Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client device may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The client dvice may receive a first user credential. The client device may receive first entropy from a wireless device. The client device may decrypt, using the first entropy, second entropy generated by a server. The client device may decrypt, using the second entropy, a second user credential that was stored in the client device. Based on a comparison of the first user credential with the second user credential, the client device may grant a user of the client device access to one or more resources.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract: Methods and systems for authenticating a client device using entropy provided by a server and/or a device paired with the client device are described herein. The system may generate static entropy and time-limited entropy based on data from the server and/or the paired device. The static and time-limited entropy may be used to authenticate the client device (application or a user of the client device) in addition to authentication credentials or entropy such as a PIN or password provided by the user. The time-limited entropy may have an expiration time. If the time-limited entropy is expired, the system may request the user to perform a hard authentication with the server, such as by providing a username, password, and/or optionally a two-factor authentication code, among other information.