US2021073373A1PendingUtilityA1

Automating password change management

60
Assignee: LOGMEIN INCPriority: Jun 30, 2016Filed: Sep 22, 2020Published: Mar 11, 2021
Est. expiryJun 30, 2036(~10 yrs left)· nominal 20-yr term from priority
Inventors:Joseph Siegrist
G06F 2221/2131H04W 12/068G06F 21/46H04L 2463/062H04L 63/083G06F 21/604H04L 63/0846H04L 63/062H04W 12/0608
60
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A password management service provides automated password management. In one embodiment, a method for automating password changes begins in response to a determination that automated password changes are authorized. In response, a data mining session is initiated. Within the data mining session, a set of third party applications or sites are identified. Then, and responsive to receipt of a password reset flow authorization, a password reset flow to one or more of the third party applications or sites is initiated by the service. Thereafter, and still within the data mining session, and for each of the one or more third party applications or sites, a determination is made whether a password reset confirmation link has been received by the service. In response to a determination that a password reset confirmation link has been received for a given third party application or site, the service uses the password reset confirmation link to perform an automated password reset and thereby obtain a new user password for the application or site.

Claims

exact text as granted — not AI-modified
Having described my invention, what I claim is as follows: 
     
         1 . A method to automate password changes in a password management service, comprising:
 responsive to a determination that automated password changes are authorized, initiating a data mining session;   within the data mining session, identifying a set of third party applications or sites;   responsive to receipt of a password reset flow authorization, automatically initiating a password reset flow to one or more of the third party applications or sites;   within the data mining session, and for each of the one or more third party applications or sites, determining whether a password reset confirmation link has been received; and   responsive to a determination that a password reset confirmation link has been received for a given third party application or site, using the password reset confirmation link to perform an automated password reset and thereby obtain a new user password.   
     
     
         2 . The method as described in  claim 1  wherein the set of third party applications or sites are identified from one of: a user e-mail in-box, a browser history, and a list of common or popular third party applications or sites. 
     
     
         3 . The method as described in  claim 1  wherein a data mining session is initiated with at least one email provider associated with the user. 
     
     
         4 . The method as described in  claim 1  wherein the password reset confirmation link is provided to a browser plug-in or add-on to facilitate the automated password reset from the browser plug-in or add-on. 
     
     
         5 . The method as described in  claim 1  further including storing the new user passwords in a password management vault associated with the user. 
     
     
         6 . The method as described in  claim 1  further including:
 exposing at least one third party application or site to a user as a potential candidate for password reset; and 
 receiving the password reset flow authorization from the user. 
 
     
     
         7 . The method as described in  claim 6  further including closing the data mining session upon completing of the automated password reset for each of the third party application or sites for which the user has provided a password reset flow authorization. 
     
     
         8 . The method as described in  claim 6  wherein the third party application or site is exposed to the user as it is discovered during the data mining session. 
     
     
         9 . The method as described in  claim 5  further including storing the password management vault as an encrypted blob at the password management service. 
     
     
         10 . The method as described in  claim 1  wherein the user is a mobile device user. 
     
     
         11 . Apparatus, comprising:
 a hardware processor;   computer memory holding computer program instructions to provide automated password management, the computer program instructions operative:
 in response to a determination that automated password changes are authorized, to initiate a data mining session; 
 within the data mining session, to identify a set of third party applications or sites; 
 in response to receipt of a password reset flow authorization, to initiate a password reset flow to one or more of the third party applications or sites; within the data mining session, and for each of the one or more third party applications or sites, to determine whether a password reset confirmation link has been received; and 
 in response to a determination that a password reset confirmation link has been received for a given third party application or site, to obtain a new user password for the application or site using the password reset confirmation link to perform an automated password reset. 
   
     
     
         12 . The apparatus as described in  claim 11  wherein the set of third party applications or sites are identified from one of: a user e-mail in-box, a browser history, and a list of common or popular third party applications or sites. 
     
     
         13 . The apparatus as described in  claim 11  wherein a data mining session is initiated with at least one email provider associated with the user. 
     
     
         14 . The apparatus as described in  claim 11  wherein the computer program instructions are further operative to provide the password reset confirmation link to a browser plug-in or add-on to facilitate the automated password reset from the browser plug-in or add-on. 
     
     
         15 . The apparatus as described in  claim 11  wherein the computer program instructions are further operative to store the new user passwords in a password management vault associated with the user. 
     
     
         16 . The method as described in  claim 11  wherein the computer program instructions are further operative to:
 expose at least one third party application or site to a user as a potential candidate for password reset; and 
 receive the password reset flow authorization from the user. 
 
     
     
         17 . The apparatus as described in  claim 16  wherein the computer program instructions are further operative to close the data mining session upon completing of the automated password reset for each of the third party application or sites for which the user has provided a password reset flow authorization. 
     
     
         18 . The apparatus as described in  claim 16  wherein the third party application or site is exposed to the user as it is discovered during the data mining session. 
     
     
         19 . The apparatus as described in  claim 15  wherein the computer program instructions are operative to store the password management vault as an encrypted blob. 
     
     
         20 . Software-as-a-service system for password change management, comprising:
 a network-accessible cloud service having a data repository; and   a browser plug-in or add-in configured to be executed in an end user computing system distinct from the network-accessible cloud service;   the network-accessible cloud service operative in response to a determination that automated password changes are authorized:
 to initiate a data mining session; 
 within the data mining session, to identify a set of third party applications or sites; 
 in response to receipt of a password receipt flow authorization, to initiate a password reset flow to one or more of the third party applications or sites; 
 within the data mining session, and for each of the one or more third party applications or sites, to determine whether a password reset confirmation link has been received; and 
 in response to a determination that a password reset confirmation link has been received for a given third party application or site, providing the password reset confirmation link to the browser plug-in or add-in. 
   
     
     
         21 . The system as described in  claim 20  wherein the browser plug-in or add-in uses the password reset confirmation link to obtain a new user password for the application or site. 
     
     
         22 . The system as described in  claim 20  wherein the data repository stores passwords of a user, the passwords being stored as an encrypted blob.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.