Field
Embodiments of the present invention generally relate to the field of computer networking. In particular, various embodiments relate to systems and methods for managing transmission and storage of sensitive data.
Description of the Related Art
When users use online services, such as online shopping, online storage, social media, and the like, a large amount of sensitive data may be transmitted from local clients to remote servers through computer networks, such as the Internet. The sensitive data may include usernames/passwords for websites and other online services, virtual private network (VPN) credentials, social security numbers (SSNs), credit/debit card information and other personal information. Typically, the sensitive data is either stored in a local secure storage and is provided by the operating system (OS) or web browser, or is input (e.g., via a keyboard) by the user directly at a local computer and then transmitted from the local computer to a remote server.
The fact that sensitive data must be present on the local computer each and every time it is submitted to a remote server creates security risks. For example, if the local computer is compromised with malware, an attacker may obtain complete access to sensitive data stored or typed in the local computer. This is typically achieved in several ways including one or more of the following:
a. Retrieving it directly from the local storage;
b. Installing a key logger to collect user input; and
c. Injecting code into the browser to parse and extract data from web forms.
The local computer used to access online services is typically a conventional personal computer, laptop or mobile computing device (e.g., a tablet computer or smartphone)—all of which are relatively vulnerable to attacks as compared to network security devices that are designed to provide protection to such endpoint devices.
While password management software has been developed to manage usernames/passwords that are to be inputted by a user, such software does not provide a complete solution to the problem. After password management software is installed on a local computer, it may manage and store usernames/passwords for various websites, applications, services and the like that are used by the user locally or remotely. When the user accesses a login page of a web site, for example, the corresponding username/password of the web site is retrieved by the password management software and may be automatically filled into the login form and submitted to the website. As it is recommended that users employ different usernames and passwords for each password protected account and “strong” passwords are often difficult to remember, typically including over eight characters, comprising symbols, numbers and a combination of capitalized and non-capitalized letters, password management software promotes good practices and facilitates management of many usernames and strong passwords. Existing password management software may also provide some protections to the usernames/passwords by encryption and/or remote storage; however, sensitive data (e.g., the usernames and passwords) remains vulnerable to attack by key loggers and/or injected code as the sensitive data is present at the users' computers prior to being submitted to a password-protected website, for example.
Therefore, there is a need for a method and system that addresses these vulnerabilities.