Systems and methods for signaling an attack on contactless cards
US-12081582-B2 · Sep 3, 2024 · US
Automatic token renewal for device authentication
US9608974B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9608974-B2 |
| Application number | US-201514629372-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 23, 2015 |
| Priority date | Mar 14, 2013 |
| Publication date | Mar 28, 2017 |
| Grant date | Mar 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user's token might have been stolen.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: under control of one or more computer systems configured with executable instructions, receiving an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token; determining that the first token is expired; determining that the first token matches a second token that is stored in persistent storage; determining that the second token is outside of a renewal window for the computing device; issuing a new token to be used by the computing device; storing the new token in the persistent storage as an unconfirmed new token; receiving a confirmation of the unconfirmed new token; and storing data indicating the unconfirmed new token is a confirmed new token. 2. The computer-implemented method of claim 1 further comprising: determining that the account associated with the computing device is no longer active with the provider environment; denying the authentication request; and deleting all tokens associated with the computing device registered with the provider environment. 3. The computer-implemented method of claim 1 further comprising: determining that the account associated with the computing device is no longer active with the provider environment; denying the authentication request; de-registering the computing device from the provider environment; and returning an indication of a failed authentication to the computing device. 4. A computer-implemented method, comprising: under control of one or more computer systems configured with executable instructions, receiving an authentication request from an account associated with a computing device used in a provider environment, the authentication request including a first token; determining that the first token is expired; determining that the first token matches a second token that is stored in persistent storage; determining that the second token is within a renewal window for the computing device; determining that the account associated with the computing device is an active account; issuing a new token to be used by the computing device in the provider environment; storing the new token in the persistent storage as an unconfirmed new token; receiving a confirmation of the unconfirmed new token; and storing data indicating the unconfirmed new token is a confirmed new token. 5. The computer-implemented method of claim 4 further comprising: storing data indicating the new token is the unconfirmed token; and sending the new token to the computing device. 6. The computer-implemented method of claim 4 further comprising: determining that the account associated with the computing device is no longer active with the provider environment; deleting all tokens associated with the computing device; and de-registering the computing device from the provider environment. 7. The computer-implemented method of claim 4 further comprising: determining that a third token is stored in persistent storage and has not been confirmed by the computing device; and determining that the third token has expired. 8. The computer-implemented method of claim 4 , further comprising: subsequent to determining that the second token is within a renewal window for the computing device, determining that the second token is outside the renewal window for the computing device; and denying the authentication request. 9. A computing system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to: receive an authentication request from an account associated with a computing device registered with a provider environment, the authentication request including a first token; determine that the first token is expired; determine that the first token matches a second token that is stored in persistent storage; and determine that the second token is outside of a renewal window for the computing device; issuing a new token to be used by the computing device; storing the new token in the persistent storage as an unconfirmed new token; receive a confirmation of the unconfirmed new token; and store data indicating the unconfirmed new token is a confirmed new token. 10. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to: determine that the account associated with the computing device is no longer active with the provider environment; delete all tokens associated with the computing device registered to the provider environment; de-register the computing device from the provider environment; and return an indication of faded authentication to the computing device. 11. The computing system of claim 9 wherein the instructions, when executed, cause the computing device to: determine that the second token is within the renewal window; and authorize the authentication request. 12. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to: determine that an account associated with the computing device is an active account. 13. The computing system of claim 9 wherein the instructions, when executed, further cause the computing system to: determine that the account associated with the computing device is not an active account with the provider environment; delete all tokens associated with the computing device; and de-register the computing device from the provider environment.
Assignees
Inventors
Classifications
- H04L63/0846Primary
using time-dependent-passwords, e.g. periodically changing passwords · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9608974B2 cover?
- Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or kee…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0846. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).