Embodiments of the present disclosure relate to an account management system and more particularly to a system and a method to manage multiple-account access using a master key.
Credentials refer to verification of identity or tools for authentication. The credentials are most commonly used for user authentication wherein, the user, generally, needs to enter the credentials such as a password and a username. Generally, the credentials associated with the user are managed by a credential management system (CMS) to control access to sensitive data or organisations. Several challenges are associated with the management of the credentials as most of the user provided credentials such as user-provided passwords which are always prone to cyberattacks. Management of the credentials without being cracked by an attacker or third party is an important concern of a user having a plurality of online accounts. As a result, various systems are available which manages the user credentials for the multiple account access using the master key concept.
One such system includes a conventional system which is available for managing the user credentials for the multiple accounts through manual intervention, wherein the user needs to remember different usernames and passwords for different online accounts. However, managing the different usernames and the passwords by the user for the different online accounts leads to one or more vulnerabilities and the user confronted with such type of problem tries to use the same password for each remote system or write down a list of passwords. Also, the user credentials which are more complex becomes difficult in remembering. In addition to, the conventional approach needs to remember the passwords used by the user for accessing different online accounts. Moreover, the credential system needs to store and manage the different usernames and the passwords for the different online accounts. Furthermore, storing the different usernames and the passwords in a particular storage format or a particular storage option might be superfluous as an attacker may get an access to passwords stored and ruin everything. Also, storing the different user credentials increases space utilisation of the storage device.
Hence, there is a need for an improved system and a method to manage user credentials for multiple-account access using a master key in order to address the aforementioned issues.
In accordance with one embodiment of the present disclosure, a system to manage multiple-account access using a master key is disclosed. The system includes a master key obtaining subsystem configured to obtain a master key in a predefined format. The system also includes a child key generation subsystem operatively coupled to the master key obtaining subsystem. The child key generation subsystem is configured to generate one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function. The system also includes a password generation subsystem operatively coupled to the child key generation subsystem. The password generation subsystem is configured to generate one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function. The system also includes a credential association subsystem operatively coupled to the password generation subsystem. The credential association subsystem is configured to associate the one or more passwords with one or more user identifiers corresponding to the one or more accounts. The system also includes a credential management subsystem operatively coupled to the credential association subsystem. The credential management subsystem is configured to enable the user to access each of the one or more accounts by using each corresponding the one or more passwords and each corresponding the one or more user identifiers.
In accordance with another embodiment of the present disclosure, a method to manage multiple-account access using a master key is disclosed. The method includes obtaining, by a master key obtaining subsystem, a master key encoded in a predefined format. The method also includes generating, by a child key generation subsystem, one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function. The method also includes generating, by a password generation subsystem, one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function. The method also includes associating, by a credential association subsystem, the one or more passwords with one or more user identifiers corresponding to the one or more accounts. The method also includes enabling, by a credential management subsystem, the user to access each of the one or more accounts by using each corresponding the one or more passwords and each corresponding the one or more user identifiers.
To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or sub-systems or elements or structures or components preceded by “comprises . . . a” does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase “in an embodiment”, “in another embodiment” and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
Embodiments of the present disclosure relate to a system and a method to manage multiple-account access using a master key. The system includes a master key obtaining subsystem configured to obtain a master key in a predefined format. The system also includes a child key generation subsystem operatively coupled to the master key obtaining subsystem. The child key generation subsystem is configured to generate one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function. The system also includes a password generation subsystem operatively coupled to the child key generation subsystem. The password generation subsystem is configured to generate one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function. The system also includes a credential association subsystem operatively coupled to the password generation subsystem. The credential association subsystem is configured to associate the one or more passwords with one or more user identifiers corresponding to the one or more accounts. The system also includes a credential management subsystem operatively coupled to the credential association subsystem. The credential management subsystem is configured to enable the user to access each of the one or more accounts by using each corresponding the one or more passwords and each corresponding the one or more user identifiers.
The system 100 also includes a child key generation subsystem 120 operatively coupled to the master key obtaining subsystem 110. The child key generation subsystem 120 is configured to generate one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function. In one embodiment, the one or more child keys may include keys with a functional representation of corresponding one or more accounts associated with the user. In some embodiment, the one or more accounts may include at least one of a social media account associated with the user, a shopping account associated with the user, a bank account associated with the user, a travel organisation account associated with the user or a combination thereof. In such embodiment, the social media account may include a Facebook™ account, the shopping account may include an Amazon™ account, the bank account associated with the user may include an internet banking account, the travel organisation account associated with the user may include a Goibibo™ account or the combination thereof.
The system 100 also includes a password generation subsystem 130 operatively coupled to the child key generation subsystem 120. The password generation subsystem 130 is configured to generate one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function. In one embodiment, the transformation function may include a function configured to modify the one or more child keys based on a predefined requirement of one or more corresponding accounts to regenerate the one or more passwords. In such embodiment, the transformation function may include at least one of a value substitution function, a swapping function, a cycling function or a combination thereof. In one embodiment, the predefined requirement to generate the one or more passwords may include a rule or a password policy to generate a strong and secured password. In such embodiment, the predefined requirement may include at least one of a minimum length of the password should be at least 8 characters long, characters of the passwords should be alphanumeric characters, password change duration should be frequent or a combination thereof. In one embodiment, the password generation subsystem 130 is configured to select a child key from the one or more child keys as a password corresponding to the one or more user accounts by using a parent-child relationship function when the user requires a new password.
