Winklevoss Twins have won another patent on secure authentication method. The patent proposes Passwordless Authentication Technique operating in a decentralized manner.
Many enterprises and service providers strive to improve security and usability of services they provide over their networks. Access control techniques such as single sign-on and the like are popular because they may satisfy both security and usability requirements established by enterprises and service providers. For example, access control techniques such as single sign-on and the like may permit a user to use one set of login credentials (e.g., name and password) to access multiple related yet independent systems. Further, many enterprises and service providers store user names and passwords in a single repository, which is vulnerable to credential harvesting attacks.
However, individual systems often have different credential requirements and require users to update their passwords at different intervals, resulting in users having to keep track of a large number of different logon credentials for different systems. There is thus a need for technological solutions for creating passwordless and decentralized authentication to allow a system to verify an identity without a password or other authentication credential associated with the identity. There is further a need for technological solutions allowing such decentralized authentication where individual enterprises lack a sufficient number of ledgers and thus need to coordinate with other enterprises to perform decentralized authentication. In addition, there is a need for technological solutions addressing what information to store in, and what information to omit from, ledgers used in decentralized authentication.
Described herein are “no password” or “passwordless” authentication techniques that operate in a decentralized manner. Embodiments of the authentication techniques may enable secure authentication in various types of decentralized frameworks, such as blockchain implementations, without the need for a user to manually provide authentication credentials (e.g., username, password, biometric information, tokens, certificates, keys, etc.). The authentication techniques may allow users to log into a system, or authenticate to a different system, without having to remember or enter authentication credentials.
The various implementations described herein overcome many drawbacks of current authentication systems. The described passwordless authentication system may harden existing systems and defend against malicious activities. Further, a decentralized system framework (e.g., blockchain-based) removes the need for a single repository of credentials and thereby minimizes the risk of credential harvesting from a single source (e.g., Directory, LDAP, etc.).