Managing security credentials

US 9,767,262 B1
Filed: 07/29/2011
Issued: 09/19/2017
Est. Priority Date: 07/29/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying specific instructions that, when executed, cause a remote computing device to at least:

automatically generate a security credential for a user account with a network site according to a security credential specification requested from the network site at a standardized location, the security credential having a maximum security strength as defined by the security credential specification;

automatically establish the security credential with the network site as a valid security credential;

select a plurality of knowledge-based questions to be presented to a user at a client computing device in response to receiving a request for the security credential from the client computing device;

provide the plurality of knowledge-based questions to the client computing device in response to the request;

generate a score based at least in part on a comparison of a plurality of received answers to the plurality of knowledge-based questions with a plurality of valid answers to the plurality of knowledge-based questions, the plurality of received answers being received from the client computing device, and individual received answers of the plurality of received answers being weighted with a respective different weight based at least in part on a respective knowledge-based question of the plurality of knowledge-based questions;

provide the security credential to the client computing device when the score meets a predetermined threshold; and

establish a master security credential received from the client computing device as a valid master security credential when the score meets the predetermined threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for managing security credentials. In one embodiment, a request for a security credential is obtained from a client and is stored in association with a user account. Knowledge-based questions are provided to the client in response to the request. At least one of the knowledge-based questions is dynamically generated based at least in part on data associated with the user account. Answers to the knowledge-based questions are obtained from the client. The security credential is provided to the client based at least in part on the answers.

171 Citations

27 Claims

1. A non-transitory computer-readable medium embodying specific instructions that, when executed, cause a remote computing device to at least:
- automatically generate a security credential for a user account with a network site according to a security credential specification requested from the network site at a standardized location, the security credential having a maximum security strength as defined by the security credential specification;
  
  automatically establish the security credential with the network site as a valid security credential;
  
  select a plurality of knowledge-based questions to be presented to a user at a client computing device in response to receiving a request for the security credential from the client computing device;
  
  provide the plurality of knowledge-based questions to the client computing device in response to the request;
  
  generate a score based at least in part on a comparison of a plurality of received answers to the plurality of knowledge-based questions with a plurality of valid answers to the plurality of knowledge-based questions, the plurality of received answers being received from the client computing device, and individual received answers of the plurality of received answers being weighted with a respective different weight based at least in part on a respective knowledge-based question of the plurality of knowledge-based questions;
  
  provide the security credential to the client computing device when the score meets a predetermined threshold; and
  
  establish a master security credential received from the client computing device as a valid master security credential when the score meets the predetermined threshold.
- View Dependent Claims (2, 3)
- - 2. The non-transitory computer-readable medium of claim 1, wherein at least one of the plurality of knowledge-based questions is dynamically generated based at least in part on purchase transaction data associated with the user.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the respective different weight for a first answer of the plurality of received answers to a first knowledge-based question of the plurality of knowledge-based questions is greater than the respective different weight for a second answer of the plurality of received answers to a second knowledge-based question of the plurality of knowledge-based questions when a first event associated with the first knowledge-based question is more recent than a second event associated with the second knowledge-based question.

4. A system for providing a security credential, comprising:
- at least one remote computing device; and
  
  a security credential manager executable in the at least one remote computing device, wherein, when executed, the security credential manager causes the at least one remote computing device to at least;
  
  automatically generate at least one security credential according to a security credential specification received from a network site at a standardized location;
  
  store the at least one security credential in association with a user account for the network site;
  
  provide a plurality of dynamically generated knowledge-based questions to a user at a client computing device and a request for a master security credential in response to a request for the at least one security credential received from the client computing device;
  
  generate a score based at least in part on a plurality of answers to the plurality of dynamically generated knowledge-based questions, the plurality of answers being received from the user via the client computing device, and individual answers of the plurality of answers being weighted with a respective different weight based at least in part on a respective knowledge-based question of the plurality of dynamically generated knowledge-based questions; and
  
