Systems and methods for credential management between electronic devices

US 9,729,547 B2
Filed: 05/03/2016
Issued: 08/08/2017
Est. Priority Date: 10/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for accessing a secure website, comprising:

causing a user interface to receive browser credentials for a user account associated with a browser application for logging in to the browser application executing on a first user device to be presented by the browser application;

authenticating, using the first user device, a user of the first user device to the browser application on the first user device using the browser credentials received via the user interface corresponding to a browser account for the user of the first user device;

detecting, using the browser application, navigation to a login page of a secure website that requires user credentials for access thereto;

detecting a presence of a mobile device proximal to the first user device using a device discovery protocol, wherein a first version of the browser credentials are stored on the mobile device;

in response to detecting the presence of the mobile device proximal to the first user device, performing an application layer authentication between the browser application executing on the first user device and a credential manager application executing on the mobile device via a secure channel between the first user device and the mobile device by comparing a second version of the browser credentials generated by the first user device with the first version of the browser credentials stored on the mobile device;

in response to authenticating the browser application executing on the first user device to the credential manager application executing on the mobile device, transmitting, to the mobile device via the secure channel, an identification of the secure website;

receiving, from the mobile device via the secure channel, user credentials corresponding to the secure website, wherein the user credentials are encrypted using a session key established in association with the application layer authentication; and

populating, without user input, the login page of the secure website on the first user device with the received user credentials.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are provided for managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects (230) to a website server that hosts a secure website. The browser device initiates (236) a credential request and enters (238) a discovery routine with a mobile device. After establishing (240) a secure channel with the mobile device, the browser device sends (248) an identification of the secure website to the mobile device, which identifies (250) corresponding user credentials and sends (252) the user credentials to the browser device. The browser device populates (254) a login page with the user credentials and accesses (256) the secure website.

Citations

18 Claims

1. A method for accessing a secure website, comprising:
- causing a user interface to receive browser credentials for a user account associated with a browser application for logging in to the browser application executing on a first user device to be presented by the browser application;
  
  authenticating, using the first user device, a user of the first user device to the browser application on the first user device using the browser credentials received via the user interface corresponding to a browser account for the user of the first user device;
  
  detecting, using the browser application, navigation to a login page of a secure website that requires user credentials for access thereto;
  
  detecting a presence of a mobile device proximal to the first user device using a device discovery protocol, wherein a first version of the browser credentials are stored on the mobile device;
  
  in response to detecting the presence of the mobile device proximal to the first user device, performing an application layer authentication between the browser application executing on the first user device and a credential manager application executing on the mobile device via a secure channel between the first user device and the mobile device by comparing a second version of the browser credentials generated by the first user device with the first version of the browser credentials stored on the mobile device;
  
  in response to authenticating the browser application executing on the first user device to the credential manager application executing on the mobile device, transmitting, to the mobile device via the secure channel, an identification of the secure website;
  
  receiving, from the mobile device via the secure channel, user credentials corresponding to the secure website, wherein the user credentials are encrypted using a session key established in association with the application layer authentication; and
  
  populating, without user input, the login page of the secure website on the first user device with the received user credentials.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the detecting the presence of the mobile device proximal to the first user device is in response to the detecting navigation to the login page of the secure website.
  - 3. The method of claim 1, wherein the detecting the presence of the mobile device proximal to the first user device is in response to selection, by the user of the first user device, of a credentials requirement indicator presented on the login page of the secure website.
  - 4. The method of claim 1, wherein the user credentials are stored in a credential vault on the mobile device.
  - 5. The method of claim 1, wherein populating the login page of the secure website with the received user credentials comprises populating the login page with masked characters representing the received user credentials.
  - 6. The method of claim 1, wherein the identification of the secure website is in response to performing the application layer authentication.

