System and method for providing trusted browser verification
First Claim
1. A method of verifying the trustworthiness of a browser, comprising:
- transmitting an electronic document requiring signature from a first user computer to a second user computer;
electronically signing the electronic document at the second user computer to create a first digital signature;
including as an attribute of the first digital signature a second digital signature, the second digital signature verifying the authenticity of one or more components running in an environment of the browser on the second user computer;
transmitting the signed electronic document from the second user computer to the first user computer;
authenticating the second digital signature.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing trusted browser verification service are disclosed. In a preferred embodiment, these services are provided within the context of a four-corner trust model comprising a subscribing customer and a relying customer, engaged in an on-line transaction. The subscribing and relying customers are preferably customers of first and second financial institutions, respectively, that issue to them hardware tokens for their respective private keys and digital certificates. The buyer is preferably provided with a Web browser to conduct electronic transactions. A distinct-trusted verifier or other entity ensures in a verifiable manner that the browser used by the subscribing customer does not contain any code that is not trusted by verifying the digital signatures on each running browser component of the subscribing customer'"'"'s browser and ensuring that the signature was applied by an entity that is authorized to certify the trustworthiness of the component. In addition, the trusted verifier may compare a hash of the running browser components to known-good hashes for those components.
47 Citations
86 Claims
-
1. A method of verifying the trustworthiness of a browser, comprising:
-
transmitting an electronic document requiring signature from a first user computer to a second user computer;
electronically signing the electronic document at the second user computer to create a first digital signature;
including as an attribute of the first digital signature a second digital signature, the second digital signature verifying the authenticity of one or more components running in an environment of the browser on the second user computer;
transmitting the signed electronic document from the second user computer to the first user computer;
authenticating the second digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
18. A method of verifying the trustworthiness of a browser comprising:
-
creating a first set of hashes, the first set of hashes comprising a hash of the browser at a first point in time, the first set of hashes being a known-good set of hashes;
determining the status of the browser by;
creating a second set of hashes, the second set of hashes comprising a hash of the browser at a second point in time;
verifying the second set of hashes to ensure that each hash was created by a trusted source; and
comparing the first set of hashes to the second set of hashes.
-
-
35. A system for providing trusted browser verification comprising:
-
a trusted verifier;
means for maintaining by the trusted verifier a first set of hashes, the first set of hashes comprising a hash of a browser, the first set of hashes being a known-good set of hashes;
means for receiving by the trusted verifier a browser status request, the browser status request including a second set of hashes, the second set of hashes comprising a second hash of the browser;
means for verifying by the trusted verifier that each hash in the second set of hashes was created by a trusted source; and
means for determining by the trusted verifier the status of the browser based on the first set of hashes and the second set of hashes.
-
-
50. In a system comprising a root entity, a first participant, a second participant, a first customer of the first participant, a second customer of the second participant, a method for verifying the trustworthiness of a browser in possession of the first customer comprising:
-
a) maintaining at a trusted verifier a first set of hashes, the first set of hashes comprising a first hash of the first customer'"'"'s browser;
b) generating by the first customer a second set of hashes, the second set of hashes comprising a second hash of the first customer'"'"'s browser;
c) transmitting by the first customer the second set of hashes to the second customer;
d) generating by the second customer a browser status request, the browser status request including the second set of hashes;
e) transmitting by the second customer the browser status request to the second participant;
f) forwarding by the second participant the browser status request to the trusted verifier;
g) determining by the trusted verifier a status of the first customer'"'"'s browser;
h) generating by the trusted verifier a browser status response;
i) forwarding by the trusted verifier the browser status response to the second participant; and
j) transmitting by the second participant the browser status response to the second customer. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
-
-
68. A system for verifying the trustworthiness of a browser in possession of a first customer comprising:
-
a root entity;
a first participant;
a second participant;
the first customer of the first participant;
a second customer of the second participant;
means for maintaining at a trusted verifier a first set of hashes, the first set of hashes comprising a first hash of the first customer'"'"'s browser;
means for generating by the first customer a second set of hashes, the second set of hashes comprising a second hash of the first customer'"'"'s browser;
means for transmitting by the first customer the second set of hashes to the second customer;
means for generating by the second customer a browser status request, the browser status request including the second set of hashes;
means for transmitting by the second customer the browser status request to the second participant;
means for forwarding by the second participant the browser status request to the trusted verifier;
means for determining by the trusted verifier a status of the first customer'"'"'s browser;
means for generating by the trusted verifier a browser status response;
means for forwarding by the trusted verifier the browser status response to the second participant; and
means for transmitting by the second participant the browser status response to the second customer.
-
Specification