  provide the at least one security credential to the client computing device in response to the score meeting or exceeding a predefined threshold and a determination that the master security credential received from the client computing device is valid.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 5. The system of claim 4, wherein the at least one security credential corresponds to a plurality of security credentials associated with a plurality of different network sites.
  - 6. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least determine that the master security credential received from the client computing device is valid by comparing a hashed version of the master security credential to a valid master security credential that is stored in association with the user account.
  - 7. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least determine that the master security credential received from the client computing device is valid using a public-key cryptographic system.
  - 8. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least automatically establish the at least one security credential with the network site.
  - 9. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least:
    - automatically regenerate the at least one security credential according to another security credential specification received from the network site, wherein the at least one security credential that has been regenerated replaces the at least one security credential that was previously generated.
  - 10. The system of claim 4, wherein the client computing device includes a local security credential generation application that causes the client computing device to at least automatically generate another security credential, and, when executed, the security credential manager further causes the at least one remote computer device to at least receive the other security credential from the client computing device.
  - 11. The system of claim 4, wherein the client computing device corresponds to a kiosk, and the kiosk is configured to remove the at least one security credential from a memory of the kiosk upon expiration of a user session.
  - 12. The system of claim 4, wherein the security credential specification defines at least a character set and a length for a password.
  - 13. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least, in response to receiving the master security credential from the client computing device, establish the master security credential in the at least one remote computing device as a valid master security credential based at least in part on the plurality of answers to the plurality of dynamically generated knowledge-based questions.
  - 14. The system of claim 4, wherein the score is generated based at least in part on a recency of an event associated with at least one of the plurality of dynamically generated knowledge-based questions.
  - 15. The system of claim 4, wherein the score is generated based at least in part on at least one supplemental security credential received from the client computing device.
  - 16. The system of claim 4, wherein, when executed, the security credential manager further causes the at least one remote computing device to at least dynamically generate the plurality of dynamically generated knowledge-based questions based at least in part on data associated with the user account.
  - 17. The system of claim 16, wherein the data associated with the user account includes purchase transaction data associated with the user account.
  - 18. The system of claim 4, wherein the security credential is generated to have a maximum security strength allowed by the security credential specification.

19. A method of providing a security credential, comprising:
- receiving, by a security credential manager on at least one of one or more remote computing devices, a security credential specification from a network site;
  
  automatically generating, by the security credential manager on at least one of the one or more remote computing devices, the security credential required to access the network site based at least in part on the security credential specification;
  
  receiving, by at least one of the one or more remote computing devices, a request for the security credential from a client computing device, the security credential being stored in at least one of the one or more remote computing devices in association with a user account;
  
  providing, by at least one of the one or more remote computing devices, at a plurality of knowledge-based questions and a master security credential request to a user at the client computing device in response to the request;
  
  receiving, by at least one of the one or more remote computing devices, a master security credential and a plurality of answers to the plurality of knowledge-based questions from the user via the client computing device;
  
  generating, by at least one of the one or more remote computing devices, a score based at least in part on the plurality of answers to the plurality of knowledge-based questions, individual answers of the plurality of answers being assigned a different weight based at least in part on a recency of an event associated with a respective knowledge-based question of the plurality of knowledge-based questions; and
  
  providing, by at least one of the one or more remote computing devices, the security credential to the client computing device based at least in part on both the score meeting or exceeding a predefined threshold and the master security credential being valid.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The method of claim 19, further comprising:
    - receiving, by at least one of the one or more remote computing devices, at least one supplemental security credential from the client computing device; and
      
      wherein the score is further based at least in part on the at least one supplemental security credential being valid.
  - 21. The method of claim 19, further comprising:
    - establishing, by at least one of the one or more remote computing devices, the security credential with the network site using a previous security credential associated with the user account; and
      
      storing, by at least one of the one or more remote computing devices, the security credential in association with the user account.
  - 22. The method of claim 19, wherein the security credential specification is received from the network site through a standardized location on the network site.
  - 23. The method of claim 19, wherein the security credential is generated to have a maximum security strength allowed by the security credential specification.
  - 24. The method of claim 19, wherein at least one of the plurality of knowledge-based questions is preselected by the user.
  - 25. The method of claim 19, further comprising establishing, by at least one of the one or more remote computing devices, the master security credential as a valid master security credential based at least in part on at least one answer of the plurality of answers to the plurality of knowledge-based questions.
  - 26. The method of claim 25, wherein the valid master security credential is received from the client computing device.
  - 27. The method of claim 25, further comprising:
    - receiving, by at least one of the one or more remote computing devices, the master security credential and another request for the security credential and from another client computing device;
      
      determining, by at least one of the one or more remote computing devices, whether the master security credential received from the other client computing device is valid according to the valid master security credential; and
      
      providing, by at least one of the one or more remote computing devices, the security credential to the other client computing device in response to the other request when the master security credential received from the other client computing device is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Canavor, Darren E., Johansson, Jesper M.
Primary Examiner(s)
Bali, Vikkram
Assistant Examiner(s)
Mangialaschi, Tracy

Application Number

US13/194,287
Time in Patent Office

2,244 Days
Field of Search

726 6
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

H04L 9/3226   using a predetermined code,...

Managing security credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

171 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Managing security credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others