Automated secret renegotiation
First Claim
1. A computing device, comprising:
- at least one processor; and
a memory device including instructions that, when executed by the at least one processor, cause the computing device to;
receive a request from a client device, the request including provided information generated using a seed and a counter value of a counter on the client device;
analyze the provided information to determine the seed and the counter value used to generate the provided information;
compare the seed to an expected seed value, the expected seed value including information combined with a previous seed value by the client device upon detection of an event;
compare the counter value to an acceptable counter value for the request;
compute at least one reference information, the at least one reference information computed based at least in part upon the expected seed value and the acceptable counter value; and
in response to the provided information matching the at least one reference information, accept the request.
0 Assignments
0 Petitions
Accused Products
Abstract
Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.
12 Citations
20 Claims
-
1. A computing device, comprising:
-
at least one processor; and a memory device including instructions that, when executed by the at least one processor, cause the computing device to; receive a request from a client device, the request including provided information generated using a seed and a counter value of a counter on the client device; analyze the provided information to determine the seed and the counter value used to generate the provided information; compare the seed to an expected seed value, the expected seed value including information combined with a previous seed value by the client device upon detection of an event; compare the counter value to an acceptable counter value for the request; compute at least one reference information, the at least one reference information computed based at least in part upon the expected seed value and the acceptable counter value; and in response to the provided information matching the at least one reference information, accept the request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for proactively renegotiating a shared secret, comprising:
-
receiving a request from a client device, the request including provided information generated using a seed and a counter value of a counter on the client device; comparing the seed to an expected seed value, the expected seed value including information combined with a previous seed value by the client device upon detection of an event; comparing the counter value to an acceptable counter value for the request; computing at least one reference information, the at least one reference information computed based at least in part upon an expected seed value and an acceptable counter value; and in response to the provided information matching the at least one reference information, accepting the request. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
receive a request from a client device, the request including provided information generated using a seed and a counter value of a counter on the client device; compare the seed to an expected seed value, the expected seed value including information combined with a previous seed value by the client device upon detection of an event; compare the counter value to an acceptable counter value for the request; compute at least one reference information, the at least one reference information computed based at least in part upon an expected seed value and an acceptable counter value; and in response to the provided information matching the at least one reference information, accept the request. - View Dependent Claims (17, 18, 19, 20)
-
Specification