7. A system for accessing a secure website, the system comprising:
- a hardware processor that is programmed to;
  
  cause a user interface to receive browser credentials for a user account associated with a browser application for logging in to the browser application executing on a first user device to be presented by the browser application;
  
  authenticate, using the first user device, a user of the first user device to the browser application on the first user device using the browser credentials received via the user interface corresponding to a browser account for the user of the first user device;
  
  detect, using the browser application, navigation to a login page of a secure website that requires user credentials for access thereto;
  
  detect a presence of a mobile device proximal to the first user device using a device discovery protocol, wherein a first version of the browser credentials are stored on the mobile device;
  
  in response to detecting the presence of the mobile device proximal to the first user device, performing an application layer authentication between the browser application executing on the first user device and a credential manager application executing on the mobile device via a secure channel between the first user device and the mobile device by comparing a second version of the browser credentials generated by the first user device with the first version of the browser credentials stored on the mobile device;
  
  in response to authenticating the browser application executing on the first user device to the credential manager application executing on the mobile device, an identification of the secure website;
  
  receive, from the mobile device via the secure channel, user credentials corresponding to the secure website, wherein the user credentials are encrypted using a session key established in association with the application layer authentication; and
  
  populate, without user input, the login page of the secure website on the first user device with the received user credentials.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the detecting the presence of the mobile device proximal to the first user device is in response to the detecting navigation to the login page of the secure website.
  - 9. The system of claim 8, wherein the detecting the presence of the mobile device proximal to the first user device is in response to selection, by the user of the first user device, of a credentials requirement indicator presented on the login page of the secure website.
  - 10. The system of claim 7, wherein the user credentials are stored in a credential vault on the mobile device.
  - 11. The system of claim 7, wherein the hardware processor is further programmed to populate the login page with masked characters representing the received user credentials.
  - 12. The system of claim 7, wherein the identification of the secure website is in response to performing the application layer authentication.

13. A non-transitory, computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for accessing a secure website, comprising:
- causing a user interface to receive browser credentials for a user account associated with a browser application for logging in to the browser application executing on a first user device to be presented by the browser application;
  
  authenticating, using the first user device, a user of the first user device to the browser application on the first user device using the browser credentials received via the user interface corresponding to a browser account for the user of the first user device;
  
  detecting, using the browser application, navigation to a login page of a secure website that requires user credentials for access thereto;
  
  detecting a presence of a mobile device proximal to the first user device using a device discovery protocol, wherein a first version of the browser credentials are stored on the mobile device;
  
  in response to detecting the presence of the mobile device proximal to the first user device, performing an application layer authentication between the browser application executing on the first user device and a credential manager application executing on the mobile device via a secure channel between the first user device and the mobile device by comparing a second version of the browser credentials generated by the first user device with the first version of the browser credentials stored on the mobile device;
  
  in response to authenticating the browser application executing on the first user device to the credential manager application executing on the mobile device, transmitting, to the mobile device via the secure channel, an identification of the secure website;
  
  receiving, from the mobile device via the secure channel, user credentials corresponding to the secure website, wherein the user credentials are encrypted using a session key established in association with the application layer authentication; and
  
  populating, without user input, the login page of the secure website on the first user device with the received user credentials.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the detecting the presence of the mobile device proximal to the first user device is in response to the detecting navigation to the login page of the secure website.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the detecting the presence of the mobile device proximal to the first user device is in response to selection, by the user of the first user device, of a credentials requirement indicator presented on the login page of the secure website.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the user credentials are stored in a credential vault on the mobile device.
  - 17. The non-transitory computer-readable medium of claim 13, wherein populating the login page of the secure website with the received user credentials comprises populating the login page with masked characters representing the received user credentials.
  - 18. The non-transitory computer-readable medium of claim 13, wherein the identification of the secure website is in response to performing the application layer authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Inventors
Morikuni, James J., Hansen, Joseph M., Shu, Darren B
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US15/145,570
Publication Number

US 20160248764A1
Time in Patent Office

462 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 67/02   based on web technology, e....

H04W 12/068   using credential vaults, e....

Systems and methods for credential management between electronic devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for credential management between electronic devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links