We all live in a world where the use of internet has become part of our daily life. On one hand, it has made life easier to access the information, transactions, email access and other on-line services but on the other hand, the same data which has been used for email access, transactions etc. are being used to commit fraud and stealing identities, money etc. Because of this, the users, institutions and organizations are losing billions of dollars with no end in sight. Also, the businesses are increasingly using e-mail for critical functions, such as high-level commercial negotiations and transactions. Along with this increased and highly sensitive usage is a growing demand for electronic communications to be both private and authentic.
Also because of the ease of using internet which is accessible not only through personal computers and laptops hut also through the smartphones and smart watches, the transactions can be done easily from anywhere and at any time. This has made the system vulnerable to cyber-attacks that leads the users to incur losses in several dollars to several millions and billions of dollars.
The ease of access with the internet is reason for most of the users to create and deal with more than one online accounts requiring different usernames and passwords. The users are expected to remember all the usernames and password in order to get access to their accounts. When there are more than one online accounts with different passwords, the users tends to store the usernames and the corresponding passwords either written in a paper, as a text file in their personal computers and laptops or as a note in their smartphones. Also in some cases, the users write them on a note and put it next to their personal computer or laptop. It is very risky to leave such sensitive information unattended as other might steal it and use it for their benefits, to commit frauds or also to make fortunes.
In the past, when e-mail was routed within internal networks, the physical security of that network typically ensured that e-mails were secure. But now, the increasing dependency on the internet for various types of communications, makes the security measures highly important. The security can be possible with the help of physical security or with internal security i.e. with the help of data encryption. Providing security to the internet physically is not a feasible option hence the other option that is easily opted by the users are the various forms of encryption which provides the security.
One such kind of encryption that is being currently used in through the Public key encryption (PKE) which is typically used for securing communications over the internet. The PKE uses two different keys for encrypting the data i.e. a public key, and a private key. Each communicator are provided with a public key and also a private key which is kept secret. In, this system, the public key is used for encryption of the data and the private key is used for decryption of the same data. There are several disadvantages of the PKE system and the protocols based on it. The system is highly complicated and the implementation of the system would require more keys as the provided keys would not be enough. Also the speed of the operation lags in time and the algorithms which are used in the system are highly complex making it difficult to alter.
A prior art patent U.S. Pat. No. 9,467,443 B2 describes an authentication utilizing a dynamic passcode from a user-defined formula based on a changing parameter value wherein the authentication system utilizes dynamic passcode from a user-defined formula based on a changing parameter value in which the changing parameter is publicly accessible through the communication network and has a current value that is periodically updated, such as a stock value, temperature at a specific location, or a sports score. The user-defined formula is based on the changing parameter in order to derive a passcode which authenticates a user to an associated user account. As referred to herein, the user-defined formula is a mathematical formula in which the changing parameter is one variable (e.g., [changing parameter value]+1). Some formulas include more than one changing parameter.
Other online solutions which are available for password storage and management are the password manager software application along with the hardware that usually store user names and passwords in encrypted form and requires the user to create a master password which is a single strong password that grants the user access to their entire password database. Some of the password managing software also stores the passwords on the user's computer which are also known as the offline password managers, whereas other password managing software store the data in the provider's cloud which are also known as the online password managers.
The user credentials' (such as user names and passwords) storage and management software can be based on different criteria including web-based, cloud-based, portable, desktop, offline, tokens and stateless. The web-based password storage and management software are those in which the passwords are stored online and are viewed and copied to/from a provider's, website. The cloud-based password storage and management software are those in which the passwords are stored online on a service provider's servers on the Internet, but handled by password management software running on the client's machine. The portable password storage and management software are those in which the portable software enables storing of the passwords and program on a mobile device, such as a PDA, smart phone, or as a portable application on a USB memory stick etc. The desktop password storage and management software are those in which the desktop or laptop software is used for storing the passwords on a computer hard drive which can be either offline or cloud based. The offline password storage and management software is the independent software which keeps the passwords locally on the device being used. The token password storage and management software, is the one in which the passwords are protected using a security token, thus typically offering multi-factor authentication by combining something the user has such as a mobile application that generates rolling a token similar to virtual smart card, smart card and USB stick, PIN or password and/or something the user is like biometrics such as a fingerprint, hand, retina, or face scanner. The stateless password storage and management software is the one in which the passwords are generated on the fly from a master passphrase and a tag using a key derivation function.
There are various shortcomings of the existing systems that are vulnerable theft, fraud and data leak. The main disadvantages of the existing systems are the authorization and authentication issues, bookmarklet issues wherein the malicious website can steal a user's password, user Interface issues wherein the frauds can capture the user's credentials, web issues wherein the XSS and CSRF vulnerabilities may be exploited by hackers to obtain a user's password and many more. Furthermore in the existing systems, if the hacker or malware gets a single password of any user's account, then they can gain access to all of a user's passwords and can cause unpredictable damage.
Therefore, there is a need for a secure system which can provide a high security system to store and manage the user names and passwords of a user that can be accessed only by the user more securely and remotely and/or locally.