The system 100 also includes a credential association subsystem 140 operatively coupled to the password generation subsystem 130. The credential association subsystem 140 is configured to associate the one or more passwords with one or more user identifiers corresponding to the one or more accounts. In one embodiment, the user identifiers may include one or more usernames corresponding to the one or more accounts.
In a specific embodiment, the password generation subsystem 130 may include generating only the one or more passwords corresponding to the one or more generated child keys from the generated master key as shown in 160 in
In another embodiment, the one or more passwords generated by the password generation subsystem 130 are further associated with the one or more user identifiers corresponding to the one or more accounts as shown in 170 in
In yet another embodiment, the credential association subsystem 140 is further configured to associate one or more user-defined passwords with the one or more associated user identifiers corresponding to the one or more accounts when the one or more user defined passwords are unaltered using the second function as shown in 180 in
Referring back to
The system 100 provides a solution for the problem of remembering the user IDs and the passwords by the user with a help of a generation of a master key. For example, suppose the user has one or more online accounts such as a Facebook account, a Gmail account, an internet banking account of State Bank of India (SBI) and an IoT devices access account. Now, after registration with such one or more accounts, let us assume, the user forgets each corresponding one or more passwords and each corresponding user IDs. In such a scenario, the master key helps in deducing the corresponding one or more user IDs, corresponding one or more passwords and other authentication and authorization information for accessing the one or more online accounts.
A master key obtaining subsystem 110 obtains a master key encoded in a predefined format. The master key is a functional representation in a predefined format. For example, here the master key, which is obtained, is represented as ‘b40661cc . . . b4e625’ as shown in
Referring to
Referring back to
With continued reference to
The processor(s) 230, as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
The memory 210 includes a plurality of subsystems stored in the form of executable program which instructs the processor 230 to perform the method steps illustrated in
The master key obtaining subsystem 110 is configured to obtain a master key encoded in a predefined format. The child key generation subsystem 120 is configured to generate one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function. The password generation subsystem 130 is configured to generate one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function. The credential association subsystem 140 is configured to associate the one or more passwords with one or more user identifiers corresponding to the one or more accounts. The credential management subsystem 150 is configured to enable the user to access each of the one or more accounts by using each corresponding the one or more passwords and each corresponding the one or more user identifiers.
The method 300 also includes generating, by a child key generation subsystem, one or more child keys corresponding to one or more accounts associated with a user from the master key using a parent-child relationship function in step 320. In one embodiment, generating the one or more child keys corresponding to the one or more accounts associated with the user may include generating the one or more child keys corresponding to at least one of a social media account associated with the user, a shopping account associated with the user, a bank account associated with the user, a travel organisation account associated with the user or a combination thereof.
The method 300 also includes generating, by a password generation subsystem, one or more passwords regenerative in nature corresponding to the one or more child keys by using a transformation function in step 330. In one embodiment, generating the one or more passwords regenerative in the nature corresponding to the one or more child keys may include generating the one or more passwords based on a predefined requirement of one or more corresponding accounts to regenerate the one or more passwords. In some embodiment, generating the one or more passwords corresponding to the child keys may include generating the one or more passwords by using at least one of a value substitution function, a swapping function, a cycling function or a combination thereof.
The method 300 also includes associating, by a credential association subsystem, the one or more passwords with one or more user identifiers corresponding to the one or more accounts in step 340. In one embodiment, associating the one or more passwords with the one or more user identifiers may include associating the one or more regenerated passwords with one or more usernames corresponding to the one or more accounts associated with the user.
The method 300 also includes enabling, by a credential management subsystem, the user to access each of the one or more accounts by using each corresponding the one or more passwords and each corresponding the one or more user identifiers in step 350. In one embodiment, enabling the user to access each of the one or more accounts may include enabling the user to login the account by using the each corresponding one or more regenerated passwords and the each corresponding one or more associated user identifiers.
In a preferred embodiment, the method further includes associating, by the credential association subsystem, one or more user-defined passwords with the one or more associated user identifiers corresponding to the one or more accounts when the one or more user defined passwords are unaltered using the transformation function.
Various embodiments of the present disclosure enable easy access of the multiple accounts associated with the user through a single master key without using separate passwords for each account.
Moreover, the present disclosed system derives one or more child keys from a generated master key in real-time and omits necessity of storing and remembering the passwords for accessing the one or more accounts.
Furthermore, the present disclosed system makes system of accessing the accounts more secured as the corresponding passwords for each account are generated from the one or more corresponding child keys and as a result it becomes difficult by the user to guess or crack the one or more generated passwords.
It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the disclosure and are not intended to be restrictive thereof.
While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, the order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples.
Number | Date | Country | Kind |
---|---|---|---|
202041007349 | Feb 2020 | IN | national |
This National Phase application claims priority from a Complete patent application filed in India having Patent Application No. 202041007349 filed on Feb. 20, 2020 and titled “SYSTEM AND METHOD TO MANAGE MULTIPLE ACCOUNT ACCESS USING A MASTER KEY” and PCT Application No. PCT/IB2021/050204 filed on Jan. 13, 2021, titled “SYSTEM AND METHOD TO MANAGE MULTIPLE-ACCOUNT ACCESS USING A MASTER KEY”
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/IB2021/050204 | 1/13/2021 | WO |