Automatic token renewal for device authentication
First Claim
1. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,receiving an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token;
determining that the first token is expired;
determining that the first token matches a second token that is stored in persistent storage;
determining that the second token is outside of a renewal window for the computing device;
issuing a new token to be used by the computing device;
storing the new token in the persistent storage as an unconfirmed new token;
receiving a confirmation of the unconfirmed new token; and
storing data indicating the unconfirmed new token is a confirmed new token.
1 Assignment
0 Petitions
Accused Products
Abstract
Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user'"'"'s token might have been stolen.
36 Citations
13 Claims
-
1. A computer-implemented method, comprising:
under control of one or more computer systems configured with executable instructions, receiving an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token; determining that the first token is expired; determining that the first token matches a second token that is stored in persistent storage; determining that the second token is outside of a renewal window for the computing device; issuing a new token to be used by the computing device; storing the new token in the persistent storage as an unconfirmed new token; receiving a confirmation of the unconfirmed new token; and storing data indicating the unconfirmed new token is a confirmed new token. - View Dependent Claims (2, 3)
-
4. A computer-implemented method, comprising:
under control of one or more computer systems configured with executable instructions, receiving an authentication request from an account associated with a computing device used in a provider environment, the authentication request including a first token; determining that the first token is expired; determining that the first token matches a second token that is stored in persistent storage; determining that the second token is within a renewal window for the computing device; determining that the account associated with the computing device is an active account; issuing a new token to be used by the computing device in the provider environment; storing the new token in the persistent storage as an unconfirmed new token; receiving a confirmation of the unconfirmed new token; and storing data indicating the unconfirmed new token is a confirmed new token. - View Dependent Claims (5, 6, 7, 8)
-
9. A computing system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to; receive an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token; determine that the first token is expired; determine that the first token matches a second token that is stored in persistent storage; and determine that the second token is outside of a renewal window for the computing device; issuing a new token to be used by the computing device; storing the new token in the persistent storage as an unconfirmed new token; receive a confirmation of the unconfirmed new token; and store data indicating the unconfirmed new token is a confirmed new token. - View Dependent Claims (10, 11, 12, 13)
-
Specification