Credential Management System and Method
First Claim
Patent Images
1. A method for authenticating a user to a third party website, comprising:
- storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website;
receiving at least one first vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential;
determining that the risk that the user is not authentic is greater than a given threshold;
based upon the determination that the risk that the user is not authentic is greater than a given threshold, requesting from the client at least one second vault credential that is distinct from the first vault credential;
authenticating the second vault credential;
receiving from the client a request for at least one website credential for authenticating the user to a third party website;
retrieving the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault; and
sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website.
5 Assignments
0 Petitions
Accused Products
Abstract
A centralized credential management system. Website credentials are stored at a vault storing at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.
101 Citations
12 Claims
-
1. A method for authenticating a user to a third party website, comprising:
-
storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website; receiving at least one first vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential; determining that the risk that the user is not authentic is greater than a given threshold; based upon the determination that the risk that the user is not authentic is greater than a given threshold, requesting from the client at least one second vault credential that is distinct from the first vault credential; authenticating the second vault credential; receiving from the client a request for at least one website credential for authenticating the user to a third party website; retrieving the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault; and sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website. - View Dependent Claims (2, 3, 4)
-
-
5. A method for authenticating a user to a third party website, comprising:
-
storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website; receiving at least one vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential; receiving from the client a request for at least one website credential for authenticating to a third party website; retrieving the requested at least one encrypted website credential; and sending to the client the requested at least one encrypted website credential and at least one parameter for matching decrypted credentials to at least one form field in an authentication page of the third party website. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for authenticating a user to a third party website, comprising:
-
storing at a vault at least one website credential that is encrypted based upon a key not available to the vault, wherein the website credential is for authenticating the user to a third party website; receiving at least one vault credential from a client to authenticate the user with respect to a vault account that corresponds to at least one website credential; receiving from the client a request for at least one website credential for authenticating to a third party website; retrieving the requested at least one encrypted website credential; and sending to the client the requested at least one encrypted website credential and code for injecting decrypted website credentials into an authentication page of the third party website. - View Dependent Claims (11)
-
-
12. A method for authenticating, comprising:
-
receiving at a client an indication to provide a credential for authenticating the person to a third party; sending to a vault at least one initial credential from a user to authenticate the user as a person associated with a vault account that corresponds to a set of credentials stored at the vault for authenticating the person to third parties; sending to the vault a request for at least one credential for authenticating to a third party website; receiving from the vault the requested at least one credential, wherein the at least one credential is encrypted based upon a key not available to the vault; receiving from the vault executable code for injecting the decrypted credentials into an authentication page;
orreceiving from the vault at least one parameter for matching decrypted credentials to form fields in the authentication page of the third party website; decrypting at the client the at least one credential; and sending the decrypted credential to the third party website to authenticate the user to the website.
-
Specification