Secure web container for a secure online user environment

US 10,581,920 B2
Filed: 07/16/2018
Issued: 03/03/2020
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A secure system for providing a secure online environment for interacting with downstream sites using web-based applications, the system comprising:

a client device interface comprising a secure channel operable to communicate with a user client device through an image protocol, wherein commands from a downstream site are not passed from the downstream site to the user client device;

a policy database operable to store policies for user access to and interaction with the downstream site, the policy database comprising policy information;

a policy portal in communication with the policy database, the policy portal operable to provide access to an administrator for configuring the policies for user access to and interaction with the downstream site;

an authenticated service device in communication with the client device interface and the policy database, wherein the authenticated service device is operable to access and interact with the downstream site at the user client device and the authenticated service device further comprises a secure environment and a secure web container within the secure environment; and

a secure data store in communication with the authenticated service device, the secure data store operable to store user credentials for accessing and interacting with the downstream site in accordance with the policies stored in the policy database,wherein the authenticated service device is operable to authenticate to the downstream site based on the user credentials, and provide, using the image protocol and via the client device interface, content associated with the downstream site to the user client device, and wherein the user credentials are not transmitted directly from the user client device to the downstream site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party'"'"'s application at a user'"'"'s machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party'"'"'s online services.

Citations

20 Claims

1. A secure system for providing a secure online environment for interacting with downstream sites using web-based applications, the system comprising:
- a client device interface comprising a secure channel operable to communicate with a user client device through an image protocol, wherein commands from a downstream site are not passed from the downstream site to the user client device;
  
  a policy database operable to store policies for user access to and interaction with the downstream site, the policy database comprising policy information;
  
  a policy portal in communication with the policy database, the policy portal operable to provide access to an administrator for configuring the policies for user access to and interaction with the downstream site;
  
  an authenticated service device in communication with the client device interface and the policy database, wherein the authenticated service device is operable to access and interact with the downstream site at the user client device and the authenticated service device further comprises a secure environment and a secure web container within the secure environment; and
  
  a secure data store in communication with the authenticated service device, the secure data store operable to store user credentials for accessing and interacting with the downstream site in accordance with the policies stored in the policy database,wherein the authenticated service device is operable to authenticate to the downstream site based on the user credentials, and provide, using the image protocol and via the client device interface, content associated with the downstream site to the user client device, and wherein the user credentials are not transmitted directly from the user client device to the downstream site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the policy database further comprises policies stored within the policy database that allow for behavioral rules to define user access to and interaction with the downstream site.
  - 3. The system of claim 1, wherein the user credentials are fetched from within the secure environment, such that automatic downstream site logins are provided without transmitting the user credentials to the user client device.
  - 4. The system of claim 1, further comprising creating a session ID, wherein the session ID is assigned in a session database and wherein the session ID is associated with the user.
  - 5. The system of claim 4, wherein the session database validates the session ID, wherein, based on the validation of the session ID, a session is launched, wherein the session connects to the secure environment.
  - 6. The system of claim 5, wherein the session is rendered by a thin client process.
  - 7. The system of claim 6, further comprising a data translation server, wherein the thin client process decrypts and renders data received by the data translation server.
  - 8. The system of claim 1, further comprising disposing the secure web container within the secure environment thereby protecting user data from unauthorized access.
  - 9. The system of claim 2, wherein the policies further comprise first behavioral rules that are defined and applied as global policies.
  - 10. The system of claim 3, wherein the policies further comprise second behavioral rules that are defined and applied on a per-downstream website basis, such that the policies comprising the second behavioral rules are specific to at least one of the following:
    - a particular website account and a destination site.

11. A method for providing a secure online environment for interacting with downstream sites using web-based applications, the method comprising the steps of:
- providing a client device interface comprising a secure channel operable to communicate with a user client device through an image protocol, wherein commands from a downstream site are not passed from the downstream site to the user client device;
  
  providing a policy database operable to store policies for user access to and interaction with the downstream site, the policy database comprising policy information;
  
  providing a policy portal in communication with the policy database, the policy portal operable to provide access to an administrator for configuring the policies for user access to and interaction with the downstream site;
  
  providing an authenticated service device in communication with the client device interface and the policy database, wherein the authenticated service device is operable to access and interact with the downstream site at the user client device and the authenticated service device further comprises a secure environment and a secure web container within the secure environment; and
  
  providing a secure data store in communication with the authenticated service device, the secure data store operable to store user credentials for accessing and interacting with the downstream site in accordance with the policies stored in the policy database,wherein the authenticated service device is operable to authenticate to the downstream site based on the user credentials, and provide, using the image protocol and via the client device interface, content associated with the downstream site to the user client device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the policy database further comprises policies stored within the policy database that allow for behavioral rules to define user access to and interaction with the downstream site.
  - 13. The method of claim 11, wherein the user credentials are fetched from within the secure environment, such that automatic downstream site logins are provided without transmitting the user credentials to the user client device.
  - 14. The method of claim 11, further comprising creating a session ID, wherein the session ID is assigned in a session database and wherein the session ID is associated with a user.
  - 15. The method of claim 14, wherein the session database validates the session ID, wherein, based on the validation of the session ID, a session is launched, wherein the session connects to the secure environment.
  - 16. The method of claim 15, wherein the session is rendered by a thin client process.
  - 17. The method of claim 16, further comprising a data translation server, wherein the thin client process decrypts and renders data received by the data translation server.
  - 18. The method of claim 11, further comprising disposing the secure web container within the secure environment thereby protecting user data from unauthorized access.
  - 19. The method of claim 12, wherein the policies further comprise first behavioral rules that are defined and applied as global policies.
  - 20. The method of claim 13, wherein the policies further comprise second behavioral rules that are defined and applied on a per-downstream website basis, such that the policies comprising the second behavioral rules are specific to a particular website account or a destination site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentic8, Inc.
Original Assignee
Authentic8, Inc.
Inventors
Rajagopal, Ramesh, Petry, Scott M., Tosh, James K., Lund, Peter K., Cox, Fredric L., Moore, Adam P.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Mejia, Feliciano S

Application Number

US16/036,813
Publication Number

US 20180332080A1
Time in Patent Office

596 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Secure web container for a secure online user environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure web container for a secure online user environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links