Reset and recovery of managed security credentials

US 9,660,982 B2
Filed: 08/17/2016
Issued: 05/23/2017
Est. Priority Date: 02/01/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by a client computing device, account data including a plurality of security credentials associated with a plurality of network sites for a user, the account data being stored in an encrypted form, wherein the plurality of security credentials satisfy a security credential specification;

obtaining, by the client computing device, a request for temporarily changing the account data, the request specifying a master security credential for accessing the account data;

resetting, by the client computing device, each of the plurality of security credentials to a single temporary security credential based on user input, wherein the single temporary security credential has an expiration period;

sending, by the client computing device, the account data including the plurality of security credentials to a server computing device;

after expiration of the expiration period, resetting, by the client computing device, the account data by changing the plurality of security credentials to a plurality of different security credentials based at least in part on the security credential specification; and

sending, by the client computing device, the account data including the plurality of different security credentials to the server computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.

148 Citations

20 Claims

1. A method comprising:
- storing, by a client computing device, account data including a plurality of security credentials associated with a plurality of network sites for a user, the account data being stored in an encrypted form, wherein the plurality of security credentials satisfy a security credential specification;
  
  obtaining, by the client computing device, a request for temporarily changing the account data, the request specifying a master security credential for accessing the account data;
  
  resetting, by the client computing device, each of the plurality of security credentials to a single temporary security credential based on user input, wherein the single temporary security credential has an expiration period;
  
  sending, by the client computing device, the account data including the plurality of security credentials to a server computing device;
  
  after expiration of the expiration period, resetting, by the client computing device, the account data by changing the plurality of security credentials to a plurality of different security credentials based at least in part on the security credential specification; and
  
  sending, by the client computing device, the account data including the plurality of different security credentials to the server computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising sending, by the client computing device, the account data including the plurality of security credentials to a portable client computing device for storage.
  - 3. The method of claim 1, wherein the security credential specification specifies a maximum length for a security credential.
  - 4. The method of claim 1, further comprising:
    - after obtaining the request for temporarily changing the account data, decrypting, by the client computing device, the account data based at least in part on the master security credential; and
      
      after resetting each of the plurality of security credentials to the single temporary security credential, encrypting, by the client computing device, the account data based at least in part on the master security credential.
  - 5. The method of claim 1, wherein the master security credential is encrypted to a secret key stored on the client computing device.
  - 6. The method of claim 1, further comprising copying the master security credential to a portable data store.
  - 7. The method of claim 1, wherein the master security credential is encrypted to a secret key stored on the client computing device, the method further comprising:
    - copying the master security credential to a portable data store; and
      
      recovering the master security credential at the client computing device by retrieving the master security credential from the portable data store and decrypting the master security credential using the secret key stored on the client computing device.
  - 8. The method of claim 1, further comprising resetting the master security credential to a newly generated credential.
  - 9. The method of claim 1, further comprising removing decrypted account data from the client computing device after termination of a current user session.
  - 10. The method of claim 1, wherein one of the plurality of security credentials for one of the plurality of network sites is shared with another user, the method comprising sending the one of the plurality of security credentials to a client computing device of the other user.

11. A system, comprising:
- a data store; and
  
  at least one computing device configured to at least;
  
  store account data including a plurality of security credentials associated with a plurality of network sites for a user at the data store, the account data being stored in an encrypted form, wherein the plurality of security credentials satisfy a security credential specification;
  
  obtain a request for temporarily changing the account data, the request specifying a master security credential for accessing the account data;
  
  reset each of the plurality of security credentials to a single temporary security credential based on user input, wherein the single temporary security credential has an expiration period;
  
  send the account data including the plurality of security credentials to a server computing device;
  
  after expiration of the expiration period, reset the account data within the data store by changing the plurality of security credentials to a plurality of different security credentials based at least in part on the security credential specification; and
  
  send the account data including the plurality of different security credentials to the server computing device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the at least one computing device is configured to at least send the account data including the plurality of security credentials to a portable client computing device.
  - 13. The system of claim 11, wherein the security credential specification specifies a character set eligible to be used for a security credential.
  - 14. The system of claim 11, wherein the at least one computing device is configured to at least:
    - after obtaining the request for temporarily changing the account data, decrypt the account data based at least in part on the master security credential; and
      
      after resetting each of the plurality of security credentials to the single temporary security credential, encrypt the account data based at least in part on the master security credential.
  - 15. The system of claim 11, wherein the master security credential is encrypted to a secret key stored on the at least one computing device.
  - 16. The system of claim 15, wherein the at least one computing device is configured to at least copy the master security credential to a portable data store.
  - 17. The system of claim 16, wherein the at least one computing device is configured to at least recover the master security credential at the at least one computing device by retrieving the master security credential from the portable data store and decrypting the master security credential using the secret key stored on the at least one computing device.

18. A method comprising:
- storing, by a server computing device, account data including a plurality of security credentials associated with a plurality of network sites for a user, the account data being stored in an encrypted form, wherein the plurality of security credentials satisfy a security credential specification;
  
  obtaining, by the server computing device, a request for temporarily changing the account data from a client, the request specifying a master security credential for accessing the account data;
  
  resetting, by the server computing device, each of the plurality of security credentials to a single temporary security credential based on user input, wherein the single temporary security credential has an expiration period;
  
  sending the account data including the plurality of security credentials to the client;
  
  after expiration of the expiration period, resetting the account data by changing the plurality of security credentials to a plurality of different security credentials based at least in part on the security credential specification; and
  
  sending the account data including the plurality of security credentials to the client.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the security credential specification specifies a minimum length for a security credential.
  - 20. The method of claim 18, wherein the master security credential is encrypted to a secret key stored on the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hitchcock, Daniel W., Campbell, Brad Lee
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US15/239,475
Publication Number

US 20160359841A1
Time in Patent Office

279 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/41   where a single sign-on prov...

G06F 21/45   Structures or tools for the...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

Reset and recovery of managed security credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reset and recovery of managed security credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links