Systems and methods for credential management between electronic devices

US 9,363,251 B2
Filed: 10/14/2013
Issued: 06/07/2016
Est. Priority Date: 10/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method on a first electronic device for enabling a user to access a secure website, the method comprising;

authenticating, using the first electronic device, a user of the first electronic device to a browser application using browser credentials corresponding to a browser account for the user of the first electronic device;

using the browser application that has been authenticated using the browser credentials corresponding to the browser account to detect navigation to a login page of the secure website, the secure website requiring user credentials for access thereto;

responsive to detecting navigation to the login page of the secure website, detecting a presence of a mobile device proximal to the first electronic device;

responsive to detecting the presence of the mobile device being proximal to the first electronic device, authenticating, by a hardware processor of the first electronic device, the first electronic device to the mobile device, wherein authenticating the first electronic device to the mobile device comprises;

establishing a secure channel between the first electronic device and the mobile device; and

performing an application layer authentication between the browser application executing on the first electronic device and a credential manager application executing on the mobile device by receiving cryptographic data that includes a cryptographic nonce from the mobile device, hashing the browser credentials with the cryptographic data using a hash function to produce a hashed value, and sending the hashed value to the mobile device, wherein the credential manager application authenticates the browser application using the hashed value;

responsive to authenticating the first electronic device to the mobile device, sending, to the mobile device via the secure channel, an identification of the secure website;

responsive to sending the identification of the secure website to the mobile device, receiving via the secure channel, from the credential manager application executing on the mobile device, user credentials based on the identification of the secure website; and

populating, without user input, the login page of the secure website with the received user credentials.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are provided for managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects (230) to a website server that hosts a secure website. The browser device initiates (236) a credential request and enters (238) a discovery routine with a mobile device. After establishing (240) a secure channel with the mobile device, the browser device sends (248) an identification of the secure website to the mobile device, which identifies (250) corresponding user credentials and sends (252) the user credentials to the browser device. The browser device populates (254) a login page with the user credentials and accesses (256) the secure website.

52 Citations

View as Search Results

13 Claims

1. A method on a first electronic device for enabling a user to access a secure website, the method comprising;
- authenticating, using the first electronic device, a user of the first electronic device to a browser application using browser credentials corresponding to a browser account for the user of the first electronic device;
  
  using the browser application that has been authenticated using the browser credentials corresponding to the browser account to detect navigation to a login page of the secure website, the secure website requiring user credentials for access thereto;
  
  responsive to detecting navigation to the login page of the secure website, detecting a presence of a mobile device proximal to the first electronic device;
  
  responsive to detecting the presence of the mobile device being proximal to the first electronic device, authenticating, by a hardware processor of the first electronic device, the first electronic device to the mobile device, wherein authenticating the first electronic device to the mobile device comprises;
  
  establishing a secure channel between the first electronic device and the mobile device; and
  
  performing an application layer authentication between the browser application executing on the first electronic device and a credential manager application executing on the mobile device by receiving cryptographic data that includes a cryptographic nonce from the mobile device, hashing the browser credentials with the cryptographic data using a hash function to produce a hashed value, and sending the hashed value to the mobile device, wherein the credential manager application authenticates the browser application using the hashed value;
  
  responsive to authenticating the first electronic device to the mobile device, sending, to the mobile device via the secure channel, an identification of the secure website;
  
  responsive to sending the identification of the secure website to the mobile device, receiving via the secure channel, from the credential manager application executing on the mobile device, user credentials based on the identification of the secure website; and
  
  populating, without user input, the login page of the secure website with the received user credentials.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein detecting the presence of the mobile device comprises:
    - receiving a request to retrieve the user credentials;
      
      responsive to receiving the request, transmitting a discovery signal to the mobile device; and
      
      receiving, from the mobile device, an acknowledgement signal acknowledging receipt of the discovery signal, wherein authentication of the first electronic device to the mobile device is in response to receiving the acknowledgement signal.
  - 3. The method of claim 2, wherein receiving the request to retrieve the user credentials comprises at least one of:
    - detecting a user selection of a credential requirement indicator associated with the login page of the secure website, andreceiving a user command to initiate communication with the mobile device.
  - 4. The method of claim 1, wherein detecting the presence of the mobile device comprises:
    - receiving a credential request from a server associated with the secure website;
      
      responsive to receiving the credential request, transmitting a discovery signal to the mobile device andreceiving, from the mobile device, an acknowledgement signal acknowledging receipt of the discovery signal, wherein authentication of the first electronic device to the mobile device is in response to receiving the acknowledgement signal.
  - 5. The method of claim 1, wherein detecting the presence of the mobile device proximal to the first electronic device comprises:
    - detecting the presence of the mobile device via a wireless communication.

