Method for confidential local storage of login credentials

IP.com Prior Art Database Disclosure
IP.com Disclosure Number: IPCOM000220085D
 Publication Date: 20-Jul-2012
More Like This Download

Publishing Venue

The IP.com Prior Art Database

Abstract

The increasing trend for delivery of mobile applications using rich internet application (RIA) technologies such as HTML5 and JavaScript presents unique challenges for coding solutions that fulfil ease-of-use requirements while complying with local, national and international privacy and security regulations. For example, in some countries (ie. Denmark), banking usernames are identical to the end user's social security number, and legal requirements exist that if the username is cached locally for a user's convenience, it is stored in a secure encrypted format. However, the open-source nature of any RIA ensures that any client-encryption efforts are by their nature compromised - encryption keys and algorithms are available with minimal effort using a debugging application. This disclosure covers a process for a two-stage login process, whereby a client application can securely cache an encrypted version of a username for later use, fulfilling "usability" requirements, while maintaining compliance with privacy and security regulations.

Language

English (United States)

Document File

1 pages / 45.5 KB

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 1

Method for confidential local storage of login credentials

The increasing trend for delivery of mobile applications using rich internet application (RIA) technologies such as HTML5 and JavaScript presents unique challenges for coding solutions that fulfil ease-of-use requirements while complying with local, national and international privacy and security regulations. For example, in some countries (ie. Denmark), banking usernames are identical to the end user's social security number, and legal requirements exist that if the username is cached locally for a user's convenience, it is stored in a secure encrypted format. However, the open-source nature of any RIA ensures that any client-encryption efforts are by their nature compromised - encryption keys and algorithms are available with minimal effort using a debugging application.

This disclosure covers a process for a two-stage login process, whereby a client application can securely cache an encrypted version of a username for later use, fulfilling "usability" requirements, while maintaining compliance with privacy and security regulations.

To clarify this flow, the classic "login procedure", where username and password are provided together, is split into two stages. Please note that all communications with the server are conducted over secure, encrypted HTTPS connections.

"Username encryption"


1.

The user enters their plain-text username.


1.

The application provides this plain-text username to a "username encryption

2.
service". It encrypts the username so that ONLY the server may decrypt it. Additionally, it calculates an obfuscated "display" version of the use...

First page image
We are pleased to offer a download of this document free of charge.
Files available for download:
  • a representative PDF of the primary file (contains all the relevant information for most users)
  • the full document ZIP file containing the primary file, packaged metadata, and attachments (as appropriate)
To obtain the file, please enter the "captcha" below and click the Download button.
Avoid entering CAPTCHAs! Sign In or Create a Free Account.

Challenge image
  • Please enter letters and numbers only; no spaces.
  • Cannot read this one? Click the image.
  • Difficulty with captchas? Contact us with the URL of this page and we will email it to you.