Authentication of untrusted gateway without disclosure of private information
First Claim
1. A method for authorizing use of a server without providing the server with sensitive information, said method comprising:
- establishing a secure authorization link between a user interface and a remote authorization server utilizing a user interface web browser, the authorization link passing through a local server and being unreadable by the local server;
sending user authorization data from the user interface to the authorization server, via the authorization link, utilizing the user interface web browser;
returning a redirected validation message from the authorization server to the user interface, via the authorization link; and
establishing a local link between the user interface and the local server based on data included in the redirected validation message, the local link established utilizing the user interface web browser.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method provides user authorization for use of a server without providing the server with sensitive user information. A secure authorization link is established between a user interface and a remote authentication server. The authorization link passes through a local server while being unreadable by the local server. User authorization data is sent from the user interface to the authorization server, via the authorization link. The authorization server then returns a redirected validation message to the user interface, via the authorization link. A local link is established between the user interface and the local server based on data included in the redirected validation message. All communication between the user interface, the local server and authorization server is performed utilizing the user interface web browser. Thus, authorization for use of services controlled by the local server is accomplished without the need to load specialized software on the user interface for establishing such links and performing such communications.
31 Citations
39 Claims
-
1. A method for authorizing use of a server without providing the server with sensitive information, said method comprising:
-
establishing a secure authorization link between a user interface and a remote authorization server utilizing a user interface web browser, the authorization link passing through a local server and being unreadable by the local server;
sending user authorization data from the user interface to the authorization server, via the authorization link, utilizing the user interface web browser;
returning a redirected validation message from the authorization server to the user interface, via the authorization link; and
establishing a local link between the user interface and the local server based on data included in the redirected validation message, the local link established utilizing the user interface web browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A communication system comprising:
-
a connection port adapted to provide a connection for a user interface;
a remote authorization server; and
a local server including a local processor and a local storage device having local server (LS) software stored thereon executable by the local processor, wherein the local processor is configured to;
execute the LS software to send a login notification from the local server to the user interface when the user interface is communicatively connected to the connection port, wherein the login notification is utilized by a user to request access to a service controlled by the local server;
execute the LS software to establish a secure authorization link between the user interface and the authorization server in response to user request, wherein the authorization link is established utilizing a user interface web browser absent other specialize specialized software stored in the user interface for establishing the authorization link, the authorization link passing through a local server and being unreadable by the local server;
execute the LS software to verify a redirected validation message sent by the authorization server, the redirected validation message containing authorization data and verified utilizing a public key of the authorization server; and
execute the LS software to establish a local link between the user interface and the local server according to the authorization data, the link established utilizing the user interface web browser absent other specialized software stored in the user interface for establishing the local link. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method for authorizing use of a service controlled by an onboard server of an aircraft without disclosing confidential information to the onboard server, said method comprising:
-
sending a login notification from a onboard server to a user interface, the login notification utilized by a user to request access to the service controlled by onboard server;
establishing a secure authorization link between the user interface and a ground based server, the authorization link being established utilizing a user interface web browser absent other specialized software stored in the user interface for establishing the authorization link, the authorization link passing through the onboard server and being unreadable by the onboard server;
sending user authorization data from the user interface to the ground based server via the authorization link utilizing the user interface web browser absent other specialized software stored in the user interface for establishing the authorization link;
validating the user authorization data utilizing the ground based server;
returning a redirected validation message including authorization and authorized service related data from the ground based server to the user interface, via the authorization link;
forwarding the redirected validation message from the user interface to the onboard server utilizing the user interface web browser absent other specialized software stored in the user interface for communicating with the onboard server;
verifying the redirected validation message is valid utilizing a public key of the ground based server; and
establishing a local link between the user interface and the onboard server utilizing the user interface web browser absent other specialized software stored in the user interface for communicating with the onboard server. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
Specification