AUTO-CREATION OF APPLICATION PASSWORDS

US 20160292412A1
Filed: 03/31/2015
Published: 10/06/2016
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting an attempt, by an application on a client device, to log in to a user account;

determining whether the client device is a trusted device; and

generating and storing, by a server, an application password in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an attempt to log in to a user account, by an application on a client device, is detected. It is determined whether the client device is a trusted device. An application password is generated and stored, by a server, in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.

Citations

20 Claims

1. A method, comprising:
- detecting an attempt, by an application on a client device, to log in to a user account;
  
  determining whether the client device is a trusted device; and
  
  generating and storing, by a server, an application password in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein generating and storing the application password are performed automatically without human intervention.
  - 3. The method as recited in claim 1, wherein determining whether the client device is a trusted device comprises:
    - sending an authorization request to an account owner associated with the user account; and
      
      ascertaining whether the account owner has approved the authorization request;
      
      wherein generating and storing the application password are performed according to whether the account owner has approved the authorization request.
  - 4. The method as recited in claim 1, wherein determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account or a recency with which the client device has previously logged in to the user account.
  - 5. The method as recited in claim 1, wherein the determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier of the client device and a location of the device;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the location or a recency with which the client device has previously logged in to the user account from the location.
  - 6. The method as recited in claim 1, wherein detecting an attempt, by an application on a client device, to log in to a user account comprises receiving a user password, wherein determining whether the client device is a trusted device comprises:
    - determining whether the user password was a previously active password of the user account.
  - 7. The method as recited in claim 1, wherein determining whether the client device is a trusted device comprises:
    - determining whether a push channel has been established for the client device.
  - 8. The method as recited in claim 1, further comprising:
    - ascertaining that on demand password services are active for the user account.

9. An apparatus, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being configured to;
  
  detect an attempt, by an application on a client device, to log in to a user account;
  
  determine whether the client device is a trusted device; and
  
  generate and store, by a server, an application password in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus as recited in claim 9, wherein determining whether the client device is a trusted device comprises:
    - sending an authorization request to an account owner associated with the user account; and
      
      ascertaining whether the account owner has approved the authorization request;
      
      wherein generating and storing the application password is performed according to whether the account owner has approved the authorization request.
  - 11. The apparatus as recited in claim 9, wherein determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account or a recency with which the client device has previously logged in to the user account.
  - 12. The apparatus as recited in claim 9, wherein the determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier of the client device and a location of the device;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the location or a recency with which the client device has previously logged in to the user account from the location.
  - 13. The apparatus as recited in claim 9, wherein detecting an attempt, by an application on a client device, to log in to a user account comprises receiving a user password, wherein determining whether the client device is a trusted device comprises:
    - determining whether the user password was a previously active password of the user account.
  - 14. The apparatus as recited in claim 9, wherein determining whether the client device is a trusted device comprises:
    - determining whether a push channel has been established for the client device.
  - 15. The apparatus as recited in claim 9, at least one of the processor or the memory being further configured to ascertain that on demand password services are active for the user account.

16. A non-transitory computer-readable storage medium storing thereon computer-readable instructions, comprising:
- instructions for detecting an attempt, by an application on a client device, to log in to a user account;
  
  instructions for determining whether the client device is a trusted device; and
  
  instructions for automatically generating and storing, by a server, an application password in association with the client device and the user account based, at least in part, upon whether the client device is a trusted device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable storage medium as recited in claim 16, wherein determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account or a recency with which the client device has previously logged in to the user account.
  - 18. The non-transitory computer-readable storage medium as recited in claim 16, wherein the determining whether the client device is a trusted device comprises:
    - obtaining device information associated with the client device, the device information including a device identifier of the client device and a location of the device;
      
      obtaining historical login information associated with the user account; and
      
      determining, from the historical login information and the device information, at least one of a number of times that the client device has previously logged in to the user account from the location or a recency with which the client device has previously logged in to the user account from the location.
  - 19. The non-transitory computer-readable storage medium as recited in claim 16, wherein detecting an attempt, by an application on a client device, to log in to a user account comprises receiving a user password, wherein determining whether the client device is a trusted device comprises:
    - determining whether the user password was a previously active password of the user account.
  - 20. The non-transitory computer-readable storage medium as recited in claim 16, wherein determining whether the client device is a trusted device comprises:
    - determining whether a push channel has been established for the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Yahoo! Inc. (Apollo Global Management, Inc.)
Inventors
Kremer, Assaf, Stoner, Chris

Granted Patent

US 10,447,692 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

AUTO-CREATION OF APPLICATION PASSWORDS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTO-CREATION OF APPLICATION PASSWORDS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links