Distributed passcode verification system

US 9,967,249 B2
Filed: 06/20/2016
Issued: 05/08/2018
Est. Priority Date: 01/07/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving passcode information comprising, for each passcode of a plurality of passcodes, a value derived based at least in part on the passcode and usable, with a secret, to verify purported passcodes, the secret maintained in a hardware device;

receiving a purported passcode;

causing the hardware device to provide a reference value calculated based at least in part on the purported passcode and the secret;

determining, based at least in part on whether the reference value matches a corresponding value of the passcode information, whether the purported passcode is valid;

enabling access to computing functionality as a result of determining that the purported passcode is valid; and

as a result of a limit on a number of passcode verifications having been exceeded, causing the hardware device to be unable to use the secret to at least verify passcodes, the hardware device being unilaterally unable to restore an ability to use the secret to at least verify passcodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed passcode verification system includes devices that each have a secret and that are each able to perform a limited number of verifications using their secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a secret, to verify passcodes provided to a verifier.

219 Citations

22 Claims

1. A computer-implemented method, comprising:
- receiving passcode information comprising, for each passcode of a plurality of passcodes, a value derived based at least in part on the passcode and usable, with a secret, to verify purported passcodes, the secret maintained in a hardware device;
  
  receiving a purported passcode;
  
  causing the hardware device to provide a reference value calculated based at least in part on the purported passcode and the secret;
  
  determining, based at least in part on whether the reference value matches a corresponding value of the passcode information, whether the purported passcode is valid;
  
  enabling access to computing functionality as a result of determining that the purported passcode is valid; and
  
  as a result of a limit on a number of passcode verifications having been exceeded, causing the hardware device to be unable to use the secret to at least verify passcodes, the hardware device being unilaterally unable to restore an ability to use the secret to at least verify passcodes.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving, to the hardware device and from another device, information indicating an increase to the limit;
      
      determining, at the hardware device, whether the information indicating the increase to the limit is valid; and
      
      in response to the information indicating the increase to the limit is valid, performing, by the hardware device, one or more operations that result in additional passcode verifications being performable.
  - 3. The computer-implemented method of claim 2, wherein receiving the information indicating the increase to the limit is a result of establishing a connection with a private network that includes the other device.
  - 4. The computer-implemented method of claim 2, wherein receiving the information occurs by a unidirectional communication protocol.
  - 5. The computer-implemented method of claim 1, wherein the secret is a hardware secret and physical tampering of the hardware device causes the hardware secret to be destroyed.
  - 6. The computer-implemented method of claim 1, wherein:
    - the secret is from a set of one or more secrets; and
      
      enabling access to the computing functionality comprises using a specified secret from the set of one or more secrets to decrypt data stored in encrypted form on a data storage device.

7. A system, comprising a plurality of computing devices that implement at least:
- one or more passcode verifiers, each passcode verifier of the one or more passcode verifiers having a hardware device that maintains a secret so as to be unobtainable outside of the hardware device, the passcode verifier further having functionality to;
  
  receive, from a passcode information manager, passcode information required to perform passcode verifications; and
  
  use the hardware device to verify passcodes based at least in part on the secret and in accordance with a limit on a number of passcode verifications performable using the secret, the hardware device being unable to unilaterally restore an ability to use the secret to at least verify passcodes.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system of claim 7, wherein the secret is a hardware secret and physical tampering of the hardware device causes the hardware secret to be destroyed.
  - 9. The system of claim 7, wherein successful passcode verifications contribute to exhaustion of the limit.
  - 10. The system of claim 7, wherein the passcode information manager increases the limit for at least one of the passcode verifiers.
  - 11. The system of claim 7, wherein the hardware device destroys a corresponding hardware secret as a result of exceeding the limit.
  - 12. The system of claim 7, further comprising the passcode information manager that distributes the passcode information to at least a subset of the one or more passcode verifiers.
  - 13. The system of claim 12, wherein:
    - the passcode information manager is a server on a private network; and
      
      the passcode verifiers are computing devices at least intermittently on the private network.
  - 14. The system of claim 7, wherein at least one of the passcode verifiers, after receipt of the passcode information, uses the passcode information to verify a passcode without communicating with the passcode information manager.
  - 15. The system of claim 7, wherein the passcode information for at least one passcode verifier of the one or more passcode verifiers comprises, for each passcode of a plurality of passcodes each corresponding to a different account a hash value generated based at least in part on a copy of the secret of the at least one passcode verifier.

16. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
- receive a purported passcode; and
  
  as a result of receiving the purported passcode;
  
  cause to be calculated, based at least in part on the purported passcode and a secret of the computer system, a reference value to result in a calculated reference value;
  
  determine, based at least in part on the calculated reference value and passcode verification information received from another computer system, whether the purported passcode is valid;
  
  enable access to a resource in response to determining the purported passcode is valid; and
  
  perform an operation that contributes to depletion of a limited number of passcode verifications performable by the computer system, the computer system being unable to unilaterally restore the limited number of passcode verifications.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the instructions that cause the computer system to receive the purported passcode cause the computer system to receive the purported passcode through an input device of the computer system.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to request, to another computer system, that the limited number of passcode verifications be refreshed and refresh the limited number of passcode verifications upon receiving authorization from the other computer system.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the instructions that cause the computer system to request that the limited number of passcode verifications be refreshed cause the computer system to request that the limited number of passcode verifications be refreshed prior to complete depletion of the limited number of passcode verifications.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein the limited number of passcode verifications is a fixed number of passcode verifications.
  - 21. The non-transitory computer-readable storage medium of claim 16, wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to destroy the secret as a result of complete depletion of the limited number of passcode verifications.
  - 22. The non-transitory computer-readable storage medium of claim 16, wherein:
    - the secret is from a set of one or more secrets of the computer system; and
      
      the instructions that cause the computer system to enable access to the resource, as a result of execution by the one or more processors, cause the computer system to use a specified secret from the set of one or more secrets to decrypt data stored in encrypted form on a data storage device of the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Rubin, Gregory Alan
Primary Examiner(s)
Song, Hosuk
Assistant Examiner(s)
Murphy, J. Brant

Application Number

US15/187,699
Publication Number

US 20160301682A1
Time in Patent Office

687 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

Distributed passcode verification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

219 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed passcode verification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links