Multi-user secret decay

US 9,106,405 B1
Filed: 06/25/2012
Issued: 08/11/2015
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of proactively modifying secret information in an electronic environment, comprising:

determining secret information to be used for securing communications between a first device and a second device;

at each of a plurality of times, modifying, by the first device, at least one portion of the secret information according to one or more secret information modification parameters accessible to both of the first device and the second device to generate an updated version of the secret information, the secret information modification parameters specifying a permitted amount of deviation between (i) the secret information determined between the first device and the second device and (ii) the updated version of the secret information generated by the first device; and

sending at least one communication from the first device to the second device, the at least one communication based at least in part on the updated version of the secret information;

wherein the second device receiving the at least one communication is able to determine the updated version of the secret information based at least in part on the permitted amount of deviation specified by the secret information modification parameters accessible to the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

34 Citations

View as Search Results

24 Claims

1. A computer-implemented method of proactively modifying secret information in an electronic environment, comprising:
- determining secret information to be used for securing communications between a first device and a second device;
  
  at each of a plurality of times, modifying, by the first device, at least one portion of the secret information according to one or more secret information modification parameters accessible to both of the first device and the second device to generate an updated version of the secret information, the secret information modification parameters specifying a permitted amount of deviation between (i) the secret information determined between the first device and the second device and (ii) the updated version of the secret information generated by the first device; and
  
  sending at least one communication from the first device to the second device, the at least one communication based at least in part on the updated version of the secret information;
  
  wherein the second device receiving the at least one communication is able to determine the updated version of the secret information based at least in part on the permitted amount of deviation specified by the secret information modification parameters accessible to the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the second device receiving the updated version of the secret information is further able to determine the updated version of the secret information when a previous updated version of the secret information was not received.
  - 3. The computer-implemented method of claim 2, wherein the updated version of the secret information is able to be determined if the second device received at least a determined number of previous updated versions of the secret information.
  - 4. The computer-implemented method of claim 1, wherein the modifying is capable of being performed by at least one of the first device or the second device, the second device being further configured to sending at least one communication to the first device based at least in part on the updated version of the secret information.
  - 5. The computer-implemented method of claim 1, wherein the plurality of times is each determined in response to at least one event, at regular intervals, at random times, in response to a number of transmissions, or after one or more additional devices are added to be able to receive the communications.
  - 6. The computer-implemented method of claim 1, wherein the modifying includes adding or updating one or more portions of the secret information within the permitted amount of deviation.
  - 7. The computer-implemented method of claim 1, wherein the second device receiving the updated version of the secret information and determining a validity of the updated version of the secret information is capable of storing the updated version of the secret information for use with future communications.
  - 8. The computer-implemented method of claim 1, wherein the second device receiving the updated version of the secret information is unable to determine the updated version of the secret information when at least a specified number of previous updated versions of the secret information were not received.
  - 9. The computer-implemented method of claim 1, wherein the secret information is selected from a fixed number of secret variations.
  - 10. The computer-implemented method of claim 1, wherein the at least one communication includes information signed or encrypted using the updated secret information as a key.

11. A computing device, comprising:
- a processor; and
  
  a memory device including instructions that, when executed by the processor, cause the computing device to;
  
  determine secret information to be used for securing communications between the computing device and a second device;
  
  at each of a plurality of times, modify, by the computing device, at least one portion of the secret information according to one or more secret information modification parameters accessible to both of the computing device and the second device to generate an updated version of the secret information, the secret information modification parameters specifying a permitted amount of deviation between (i) the secret information determined between the computing device and the second device and (ii) the updated version of the secret information generated by the computing device; and
  
  send at least one communication from the first device to the second device, the at least one communication based at least in part on the updated version of the secret information;
  
  wherein the second device receiving the at least one communication is able to determine the updated version of the secret information based at least in part on the updated version of the secret information having a permitted amount of deviation from the determined secret information as specified by the secret information modification parameters accessible to the second device.
- View Dependent Claims (12, 13, 14)
- - 12. The computing device of claim 11, wherein the at least one second device receiving the updated version of the secret information is further able to determine the updated version of the secret information when at least a determined number of previous updated versions of the secret information were received.
  - 13. The computing device of claim 11, wherein each of the plurality of times is each determined in response to an event, at regular intervals, at random times, in response to a number of transmissions, or after one or more additional devices are added to be able to receive the communications.
  - 14. The computing device of claim 11, wherein the modifying includes adding or updating one or more portions of the secret information.

15. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
- determine secret information to be used for securing communications between a first device and a second device;
  
  at each of a plurality of times, modify, by the first device, at least one portion of the secret information according to one or more secret information modification parameters accessible to both of the computing device and the second device to generate an updated version of the secret information, the secret information modification parameters specifying a permitted amount of deviation between (i) the secret information determined between the first device and (ii) the second device and the updated version of the secret information generated by the first device; and
  
  send at least one communication from the first device to the second device, the at least one communication based at least in part on the updated version of the secret information;
  
  wherein the second device receiving the at least one communication is able to determine the updated version of the secret information based at least in part on the updated version of the secret information having a permitted amount of deviation from the determined secret information as specified by the secret information modification parameters accessible to the second device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the second device receiving the updated version of the secret information is further able to determine the updated version of the secret information when a previous updated version of the secret information was not received.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the updated version of the secret information is able to be determined if the second device received at least a determined number of previous updated versions of the secret information.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the modifying is capable of being performed by at least one of the first device or the second device, the second device being further configured to sending at least one communication to the first device based at least in part on the updated version of the secret information.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the plurality of times is each determined in response to at least one event, at regular intervals, at random times, in response to a number of transmissions, or after one or more additional devices are added to be able to receive the communications.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the modifying includes adding or updating one or more portions of the secret information.
  - 21. The non-transitory computer-readable storage medium of claim 15, wherein the second device receiving the updated version of the secret information and determining a validity of the updated version of the secret information is capable of storing the updated version of the secret information for use with future communications.
  - 22. The non-transitory computer-readable storage medium of claim 15, wherein the second device receiving the updated version of the secret information is unable to determine the updated version of the secret information when at least a specified number of previous updated versions of the secret information were not received.
  - 23. The non-transitory computer-readable storage medium of claim 15, wherein the secret information is selected from a fixed number of secret variations.
  - 24. The non-transitory computer-readable storage medium of claim 15, wherein the at least one communication includes information signed or encrypted using the updated secret information as a key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory B., Ilac, Cristian M.
Primary Examiner(s)
Chao, Michael
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US13/532,279
Time in Patent Office

1,142 Days
Field of Search

713/150, 713/185, 713/183, 380/200, 726/20
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 63/123   received data contents, e.g...

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Multi-user secret decay

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-user secret decay

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links