Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

System and Method for Universal security in the age of cloud and multiple accesses in case of voluntary/forced abundance.

IP.com Disclosure Number: IPCOM000249198D
Publication Date: 2017-Feb-09
Document File: 2 page(s) / 25K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method where all the applications secured with logging in functionality will logout from any and all devices based on a master logout key, also deactivating or blocking your account for a particular time period by means of a normal deactivation password.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

System and Method for Universal security in the age of cloud and multiple accesses in case of voluntary/forced abundance.

Disclosed is a method for all the applications secured with logging in functionality will log-out from any and all devices based on a master log-out key. A master log-out key (reverse of the concept of master key) is needed along with log of all the log-in activities to make sure that log-out is universal. There is no need to notify separate applications needing log-in - credit card, official and social and cross log ins. In case of threat one can just log-out based on the history of log-in and also this can be done by the person authorized by the user who have execute rights for universal log-out.

Threat: Logging out is a function available which makes sure that secure actions taken after log-in are secure from things like saved passwords and other facilities which are to increase usability,e.g. most of the log-in now come with resident log-in option where one is logged in always.

Many a times now one can log-in into most of the applications using one single log-in. That makes the situation even scarier.

Numerous situations can be thought about the threat for example: a) Let us say one lost a smart phone where all the log-in information were saved (which is the normal case currently) which is big security threat which is not limited to the device, b) Let us say that one is logged in smart phone and with same account log-in from somewhere else to print photos etc and is not sure if got logged out and password was not saved, c) If attacker is physically present and by force wants to log-in, etc,

Current Available Methods: Yes, currently there are e-mails and other form of communications available that are sent about the fact that we were logged in from somewhere else but that is informational. For acting on it, we do not have any automatic universal thing.

Proposed System: Proposed system is about providing control over all log-in of a particular person and can unconditionally log-out or deactivate/block with one command. If one universal deactivate password is there then one can easily put deactivate password rather than log-in password to get away from a possible forced attack situation, at the same log-in page and log-in password field and attacker will never know what happened.

Also th...