Methods for Single Signon (SSO) Using Decentralized Password and Credential Management
First Claim
1. A method for decentralized single sign-on to a plurality of websites via instructions executed by a user computer browser, the method comprising the steps of:
- Establishing a browsing session with a website;
Determining if the user has previously registered with a login server;
If the user has not already registered with the login server;
Causing the browser to establish a secure communication channel with the login server;
Receiving a username and password from the user;
Encrypting the password and providing it to the login server upon registration (to be stored for future validation);
Receiving a password-encrypted one-time random number from the login server;
Obtaining user credentials and other user information entered into the browser;
Locally encrypting the user credentials and other user information on the browser with the password-encrypted one-time random number; and
Sending the encrypted user credential(s) and other information to the login server to be stored by one or more storage locations;
However, if the user has already registered with the login server;
Determining whether the user is currently logged in to the login server;
If the user is not logged in to the login server;
Causing the browser to establish a secure communication channel with the login server;
Acquiring the password from the user;
Locally encrypting the password on the browser upon login;
Requesting validation of the user'"'"'s encrypted password from the login server;
If validated, receiving stored encrypted user credentials and/or other user information from the one or more storage locations;
Decrypting the stored credentials and/or other user information with the password to reveal the one-time random number;
Using the one-time random number to decrypt the user credentials and/or other user information;
Determining whether user information exists for the current website; and
If user information for the current website exists, further decrypting any user credentials related to the website and providing the credentials to the website to automatically log the user into the website;
However, if the user is logged in to the login server;
Determining whether user information exists for the current website; and
If user information exists, further decrypting any user credentials related to the website and providing the credentials to the website to automatically log the user into the website;
Wherein all encryption and decryption of the user'"'"'s password and credentials are performed locally by the browser on the user computer.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for single sign-on (SSO) that provides decentralized credential management using end-to-end security. Credential (and other personal user information) management is decentralized in that encryption is performed locally on the user'"'"'s computer. The user'"'"'s encrypted credentials may be stored by the login server and/or a plurality of distributed servers/databases (such as a cloud). The login server never has access to the user'"'"'s credentials or other personal information. When the user wants to use single sign-on, he enters his password into his browser and the browser submits the encrypted/hashed password to the login server for validation. Upon validation, the browser receives the user'"'"'s encrypted credentials. The credentials are decrypted by the browser and provided to relevant websites to automatically log the user in.
-
Citations
20 Claims
-
1. A method for decentralized single sign-on to a plurality of websites via instructions executed by a user computer browser, the method comprising the steps of:
-
Establishing a browsing session with a website; Determining if the user has previously registered with a login server; If the user has not already registered with the login server; Causing the browser to establish a secure communication channel with the login server; Receiving a username and password from the user; Encrypting the password and providing it to the login server upon registration (to be stored for future validation); Receiving a password-encrypted one-time random number from the login server; Obtaining user credentials and other user information entered into the browser; Locally encrypting the user credentials and other user information on the browser with the password-encrypted one-time random number; and Sending the encrypted user credential(s) and other information to the login server to be stored by one or more storage locations; However, if the user has already registered with the login server; Determining whether the user is currently logged in to the login server; If the user is not logged in to the login server; Causing the browser to establish a secure communication channel with the login server; Acquiring the password from the user; Locally encrypting the password on the browser upon login; Requesting validation of the user'"'"'s encrypted password from the login server; If validated, receiving stored encrypted user credentials and/or other user information from the one or more storage locations; Decrypting the stored credentials and/or other user information with the password to reveal the one-time random number; Using the one-time random number to decrypt the user credentials and/or other user information; Determining whether user information exists for the current website; and If user information for the current website exists, further decrypting any user credentials related to the website and providing the credentials to the website to automatically log the user into the website; However, if the user is logged in to the login server; Determining whether user information exists for the current website; and If user information exists, further decrypting any user credentials related to the website and providing the credentials to the website to automatically log the user into the website; Wherein all encryption and decryption of the user'"'"'s password and credentials are performed locally by the browser on the user computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for decentralized single sign-on to a plurality of websites via instructions executed by a user computer browser, the method comprising the steps of:
-
Establishing a browsing session with a login server website; Determining if the user has previously registered with the login server; If the user has not already registered; Establishing a secure communication channel with the login server website; Receiving a password from the user and locally encrypting the password on the browser; Sending the encrypted password to the login server for future validation; Receiving a one-time random number from the login server encrypted with the encrypted password; Obtaining user credentials and other user information entered into the browser; Locally encrypting the user credentials and other user information on the browser with the encrypted one-time random number; Sending the encrypted user credentials and other user information to one or more storage locations; However, if the user has already registered with the login server; Determining whether the user is already logged in to the login server; If the user is not logged in; Establishing a secure communication channel with the login server; Acquiring the password from the user; Locally encrypting the password on the browser; Requesting validation of the user'"'"'s encrypted password from the login server; If validated, obtaining any encrypted user credentials and other user information from the login server; Locally decrypting the obtained user credentials and other user information on the browser; Obtaining a website selection from the user; Determining whether user credentials exist for the selected website; and If user credentials for the selected website exist, providing the credentials to the website to automatically log the user into the website; However, if the user is logged in; Obtaining a website selection from the user; Determining whether user credentials exist for the selected website; and If credentials for the selected website exist, providing the information to the website to automatically log the user into the website; Wherein all encryption and decryption of the user'"'"'s credentials are performed locally by the browser on the user computer. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for website content management, the method comprising the steps of:
-
Establishing a secure communication channel with a login server; Receiving a request for content from a user; Validating the user via the login server; Sending a link to the user; and Automatically providing authorized content to the user upon selection of the link; Wherein validating the user via the login server includes at least; Acquiring a hashed password from the user and comparing the hashed password with a previously received hashed password.
-
Specification