6. A method in a first electronic device of providing user credentials for access to a secure website, the method comprising:
- detecting a presence of a mobile device proximal to the first electronic device. wherein the first electronic device is executing a credential manager application that stores user credentials required for access to a secure website in which a login page of the secure website has been navigated to using a browser application that is executing on the mobile device and wherein the browser application has been authenticated using browser credentials corresponding to a browser account for a user of the mobile device;
  
  responsive to detecting the presence of the mobile device being proximal to the first electronic device, authenticating, by a hardware processor of the first electronic device, the first electronic device to the mobile device, wherein authenticating the first electronic device to the mobile device comprises;
  
  establishing a secure channel between the first electronic device and the mobile device; and
  
  performing an application layer authentication between the browser application executing on the mobile device and the credential manager application executing on the first electronic by transmitting cryptographic data that includes a cryptographic nonce to the mobile device, receiving a hashed value that was produced by hashing the browser credentials with the cryptographic data using a hash function, and using the credential manager application to authenticate the browser application using the hashed value;
  
  responsive to authenticating the first electronic device to the mobile device, receiving, from the mobile device via the secure channel, an identification of the secure website;
  
  identifying, by the credential manager application of the first electronic device, the user credentials based on the identification of the secure website; and
  
  sending the user credentials to the mobile device via the secure channel, wherein the mobile device uses the user credentials with the browser application to access the secure website.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - authenticating the user to the credential manager application of the first electronic device.
  - 8. The method of claim 6, wherein the authenticating, by the hardware processor of the first electronic device, the first electronic device to the mobile device comprises:
    - authenticating the user of the browser application to the first electronic device.
  - 9. The method of claim 6, wherein detecting the presence of the mobile device comprises:
    - receiving a discovery signal from the mobile device; and
      
      sending an acknowledgement signal to the mobile device acknowledging receipt of the discovery signal, wherein authentication of the first electronic device to the mobile device is in response to receiving the acknowledgement signal.
  - 10. The method of claim 6, wherein detecting the presence of the mobile device proximal to the first electronic device comprises:
    - detecting the presence of the mobile device via a wireless communication.

11. An electronic device for enabling a user to access a secure website, comprising:
- a memory storing a browser application that has been authenticated using browser credentials corresponding to a browser account and that is configured to detect navigation to a login page of the secure website, the secure website requiring user credentials for access thereto;
  
  a transceiver that connects to a mobile device; and
  
  a hardware processor configured to interface with the memory and the transceiver, and to perform operations comprising;
  
  authenticating, using the electronic device, a user of the electronic device to the browser application using the browser credentials corresponding to the browser account for the user of the electronic device,responsive to the browser application detecting navigation to the login page of the secure website, detecting a presence of the mobile device proximal to the electronic device,responsive to detecting the presence of the mobile device being proximal to the electronic device, authenticating the electronic device to the mobile device, wherein authenticating the electronic device to the mobile device comprises;
  
  establishing a secure channel between the electronic device and the mobile device, andperforming an application layer authentication between the browser application executing on the electronic device and a credential manager application executing on the mobile device by receiving cryptographic data that includes a cryptographic nonce from the mobile device, hashing the browser credentials with the cryptographic data using a hash function to produce a hashed value, and sending the hashed value to the mobile device, wherein the credential manager application authenticates the browser application using the hashed value,responsive to authenticating the electronic device to the mobile device, causing a communication module to send, to the mobile device via the secure channel, an identification of the secure website,receiving, from the credential manager application executing on the mobile device via the secure channel, user credentials based on the identification of the secure website, andpopulating, without user input, the login page of the secure website with the received user credentials.
- View Dependent Claims (12, 13)
- - 12. The electronic device of claim 11, wherein the hardware processor detects the presence of the mobile device by:
    - receiving a request to retrieve the user credentials,responsive to receiving the request, transmitting a discovery signal to the mobile device; and
      
      receiving, from the mobile device, an acknowledgement signal acknowledging receipt of the discovery signal, wherein authentication of the electronic device to the mobile device is in response to receiving the acknowledgement signal.
  - 13. The electronic device of claim 11, wherein the hardware processor detects the presence of the mobile device by:
    - detecting the presence of the mobile device via a wireless communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Inventors
Morikuni, James, Hansen, Joseph M, Shu, Darren B
Primary Examiner(s)
Ho, Dao
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/052,892
Publication Number

US 20150096001A1
Time in Patent Office

967 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 67/02   based on web technology, e....

H04W 12/068   using credential vaults, e....

Systems and methods for credential management between electronic devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for credential management between electronic devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links