel of communication, configures at least one application executable by the client computing device to access the at least one account based at least in part on the respective security credential communication; and
  
  wherein the security credential reset request includes a public key, and the respective security credential communication is encrypted using the public key.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the respective security credential communication comprises at least one of:
    - a replacement security credential, a temporary security credential, or a device-specific security credential that is specific to the client computing device.

17. A method, comprising:
- receiving, by a client computing device, an identification of an account from a user;
  
  automatically requesting, by the client computing device, a security credential reset corresponding to the account, the account being linked to a trusted channel of communication for reset purposes;
  
  receiving, by the client computing device, a security credential communication corresponding to the account via the trusted channel of communication; and
  
  automatically configuring, by the client computing device, at least one application to access the account based at least in part on the security credential communication.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - parsing, by the client computing device, the security credential communication to obtain a reset token;
      
      authenticating, by the client computing device, with a service corresponding to the account using the reset token; and
      
      communicating, by the client computing device, with the service while authenticated to establish at least one replacement security credential for the account.
  - 19. The method of claim 17, further comprising:
    - receiving, by the client computing device, data describing a security credential reset format for the account from another computing device; and
      
      wherein the security credential reset is automatically requested based at least in part on the data describing the security credential reset format.
  - 20. The method of claim 17, further comprising requesting, by the client computing device, the security credential reset based at least in part on an answer to a knowledge-based question.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Strand, William Alexander, Johansson, Jesper Mikael, Nguyen, Luan Khai
Primary Examiner(s)
Song, Hosuk

Application Number

US13/923,830
Time in Patent Office

718 Days
Field of Search

726 1- 10, 713168-170, 713/189, 709223-225, 709/229
US Class Current

1/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/0442   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Provisioning account credentials via a trusted channel

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Provisioning account credentials via a trusted channel

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others