Frédéric R.

A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received… Show more

A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data. Show less

A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first… Show more

A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first value provided in a first field of the electronic form. An autofill application is trained using the received user input. Show less

Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume… Show more

Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials. The encrypted user data may then be decrypted, thereby obviating the need for the user to re-authenticate, while still retaining the privacy and security benefits of the zero-knowledge environment. Show less

Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the… Show more

Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the cryptographic key may be encrypted using a second cryptographic key. The encrypted representation of the cryptographic key may be provided to a first system, while the second cryptographic key may be provided to a second system. As a result, a user computing device may retrieve both the encrypted representation of the cryptographic key and the second cryptographic key from the first and second systems, respectively, in order to encrypt/decrypt user data. Show less

Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an… Show more

Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an acceptable response to the first challenge. Access to the first content is granted to the first user in response determining that the first response is an acceptable response. Show less

Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the… Show more

Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the second copy may be encrypted using a recovery key. The recovery key may then be stored by a third party. In a reset scenario in which the master password is forgotten, the recovery key may be retrieved from the third party and used to decrypt the second copy of the local ciphering key, thereby providing access to the encrypted user data without use of the master password. Show less