Consumption control of protected cloud resources by open authentication-based applications in end user devices
US-9690925-B1 · Jun 27, 2017 · US
Account access recovery system, method and apparatus
US11522866B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11522866-B2 |
| Application number | US-202117308027-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 4, 2021 |
| Priority date | Jun 7, 2015 |
| Publication date | Dec 6, 2022 |
| Grant date | Dec 6, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: receiving, by an authentication server and from an electronic device, a reset request for a login credential of a user account, the reset request comprising a new login credential, an access recovery token, and an indication of at least one device for which a corresponding access continuation token should be invalidated; upon verifying the access recovery token: notifying at least one service to invalidate a service token previously generated for the user account; and invalidating the access continuation token corresponding to the at least one device, wherein invalidation of the access continuation token requires the at least one device to provide the new login credential to continue to access the at least one service; and providing, by the authentication server and to the electronic device, confirmation that the login credential has been reset to the new login credential. 2. The method of claim 1 , wherein the login credential comprises a password. 3. The method of claim 1 , wherein the access recovery token was previously provided by the authentication server to the electronic device. 4. The method of claim 3 , wherein verifying the access recovery token comprises: validating, by the authentication server, the received access recovery token by comparing the received access recovery token with the access recovery token previously provided to the electronic device. 5. The method of claim 1 , wherein notifying at least one service to invalidate a service token previously generated for the user account comprises notifying a separate service provider server to invalidate the service token previously generated for the user account. 6. The method of claim 1 , wherein the user account is associated with the electronic device, the at least one device, and another electronic device and the method further comprises: foregoing invalidating another access continuation token corresponding to the other electronic device. 7. The method of claim 1 , wherein providing, by the authentication server and to the electronic device, the confirmation that the login credential has been reset to the new login credential further comprises: providing, to the electronic device, a new login credential token that corresponds to the new login credential. 8. A device comprising: a memory; and at least one processor configured to: receive, from an electronic device, a reset request for a login credential of a user account, the reset request comprising a new login credential and an indication of at least one device for which a corresponding access continuation token should be invalidated; notify at least one service to invalidate a service token previously generated for the user account invalidate the access continuation token corresponding to the at least one device; and provide, to the electronic device, confirmation that the login credential has been reset to the new login credential. 9. The device of claim 8 , wherein invalidation of the access continuation token requires the at least one device to provide the new login credential to continue to access the at least one service. 10. The device of claim 8 , wherein the reset request comprises an access recovery token, and the at least one processor is further configured to: verify the access recovery token by comparing the access recovery token to another access recovery token previously provided to the electronic device. 11. The device of claim 8 , wherein the login credential comprises a password. 12. The device of claim 8 , wherein the user account is associated with the electronic device, the at least one device, and another electronic device and the at least one processor is further configured to: forego invalidating another access continuation token corresponding to the other electronic device. 13. The device of claim 8 , wherein the at least one processor is further configured to: provide, to the electronic device, a new login credential token that corresponds to the new login credential. 14. A non-transitory machine-readable medium comprises instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: receiving, by an authentication server and from an electronic device, a reset request for a login credential of a user account, the reset request comprising a new login credential, an access recovery token, and an indication of at least one device for which a corresponding access continuation token should be invalidated; upon verifying the access recovery token: notifying at least one service to invalidate a service token previously generated for the user account; and invalidating the access continuation token corresponding to the at least one device, wherein invalidation of the access continuation token requires the at least one device to provide the new login credential to continue to access the at least one service; and providing, by the authentication server and to the electronic device, confirmation that the login credential has been reset to the new login credential. 15. The non-transitory machine-readable medium of claim 14 , wherein the login credential comprises a password. 16. The non-transitory machine-readable medium of claim 14 , wherein the access recovery token was previously provided by the authentication server to the electronic device. 17. The non-transitory machine-readable medium of claim 16 , wherein verifying the access recovery token comprises: validating, by the authentication server, the received access recovery token by comparing the received access recovery token with the access recovery token previously provided to the electronic device. 18. The non-transitory machine-readable medium of claim 14 , wherein notifying at least one service to invalidate a service token previously generated for the user account comprises notifying a separate service provider server to invalidate the service token previously generated for the user account. 19. The non-transitory machine-readable medium of claim 14 , wherein the user account is associated with the electronic device, the at least one device, and another electronic device and the operations further comprise: foregoing invalidating another access continuation token corresponding to the other electronic device. 20. The non-transitory machine-readable medium of claim 14 , wherein providing, by the authentication server and to the electronic device, the confirmation that the login credential has been reset to the new login credential further comprises: providing, to the electronic device, a new login credential token that corresponds to the new login credential.
Assignees
Inventors
Classifications
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Lost password, e.g. recovery of lost or forgotten passwords · CPC title
Structures or tools for the administration of authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11522866B2 cover?
- Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 06 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).