Portal control of web site credentials using asymmetric public/private key encryption without user selection or user password management

Assignee

• Bank of America Corporation · US

Inventors

• Joshua Abraham · Sharon, US
• Steven E. Sinks · Scottsdale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0861
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An information-security method for securely accessing a web site through non-password user authentication to an intermediary portal is disclosed. A hardware/biometric login authenticates a user to a portal, which provides 1-click user access to web sites. The portal generates a strong password for each web site. Private keys with the passwords embedded therein are generated by the portal and stored along with public keys for the web sites. Communications between the portal and web sites are asymmetrically encrypted using the keys. Passwords for the web sites are updated or autorotated by the portal on-demand, at periodic intervals, and/or in response to data breaches or threat vectors to provide enhanced security. Updated login credentials are communicated to the web sites when the passwords are changed by the portal. Passwords are managed transparently to the user such that users need not be aware or keep track of their passwords.