MANAGING SECURITY CREDENTIALS

US 20180026968A1
Filed: 08/17/2017
Published: 01/25/2018
Est. Priority Date: 07/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a computing device; and

a first application executing on the at least one computing device, wherein, when executed, the first application causes the computing device to at least;

transmit a plurality of existing security credentials associated with a plurality of network sites to a remote computing device, the plurality of existing security credentials being associated with a particular user account, and the plurality of existing security credentials being managed and stored on the remote computing device via a second application;

obtain network content associated with a particular network site in response to a request from a user;

transmit a master security credential and at least one answer to at least one question to the remote computing device to authenticate a connection with the second application being executed on the remote computing device;

receive a particular security credential from the remote computing device in response to authenticating the connection; and

automatically establish access to the network content according to the particular security credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for managing security credentials. In one embodiment, network content for a network site is obtained in response to a user request. A connection with a remote computing device that stores and manages security credentials for accessing network sites is authenticated using a master security credential and answers to knowledge-based questions. A security credential associated with the network site is provided to the client from the remote computing device based at least in part on the answers. Access to the network site is authenticated according to the security credential.

Citations

20 Claims

1. A system, comprising:
- a computing device; and
  
  a first application executing on the at least one computing device, wherein, when executed, the first application causes the computing device to at least;
  
  transmit a plurality of existing security credentials associated with a plurality of network sites to a remote computing device, the plurality of existing security credentials being associated with a particular user account, and the plurality of existing security credentials being managed and stored on the remote computing device via a second application;
  
  obtain network content associated with a particular network site in response to a request from a user;
  
  transmit a master security credential and at least one answer to at least one question to the remote computing device to authenticate a connection with the second application being executed on the remote computing device;
  
  receive a particular security credential from the remote computing device in response to authenticating the connection; and
  
  automatically establish access to the network content according to the particular security credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the connection is authenticated in response to a determination that the master security credential is valid and a score associated with the at least one answer meeting or exceeding a predefined threshold.
  - 3. The system of claim 2, wherein the score is based at least in part on assigning individual answers of the at least one answer a respective different weight based at least in part on the at least one question.
  - 4. The system of claim 1, wherein, when executed, the first application further causes the computing device to at least determine that access to the network content requires authentication based at least in part on at least one of:
    - a configuration file, a user input, or an authentication form.
  - 5. The system of claim 1, wherein, when executed, the first application further causes the computing device to at least identify an authentication point defined for the particular network site, wherein automatically establishing access to the network content occurs at the authentication point.
  - 6. The system of claim 1, wherein, when executed, the first application further causes the computing device to at least:
    - determine that the network site is unverified;
      
      generate a notification including a warning to present to the user that the network site is unverified; and
      
      render the notification via a display.
  - 7. The system of claim 1, wherein the first application comprises a browser plugin.

8. A method, comprising:
- obtaining, via a first computing device, network content associated with a network site in response to a user request;
  
  determining, via the first computing device, that the network site requires authentication;
  
  authenticating, via the first computing device, a connection with an application executing on a second computing device with respect to a user account based at least in part on a master security credential associated with the user account and an authentication score, the application being configured to store and manage a plurality of security credentials associated with the user account; and
  
  automatically establishing access to a network site according to a particular security credential received from the second computing device in response to authenticating the connection.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - causing to render, via the first computing device, a plurality of questions received from the second computing device; and
      
      transmitting, via the first computing device, a plurality of answers corresponding to the plurality of questions to the second computing device, the plurality of answers being provided by a user.
  - 10. The method of claim 9, wherein the authentication score is based at least in part on the plurality of answers and individual answers of the plurality of answers being assigned a respective different weight.
  - 11. The method of claim 10, wherein the connection is authenticated in response to the master security credential being valid and the authentication score meeting or exceeding a predefined threshold.
  - 12. The method of claim 8, further comprising:
    - determining, via the first computing device, that the particular security credential to the access the network site fails to exist for the user account;
      
      sending, via the first computing device, a request to the second computing device to generate the particular security credential for the user account; and
      
      receiving, via the first computing device, the particular security credential from the second computing device.
  - 13. The method of claim 12, wherein the request comprises a security credential specification received from the network site, the particular security credential being generated by the application according to the security credential specification.
  - 14. The method of claim 8, wherein determining that the network site requires authentication is based at least in part on at least one of:
    - a configuration file, a user input, or an authentication form.
  - 15. The method of claim 8, further comprising:
    - receiving, via the first computing device, a plurality of security credentials associated with the user account; and
      
      selecting, via the first computing device, the particular security credential of the plurality of security credentials, the particular security credential being associated with the network site.

16. A non-transitory computer-readable medium embodying a program executable in a first computing device, wherein, when executed, the program causes the first computing device to at least:
- receive a request for network content associated with a network site in response to a user request;
  
  obtain the network content from the network site;
  
  authenticate a connection to a remote application executing on a second computing device based at least in part on a master security credential associated with a user account and at least one answer to at least one question received from the second computing device and provided by a user;
  
  receive a particular security credential from the second computing device in response to authenticating the connection, the particular security credential corresponding to the network site and being unique to the user account; and
  
  authenticate access to the network site for the user account using the particular security credential.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the connection is authenticated in response to a determination that the master security credential is valid and a score associated with at least one answer meeting or exceeding a predefined threshold.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the score is based at least in part on assigning individual answers a respective different weight.
  - 19. The non-transitory computer-readable medium of claim 16, wherein, when executed, the program causes the first computing device to at least verify the network site based at least in part on an examination of a domain name and a trusted certificate associated with the network content.
  - 20. The non-transitory computer-readable medium of claim 16, wherein the first computing device is a client device and the second computing device is a remote computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Canavor, Darren Ernest, Johansson, Jesper Mikael

Granted Patent

US 10,362,019 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

MANAGING SECURITY CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING SECURITY CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links