Method for secure delegation of trust from a security device to a host computer application for enabling secure access to a resource on the web

US 20070056025A1
Filed: 09/02/2005
Published: 03/08/2007
Est. Priority Date: 09/02/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user on a host computer to a web server, comprising:

establishing a security context by the web server; and

transferring the security context from the web server to a trusted network security device; and

delegating the security context to a browser plug-in on a host computer by;

establishing a secure channel of communication between the network security device and the browser plug-in on a host computer; and

authenticating the network security device by the browser plug-in on the host computer; and

in response the network security device authenticating the user on the host computer; and

establishing trust between the plug-in on the host computer and the network security device; and

transferring the security context securely from the network security device to the host computer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure authentication of a user on a host computer to a web server including a security device acquiring trust or a security context from the web server. The security device is operable of providing an X.509 certificate to a browser plug-in on the host computer. The browser plug-in on the host computer performing authentication of the security device and in response providing user credentials to the security device. The security device performing authentication of the user and requests a security context from the web server. In response, the web server provides a security context to the security device. The security device delegates the web server trust by transmitting the context to the host computer and enabling the user to securely access resources on the web server.

47 Citations

View as Search Results

19 Claims

1. A method for authenticating a user on a host computer to a web server, comprising:
- establishing a security context by the web server; and
  
  transferring the security context from the web server to a trusted network security device; and
  
  delegating the security context to a browser plug-in on a host computer by;
  
  establishing a secure channel of communication between the network security device and the browser plug-in on a host computer; and
  
  authenticating the network security device by the browser plug-in on the host computer; and
  
  in response the network security device authenticating the user on the host computer; and
  
  establishing trust between the plug-in on the host computer and the network security device; and
  
  transferring the security context securely from the network security device to the host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method for authenticating a user on a host computer to a web server of claim 1 wherein the security context is a SAML Assertion.
  - 3. The method for authenticating a user on a host computer to a web server of claim 1 wherein the network security device is a smart card.
  - 4. The method for authenticating a user on a host computer to a web server of claim 3 wherein the network smart card comprising secure communication with other computers on the network using standard mainstream network communication protocols like TCP/IP and SSL/TLS.
  - 5. The method for authenticating a user on a host computer to a web server of claim 1 wherein the network smart card comprises:
    - storing a manufacturer issued X.509 certificate and the X.509 certificate is signed by a trusted Certificate Authority.
  - 6. The method for authenticating a user on a host computer to a web server of claim 1 wherein the browser plug-in on the host computer comprises:
    - requesting the manufacturer issued X.509 certificate from the network smart card; and
      
      in response authenticating the network smart card; and
      
      sending the user credentials to the network smart card.
  - 7. The method for authenticating a user on a host computer to a web server of claim 6 wherein the network smart card comprises:
    - receiving the user credential from the browser plug-in on the host computer; and
      
      authenticating the user on the host computer; and
      
      establishing trust between the network smart card and the browser plug-in; and
      
      delegating security context by transferring the security context to the plug-in on the host computer; and
      
      authenticating the user on the host computer to the web server.
  - 8. The method for authenticating a user on a host computer to a web server of claim 7 wherein the browser plug-in on the host computer comprises:
    - receiving the delegated security context from the network smart card and;
      
      establishing trust between the user on the host computer and the web server by using the security context; and
      
      enabling the user on the host computer to access resources on the web server.
  - 9. The method for authenticating a user on a host computer to a web server of claim 3 wherein the network security device is a smart card and the smart card is a slave device of the host computer.
  - 10. The method for authenticating a user on a host computer to a web server of claim 9 wherein the smart card comprises:
    - establishing network connection to other computers on the network via the host computer; and
      
      acquiring security context from the web server; and
      
      delegating security context to the browser plug-in on the host computer; and
      
      enabling user on the host computer to access resources on the web server.
  - 11. The method for authenticating a user on a host computer to a web server of claim 3 wherein network security device is a smart card and the smart card providing network connection between the host computer and the web server.
  - 12. The method for authenticating a user on a host computer to a web server of claim 11 wherein the smart card comprises:
    - establishing network connection to the web server; and
      
      acquiring security context from the web server; and
      
      delegating security context to the browser plug-in on the host computer; and
      
      enabling user on the host computer to access resources on the web server.

13. A method for authenticating a user on a host computer to a web server, comprising:
- establishing a security context by the web server; and
  
  transferring the security context from the web server to a security device; and
  
  delegating the security context to a browser plug-in on a host computer by;
  
  establishing a secure channel of communication between the security device and the browser plug-in on a host computer; and
  
  authenticating the security device by the browser plug-in on the host computer; and
  
  in response the security device authenticating the user on the host computer; and
  
  establishing trust between the plug-in on the host computer and the security device; and
  
  transferring the security context securely from the security device to the host computer.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method for authenticating a user on a host computer to a web server of claim 13 wherein the security context is a SAML Assertion.
  - 15. The method for authenticating a user on a host computer to a web server of claim 13 wherein the security device is a conventional smart card.
  - 16. The method for authenticating a user on a host computer to a web server of claim 13 wherein the smart card comprises:
    - storing a manufacturer issued X.509 certificate and the X.509 certificate is signed by a trusted Certificate Authority.
  - 17. The method for authenticating a user on a host computer to a web server of claim 13 wherein the browser plug-in on the host computer comprises:
    - requesting the manufacturer issued X.509 certificate from the smart card; and
      
      in response authenticating the smart card; and
      
      sending the user credentials to the smart card.
  - 18. The method for authenticating a user on a host computer to a web server of claim 17 wherein the smart card comprises:
    - receiving the user credential from the browser plug-in on the host computer; and
      
      authenticating the user on the host computer; and
      
      establishing trust between the smart card and the browser plug-in; and
      
      delegating security context by transferring the security context to the plug-in on the host computer; and
      
      authenticating the user on the host computer to the web server.
  - 19. The method for authenticating a user on a host computer to a web server of claim 18 wherein the browser plug-in on the host computer comprising:
    - receiving the delegated security context from the smart card and;
      
      establishing trust between the user on the host computer and the web server by using the security context; and
      
      enabling the user on the host computer to access resources on the web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apostol Vassilev, Kapil Sachdeva
Original Assignee
Apostol Vassilev, Kapil Sachdeva
Inventors
Sachdeva, Kapil, Vassilev, Apostol

Granted Patent

US 7,565,536 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Method for secure delegation of trust from a security device to a host computer application for enabling secure access to a resource on the web

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure delegation of trust from a security device to a host computer application for enabling secure access to a resource on the web

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links