Automatic token renewal for device authentication

US 9,608,974 B2
Filed: 02/23/2015
Issued: 03/28/2017
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under control of one or more computer systems configured with executable instructions,receiving an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token;

determining that the first token is expired;

determining that the first token matches a second token that is stored in persistent storage;

determining that the second token is outside of a renewal window for the computing device;

issuing a new token to be used by the computing device;

storing the new token in the persistent storage as an unconfirmed new token;

receiving a confirmation of the unconfirmed new token; and

storing data indicating the unconfirmed new token is a confirmed new token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user'"'"'s token might have been stolen.

36 Citations

View as Search Results

13 Claims

1. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,receiving an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token;
  
  determining that the first token is expired;
  
  determining that the first token matches a second token that is stored in persistent storage;
  
  determining that the second token is outside of a renewal window for the computing device;
  
  issuing a new token to be used by the computing device;
  
  storing the new token in the persistent storage as an unconfirmed new token;
  
  receiving a confirmation of the unconfirmed new token; and
  
  storing data indicating the unconfirmed new token is a confirmed new token.
- View Dependent Claims (2, 3)
- - 2. The computer-implemented method of claim 1 further comprising:
    - determining that the account associated with the computing device is no longer active with the provider environment;
      
      denying the authentication request; and
      
      deleting all tokens associated with the computing device registered with the provider environment.
  - 3. The computer-implemented method of claim 1 further comprising:
    - determining that the account associated with the computing device is no longer active with the provider environment;
      
      denying the authentication request;
      
      de-registering the computing device from the provider environment; and
      
      returning an indication of a failed authentication to the computing device.

4. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,receiving an authentication request from an account associated with a computing device used in a provider environment, the authentication request including a first token;
  
  determining that the first token is expired;
  
  determining that the first token matches a second token that is stored in persistent storage;
  
  determining that the second token is within a renewal window for the computing device;
  
  determining that the account associated with the computing device is an active account;
  
  issuing a new token to be used by the computing device in the provider environment;
  
  storing the new token in the persistent storage as an unconfirmed new token;
  
  receiving a confirmation of the unconfirmed new token; and
  
  storing data indicating the unconfirmed new token is a confirmed new token.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The computer-implemented method of claim 4 further comprising:
    - storing data indicating the new token is the unconfirmed token; and
      
      sending the new token to the computing device.
  - 6. The computer-implemented method of claim 4 further comprising:
    - determining that the account associated with the computing device is no longer active with the provider environment;
      
      deleting all tokens associated with the computing device; and
      
      de-registering the computing device from the provider environment.
  - 7. The computer-implemented method of claim 4 further comprising:
    - determining that a third token is stored in persistent storage and has not been confirmed by the computing device; and
      
      determining that the third token has expired.
  - 8. The computer-implemented method of claim 4, further comprising:
    - subsequent to determining that the second token is within a renewal window for the computing device, determining that the second token is outside the renewal window for the computing device; and
      
      denying the authentication request.

9. A computing system, comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the at least one processor, cause the computing system to;
  
  receive an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token;
  
  determine that the first token is expired;
  
  determine that the first token matches a second token that is stored in persistent storage; and
  
  determine that the second token is outside of a renewal window for the computing device;
  
  issuing a new token to be used by the computing device;
  
  storing the new token in the persistent storage as an unconfirmed new token;
  
  receive a confirmation of the unconfirmed new token; and
  
  store data indicating the unconfirmed new token is a confirmed new token.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to:
    - determine that the account associated with the computing device is no longer active with the provider environment;
      
      delete all tokens associated with the computing device registered to the provider environment;
      
      de-register the computing device from the provider environment; and
      
      return an indication of faded authentication to the computing device.
  - 11. The computing system of claim 9 wherein the instructions, when executed, cause the computing device to:
    - determine that the second token is within the renewal window; and
      
      authorize the authentication request.
  - 12. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to:
    - determine that an account associated with the computing device is an active account.
  - 13. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to:
    - determine that the account associated with the computing device is not an active account with the provider environment;
      
      delete all tokens associated with the computing device; and
      
      de-register the computing device from the provider environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Barrows, Maximilian Francis, Ferraro, Paul Francis Dean, McHugh, Jason George, Passaglia, Abraham Martin, Roths, Andrew Jay, Shell, Eric Allan
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Lakhia, Viral

Application Number

US14/629,372
Publication Number

US 20150172271A1
Time in Patent Office

764 Days
Field of Search

713/156, 713/2, 713/181, 713/155, 726/6, 726/7, 726/1, 705/64
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0846 using time-dependent-passwo...

Automatic token renewal for device authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic token renewal for device authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links