Abstract: Systems and methods for sharing secrets including passwords, keys, and other confidential information used in computing environments. A secrets record generated at a secrets vault client device is encrypted using an application key associated with a computing environment. The encrypted secrets record is stored in the secrets vault server. The secrets vault client device configures a sharing client device and associated with an access token. The secrets vault client device hashes the access token and sends to the secrets vault server as a client identifier. The sharing client device performs a first-time authentication using a hashed access token with the secrets vault server. Upon successful authentication, the sharing client device requests secrets records from the secrets vault server using the client identifier.

Abstract: Systems and methods for providing secure single sign-on authentication and management of encrypted vault in a fully cloud-based zero-knowledge environment. A user on a client device attempts to use a network resource. The user is directed to login to the identity provider. The identity provider authenticates the user through a login process. If the user is identified to be a valid user, the identity provider sends the user an attestation sign-on key to confirm the user is valid. The client device sends the attestation sign-on key to a vault service provider, which verifies the attestation using a configured public key. The client device retrieves a data decryption key and an encrypted data key, which are stored in different entities in the system. The encrypted data key is decrypted on the client device using the data decryption key.

Abstract: Systems and methods for detecting breached user login records in a zero-knowledge architecture. A breach detection module obtains login data that has been breached from breached data sources and service providers. The breached data is hashed with a system key and the breached data hashes are hashed in a hardware security module (HSM) using a hashing method and a non-exportable key. Clients provide user login data that has been hashed using the hashing method by the client device to the breach detection module. The breach detection module hashes the hashed user login data and compares the hashed user login hashes with the hashed breached data hashes and sends a breach alert to the client device if any hashes match.

Abstract: A system and/or method includes facilitating secured chat messaging. An application module can derive a master password-based encryption key from a master password. The application module can generate a data key and encrypt the data key with the master password-based encryption key. The application module can generate a record key for encrypting chat messages of a chat thread and encrypt the record key with the data key. The application module can decrypt the chat messages in the chat thread with the record key, where the record key is decrypted with the data key, and where the data key is decrypted with the master password-based encryption key. The application module can display the decrypted chat messages.

Abstract: A system and/or method include a connect module for facilitating a single sign-on to a digital vault provided by a service provider in a zero-knowledge architecture.

Abstract: A computer-implemented method is provided for facilitating a quick login using a mobile computing device having a space-wise limited virtual keyboard. The method includes detecting a response from a server of a website or from an application native to the computing device that includes a login form displayed on a screen of the mobile computing device for authenticating a user, activating an application on the mobile computing device configured to auto fill the login form, and displaying a quick login keyboard, which includes a plurality of boxes configured to hold credential data of the user, wherein the quick login keyboard further includes a plurality of fill buttons, each of which is associated with one of the credential data boxes. The method further includes detecting a tapping on one of the plurality of fill buttons, and populating the login form with the credential data associated with the tapped fill button.

Abstract: An apparatus includes a storage device, a position comparison processor coupled to the at least one storage device, and a display coupled to the position comparison processor. A plurality of files is stored on the storage device, wherein each file contains at least one item of confidential information and wherein a geographic location of use is associated with the file. The position comparison processor compares a current geographic location with each of the geographic locations of use associated with the plurality of files and the display displays contents of a selected file, wherein the geographic location of use associated with the selected file matches the current geographic location.