Credential Management System and Method

US 20100037046A1
Filed: 08/06/2008
Published: 02/11/2010
Est. Priority Date: 08/06/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user to a third party website, comprising:

storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website;

receiving at least one first vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential;

determining that the risk that the user is not authentic is greater than a given threshold;

based upon the determination that the risk that the user is not authentic is greater than a given threshold, requesting from the client at least one second vault credential that is distinct from the first vault credential;

authenticating the second vault credential;

receiving from the client a request for at least one website credential for authenticating the user to a third party website;

retrieving the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault; and

sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized credential management system. Website credentials are stored at a vault storing at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

101 Citations

View as Search Results

12 Claims

1. A method for authenticating a user to a third party website, comprising:
- storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website;
  
  receiving at least one first vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential;
  
  determining that the risk that the user is not authentic is greater than a given threshold;
  
  based upon the determination that the risk that the user is not authentic is greater than a given threshold, requesting from the client at least one second vault credential that is distinct from the first vault credential;
  
  authenticating the second vault credential;
  
  receiving from the client a request for at least one website credential for authenticating the user to a third party website;
  
  retrieving the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault; and
  
  sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the requesting from the client at least one second vault credential comprises requesting from the client a One Time Password.
  - 3. The method of claim 1, wherein the requesting from the client at least one second vault credential comprises sending to the client a challenge question and requesting from the client a response based upon the challenge question.
  - 4. The method of claim 1, further comprising sending to the client code for injecting decrypted website credentials into an authentication page of the third party website.

5. A method for authenticating a user to a third party website, comprising:
- storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website;
  
  receiving at least one vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential;
  
  receiving from the client a request for at least one website credential for authenticating to a third party website;
  
  retrieving the requested at least one encrypted website credential; and
  
  sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, wherein the at least one initial credential includes a username and a password.
  - 7. The method of claim 5, further comprising:
    - determining that the risk that the user is not authentic is greater than a given threshold;
      
      requesting an additional credential;
      
      authenticating the additional credential, wherein the at least one encrypted website credential and at least one parameter are sent to the client only if the additional credential is successfully authenticated.
  - 8. The method of claim 7, wherein the requesting an additional credential comprises requesting the name of the internet service provider of the user from a third party.
  - 9. The method of claim 7, wherein the requesting an additional credential comprises requesting a one-time password from the client and further comprising sending the one-time password to a networked resource to be verified, receiving the results of the verification and wherein the at least one encrypted website credential and at least one parameter are sent to the client only if the one-time password is successfully authenticated.

10. A method for authenticating a user to a third party website, comprising:
- storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website;
  
  receiving at least one vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential;
  
  receiving from the client a request for at least one website credential for authenticating to a third party website;
  
  retrieving the requested at least one encrypted website credential; and
  
  sending to the client the requested at least one encrypted website credential and code for injecting decrypted website credentials into an authentication page of the third party website.
- View Dependent Claims (11)
- - 11. The method of claim 10, where determining that the risk that the user is not the person associated with a vault account is greater than a given threshold includes using a different threshold for requests for credentials associated with different websites.

12. A method for authenticating, comprising:
- receiving at a client an indication to provide a credential for authenticating the person to a third party;
  
  sending to a vault at least one initial credential from a user to authenticate the user as a person associated with a vault account that corresponds to a set of credentials stored at the vault for authenticating the person to third parties;
  
  sending to the vault a request for at least one credential for authenticating to a third party website;
  
  receiving from the vault the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault;
  
  receiving from the vault executable code for injecting the decrypted credentials into an authentication page;
  
  orreceiving from the vault at least one parameter for matching decrypted credentials to form fields in the authentication page of the third party website;
  
  decrypting at the client the at least one credential; and
  
  sending the decrypted credential to the third party website to authenticate the user to the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
VeriSign, Inc.
Inventors
Krall, Gary, Popp, Nicolas, Ferg, Barry, M'Raihi, David

Granted Patent

US 8,438,382 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

Credential Management System and Method

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Credential Management System and Method

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links