Abstract: A system and method for protecting user data using a key escrow service. The key escrow service may be hosted by a service provider to integrate Identity Access Management (IAM) solutions, such as Single-Sign-On (SSO) and/or System for Cross-domain Identity Management (SCIM), with a zero-knowledge service, such as a password manager or other service handling sensitive user data. In examples, secure enclave technology may be used to allow the service provider to host and manage the key escrow service without being able to access any cryptographic key used and/or stored within a secure enclave. Accordingly, in some aspects, the service provider may have the ability to store users' secret keys for SSO and sharing keys for SCIM in a trusted, secure storage location without breaking the zero-knowledge principles of the infrastructure.

Abstract: A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.

Abstract: A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first value provided in a first field of the electronic form. An autofill application is trained using the received user input.

Abstract: Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials.

Abstract: Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the cryptographic key may be encrypted using a second cryptographic key. The encrypted representation of the cryptographic key may be provided to a first system, while the second cryptographic key may be provided to a second system. As a result, a user computing device may retrieve both the encrypted representation of the cryptographic key and the second cryptographic key from the first and second systems, respectively, in order to encrypt/decrypt user data.

Abstract: Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an acceptable response to the first challenge. Access to the first content is granted to the first user in response determining that the first response is an acceptable response.

Abstract: Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the second copy may be encrypted using a recovery key. The recovery key may then be stored by a third party. In a reset scenario in which the master password is forgotten, the recovery key may be retrieved from the third party and used to decrypt the second copy of the local ciphering key, thereby providing access to the encrypted user data without use of the master password.

Abstract: Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials.

Abstract: Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the cryptographic key may be encrypted using a second cryptographic key. The encrypted representation of the cryptographic key may be provided to a first system, while the second cryptographic key may be provided to a second system. As a result, a user computing device may retrieve both the encrypted representation of the cryptographic key and the second cryptographic key from the first and second systems, respectively, in order to encrypt/decrypt user data.

Abstract: Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the second copy may be encrypted using a recovery key. The recovery key may then be stored by a third party. In a reset scenario in which the master password is forgotten, the recovery key may be retrieved from the third party and used to decrypt the second copy of the local ciphering key, thereby providing access to the encrypted user data without use of the master password.

Abstract: A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first value provided in a first field of the electronic form. An autofill application is trained using the received user input.

Abstract: Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an acceptable response to the first challenge. Access to the first content is granted to the first user in response determining that the first response is an acceptable response.

Abstract: Embodiments of the present disclosure provide methods and system for managing payment options. The methods may include receiving a trigger for updating user information associated with a payment option, the trigger comprising a change in the user information associated with the payment option. Upon receiving the trigger, at least one website associated with the payment option may be determined. A script may be provided to be run on the determined at least one website to update the user information. The generated script may be executed on the at least one website to update the user information.

Abstract: Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.

Abstract: A method for shopping cart validation automation, comprising analyzing a webpage to determine if it contains a shopping cart structure and if the user has expressed desire to initiate a checkout procedure, extracting shopping cart and other price elements from pages of a checkout tunnel, accumulating such information for the shopping transaction, validating the shopping transaction using the accumulated information, and allowing the user to confirm or cancel the transaction upon validation. Alternatively, the method may message the use that the transaction is not reconcilable where the shopping cart could not be validated. Also, the system can advantageously build a history database storing transactional details, including screen shots of pages of the checkout tunnel.

Abstract: An analysis engine executes under client control to review web pages in real-time and control interaction with the web pages of a website to assist the user of the client in providing selections, providing information and otherwise interacting with the website. In analyzing web pages, the engine uses rule-based logic and considers web pages from an anthropomimetic view, i.e., considers the content, forms and interaction elements as would be perceived and dealt with by a human user, as opposed to by merely considering the web pages in their native form, such as HTML formatted files.

Abstract: Methods and systems are provided for web page task automation. In one embodiment, the method comprises of the following steps: i) decomposing the high level task into a sequence of anthropomimetic subroutines, ii) decomposing each routine into a series of anthropomimetic actions or steps, for example stored as a unit shares of work, iii) generating computer code to interact with the content of the webpage, for each unit share of work, iv) executing the generated computer code by a web interface module, and transmitting the results of the execution of computer code, steps iii) and iv) being repeated until all steps of a subroutine have been executed, until the sequence of subroutines for a logical task have been achieved.

Abstract: A method for online purchase automation, comprising identifying when the user has selected to navigate to or receive a web page related to a purchasing action, identifying when content of the web page is received; analyzing the web page concurrent with the purchase action, without requiring detailed structural information about the web page in advance, and determining whether the web page is related to a purchasing action, by parsing the web page or related data elements. If the web page is related to a purchasing action, the next steps are determining the user interface elements of the web page or related data elements, retrieving site-independent customer data for the purchase based on the analyzing of the user interface elements, simulating user input using the site-independent customer data to populate at least portions of the web page, and displaying to the user the populated purchasing page for user action.