AUTOMATED SECRET RENEGOTIATION
First Claim
1. A computer-implemented method for proactively renegotiating a shared secret, comprising:
- receiving a request from a client device, the request including a shared secret generated using a seed and a client time value determined using a clock of the client device;
analyzing the shared secret to determine whether the seed used to generate the shared secret matches an expected seed value for the request;
comparing the client time value, used to generate the shared secret, against a current time of a local clock and a client time value offset;
when the seed is determined to match the expected seed value within an acceptable amount of variation and the client time value falls inside a window of time with respect to the current time as modified by the client time value offset;
authenticating an identity of the client device and processing the request; and
automatically updating at least one of (a) the expected seed value to match the seed used to generate the shared secret or (b) the client time value offset to account for the client time value.
0 Assignments
0 Petitions
Accused Products
Abstract
Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.
12 Citations
1 Claim
-
1. A computer-implemented method for proactively renegotiating a shared secret, comprising:
-
receiving a request from a client device, the request including a shared secret generated using a seed and a client time value determined using a clock of the client device; analyzing the shared secret to determine whether the seed used to generate the shared secret matches an expected seed value for the request; comparing the client time value, used to generate the shared secret, against a current time of a local clock and a client time value offset; when the seed is determined to match the expected seed value within an acceptable amount of variation and the client time value falls inside a window of time with respect to the current time as modified by the client time value offset; authenticating an identity of the client device and processing the request; and automatically updating at least one of (a) the expected seed value to match the seed used to generate the shared secret or (b) the client time value offset to account for the client time value.
-
Specification
-
- Resources
-
Current AssigneeAmazon Technologies, Inc. (Amazon.com, Inc.)
-
Original AssigneeAmazon Technologies, Inc. (Amazon.com, Inc.)
-
InventorsRoth, Gregory Branchek, Ilac, Cristian M.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/6
-
CPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/08 for authentication of entit...H04L 63/0838 using one-time-passwordsH04L 9/0872 using geo-location informat...H04L 9/0891 Revocation or update of sec...H04W 12/04 Key management, e.g. using ...H04W 12/06 AuthenticationH04W 12/61 Time-dependent
