Browser security module
First Claim
1. A computer-implemented method, comprising:
- receiving a secure key via a link received at a browser on a client device from an authentication server;
receiving first active content at the browser;
executing the first active content, wherein the first active content causes the secure key to be stored in a security module associated with the browser, the security module having an interface enabling active content executing in the browser to cause the security module to perform one or more operations using the secure key;
receiving, at the browser, second active content associated with a domain, the second active content, when executed, contacting the security module;
performing, by the security module, an operation of the one or more operations using the secure key, the operation based at least in part on a characteristic of the second active content or the domain associated with the active content; and
enabling the second active content to obtain a result of the operation from the security module and send a request using the result to a server to obtain content from the server upon authentication by the server that the result was produced using the secure key, without exposing the secure key to the second active content.
0 Assignments
0 Petitions
Accused Products
Abstract
Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving a secure key via a link received at a browser on a client device from an authentication server; receiving first active content at the browser; executing the first active content, wherein the first active content causes the secure key to be stored in a security module associated with the browser, the security module having an interface enabling active content executing in the browser to cause the security module to perform one or more operations using the secure key; receiving, at the browser, second active content associated with a domain, the second active content, when executed, contacting the security module; performing, by the security module, an operation of the one or more operations using the secure key, the operation based at least in part on a characteristic of the second active content or the domain associated with the active content; and enabling the second active content to obtain a result of the operation from the security module and send a request using the result to a server to obtain content from the server upon authentication by the server that the result was produced using the secure key, without exposing the secure key to the second active content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, comprising:
-
receiving a set of security credentials via a link received a browser on a client device from an authentication server; receiving first active script at the browser, executing the first active script, wherein the first active script causes the set of security credentials, including at least a secure key encoded by a client token, to be stored in a security module associated with the browser, the security module having an interface enabling active content executing in the browser to cause the security module to perform one or more operations using the secure key; receiving second active content, wherein the second active content, when executed in the browser, contacts the security module to produce a result using the secure key, the result including the client token; performing, by the security module, an operation of the one or more operations using the secure key, the operation based at least in part on a characteristic of the second active content; enabling the active content executing in the browser to receive-the result of the operation from the security module, without exposing the secure key to the second active content; and sending, via the second active content, a request using the result to a server to obtain content upon authentication by the server that the result was produced using the secure key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computing device, comprising:
-
a device processor; a security module associated with a browser application on the computing device; and memory including instructions that, when executed by the device processor, cause the computing device to; receive a secure key via a link at a browser on a client device; receive first active content at the browser; execute the first active content, wherein the first active content causes the secure key to be stored in a security module associated with the browser, the security module having an interface enabling active content executing in the browser to cause the security module to perform one or more operations using the secure key; receive, at the browser, second active content, the second active content, when executed, contacting the security module to produce a result using the secure key; perform, by the security module, an operation of the one or more operations using the secure key, the operation based at least in part on a characteristic of the second active content; enable the second active content to receive the result of the operation without exposing the key to the active content; and sending, via the second active content, a request using the result to a server to obtain content upon authentication by the server that the result was produced using the secure key. - View Dependent Claims (19, 20)
-
Specification