Systems and methods for credential management between electronic devices

摘要

Embodiments are provided for managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects (230) to a website server that hosts a secure website. The browser device initiates (236) a credential request and enters (238) a discovery routine with a mobile device. After establishing (240) a secure channel with the mobile device, the browser device sends (248) an identification of the secure website to the mobile device, which identifies (250) corresponding user credentials and sends (252) the user credentials to the browser device. The browser device populates (254) a login page with the user credentials and accesses (256) the secure website.

主权项

1. A method on a first electronic device for enabling a user to access a secure website, the method comprising;
authenticating, using the first electronic device, a user of the first electronic device to a browser application using browser credentials corresponding to a browser account for the user of the first electronic device; using the browser application that has been authenticated using the browser credentials corresponding to the browser account to detect navigation to a login page of the secure website, the secure website requiring user credentials for access thereto; responsive to detecting navigation to the login page of the secure website, detecting a presence of a mobile device proximal to the first electronic device; responsive to detecting the presence of the mobile device being proximal to the first electronic device, authenticating, by a hardware processor of the first electronic device, the first electronic device to the mobile device, wherein authenticating the first electronic device to the mobile device comprises;
establishing a secure channel between the first electronic device and the mobile device; andperforming an application layer authentication between the browser application executing on the first electronic device and a credential manager application executing on the mobile device by receiving cryptographic data that includes a cryptographic nonce from the mobile device, hashing the browser credentials with the cryptographic data using a hash function to produce a hashed value, and sending the hashed value to the mobile device, wherein the credential manager application authenticates the browser application using the hashed value;responsive to authenticating the first electronic device to the mobile device, sending, to the mobile device via the secure channel, an identification of the secure website;responsive to sending the identification of the secure website to the mobile device, receiving via the secure channel, from the credential manager application executing on the mobile device, user credentials based on the identification of the secure website; andpopulating, without user input, the login page of the secure website with the received user credentials.