Methods and devices for providing warnings associated with credentials to be stored in a credential store

US 9,384,342 B2
Filed: 05/10/2013
Issued: 07/05/2016
Est. Priority Date: 05/10/2013
Status: Active Grant

First Claim

Patent Images

1. A method of providing a warning associated with credentials to be stored in a credential store on a computing device, the method comprising:

receiving a request to store, in the credential store, at least one credential for a specified service;

determining whether a secure connection between the computing device and the specified service is available;

associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, the specified service being associated with a secure level if the secure connection is available and is of a minimum encryption strength, and with a non-secure level otherwise;

determining (i) that at least one credential stored in the credential store is for a service that is associated with a different level of security from the level of security with which the specified service is associated, and (ii) that at least one of the at least one credential for the service associated with the different level of security corresponds to the at least one credential for the specified service; and

providing a warning in response to the determining.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.

Citations

25 Claims

1. A method of providing a warning associated with credentials to be stored in a credential store on a computing device, the method comprising:
- receiving a request to store, in the credential store, at least one credential for a specified service;
  
  determining whether a secure connection between the computing device and the specified service is available;
  
  associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, the specified service being associated with a secure level if the secure connection is available and is of a minimum encryption strength, and with a non-secure level otherwise;
  
  determining (i) that at least one credential stored in the credential store is for a service that is associated with a different level of security from the level of security with which the specified service is associated, and (ii) that at least one of the at least one credential for the service associated with the different level of security corresponds to the at least one credential for the specified service; and
  
  providing a warning in response to the determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein the providing comprises outputting a notification that indicates a risk of compromise to data associated with one or more secure services.
  - 3. The method of claim 1, further comprising:
    - responsive to providing the warning, prompting for user input as to whether to proceed with storing the at least one credential for the specified service in the credential store; and
      
      storing the at least one credential for the specified service in the credential store in response to receiving the user input to proceed with storing.
  - 4. The method of claim 1, further comprising storing, in association with the at least one credential in the credential store, an indicator of the level of security with which the specified service is associated.
  - 5. The method of claim 4, further comprising:
    - periodically determining whether the level of security with which the specified service is associated has changed to a different level; and
      
      updating the indicator in response to determining that the level of security with which the specified service is associated has changed to the different level.
  - 6. The method of claim 3, further comprising:
    - in response to the storing, disabling an auto-fill function in a user interface of the computing device when the at least one credential for the specified service is expected to be received as user input in the user interface.
  - 7. The method of claim 3, further comprising:
    - in response to the storing, disabling an auto-fill function in a user interface of the computing device when any credential that is stored in the credential store and that corresponds to the at least one credential for the specified service is expected to be received as user input in the user interface.
  - 8. The method of claim 1, further comprising:
    - in response to providing the warning, providing an option to cancel the request.
  - 9. The method of claim 1, further comprising:
    - in response to providing the warning, providing an option to prompt for at least one different credential, for the specified service, to request to store in the credential store.
  - 10. The method of claim 1, further comprising polling the specified service to determine whether the secure connection between the computing device and the specified service is available.
  - 11. The method of claim 10, wherein the polling is performed without user intervention, in response to receiving the request.
  - 12. The method of claim 1, wherein the secure connection comprises at least one of a Transport Layer Security (TLS) connection or a Secure Sockets Layer (SSL) connection.
  - 13. The method of claim 1, wherein the one or more properties of the secure connection comprises at least one of:
    - a strength of the secure connection, a key exchange algorithm type, a bulk encryption algorithm type, a server authentication algorithm type, or a message authentication code (MAC) algorithm type.
  - 14. The method of claim 1, wherein the associating the specified service with the level of security is performed in accordance with a security policy governing operation of the computing device.
  - 15. The method of claim 1, wherein the at least one credential stored in the credential store corresponds to the at least one credential associated with the specified service if the at least one credential stored in the credential store matches the at least one credential associated with the specified service.
  - 16. The method of claim 1, wherein the at least one credential stored in the credential store corresponds to the at least one credential associated with the specified service if the at least one credential stored in the credential store is determined to be sufficiently similar to the at least one credential associated with the specified service.
  - 17. The method of claim 1, further comprising:
    - determining a first entropy rating for the at least one credential for the specified service;
      
      for each credential stored in the credential store that is for a service associated with a same level of security as the level of security with which the specified service is associated, determining a second entropy rating for the credential;
      
      determining a relative entropy rating for the at least one credential for the specified service, the relative entropy rating comprising a function of the first and second entropy ratings; and
      
      outputting the relative entropy rating.
  - 18. The method of claim 17, wherein the relative entropy rating is output in the form of at least one of a graphical icon, a numerical value, or a text descriptor.
  - 19. The method of claim 17, further comprising:
    - responsive to outputting the relative entropy rating, prompting for user input as to whether to proceed with storing the at least one credential for the specified service in the credential store; and
      
      storing the at least one credential for the specified service in the credential store in response to receiving the user input to proceed with storing.
  - 20. The method of claim 17, further comprising:
    - in response to outputting the relative entropy rating, providing an option to cancel the request.
  - 21. The method of claim 17, further comprising:
    - in response to outputting the relative entropy rating, providing an option to prompt for at least one different credential, for the specified service, to request to store in the credential store.
  - 22. The method of claim 1, wherein the at least one credential for the specified service comprises a password.
  - 23. The method of claim 1, wherein the at least one credential for the specified service comprises a username.

24. A computing device programmed to provide a warning associated with credentials to be stored in a credential store, the computing device comprising a processor configured to:
- receive a request to store, in the credential store, at least one credential for a specified service;
  
  determine whether a secure connection between the computing device and the specified service is available;
  
  associate the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, the specified service being associated with a secure level if the secure connection is available and is of a minimum encryption strength, and with a non-secure level otherwise;
  
  determine (i) that at least one credential stored in the credential store is for a service that is associated with a different level of security from the level of security with which the specified service is associated and (ii) that at least one of the at least one credential for the service associated with the different level of security corresponds to the at least one credential for the specified service; and
  
  provide a warning in response to the determining.

25. A non-transitory computer-readable storage medium comprising executable instructions for programming a computing device to provide a warning prior to storing credentials in a credential store on the computing device, the instructions configuring a processor of the computing device to:
- receive a request to store, in the credential store, at least one credential for a specified service;
  
  determine whether a secure connection between the computing device and the specified service is available;
  
  associate the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, the specified service being associated with a secure level if the secure connection is available and is of a minimum encryption strength, and with a non-secure level otherwise;
  
  determine (i) that at least one credential stored in the credential store is for a service that is associated with a different level of security from the level of security with which the specified service is associated, and (ii) that at least one of the at least one credential for the service associated with the different level of security corresponds to the at least one credential for the specified service; and
  
  provide a warning in response to the determining.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Kominar, Jeremy L., Adams, Neil Patrick, Truskovsky, Alexander, Bender, Christopher Lyle, Martin, Daryl Joseph
Primary Examiner(s)
King, John B

Application Number

US13/891,627
Publication Number

US 20140337941A1
Time in Patent Office

1,152 Days
Field of Search

726/6, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/45 Structures or tools for the...

Methods and devices for providing warnings associated with credentials to be stored in a credential store

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and devices for providing warnings associated with credentials to be stored in a credential store

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links