Dynamic Web Services Systems and Method For Use of Personal Trusted Devices and Identity Tokens

US 20070300057A1
Filed: 05/17/2007
Published: 12/27/2007
Est. Priority Date: 05/19/2006
Status: Active Grant

First Claim

Patent Images

1. A server for interacting with a network of client computing devices, said server comprising:

a client framework module adapted to receive service requests from a client computing device and determining the configuration of the client computing device;

a client agent dispatcher adapted to send an identifying module adapted to interact with an identifying device on the client computing device; and

an authentication module for verifying an individual on the client computing device based on communications with the identifying module.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention involves one or more computers that provide software controls to enable a web application to interface with a personal trusted device. The server side of the computer system comprises: a server-based framework process; a device for receiving requests from the client computer and determining which software controls to send in response; and a device for digitally signing and encrypting the software controls before sending them to the client computer so that their authenticity can be verified. The client side of the computer system comprises: a client web browser that runs on a computer; a device for transmitting requests to the server computer and for receiving responses from those requests; a device for decrypting software controls so that the authenticity of their digital signature can be verified; and a connection to one or more personal trusted devices. An authentication proxy may be used to mutually authenticate a client user and server process using personal trusted devices.

85 Citations

View as Search Results

20 Claims

1. A server for interacting with a network of client computing devices, said server comprising:
- a client framework module adapted to receive service requests from a client computing device and determining the configuration of the client computing device;
  
  a client agent dispatcher adapted to send an identifying module adapted to interact with an identifying device on the client computing device; and
  
  an authentication module for verifying an individual on the client computing device based on communications with the identifying module.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server of claim 1 further comprising an encryption device for encrypting data before sending it to the client computing device.
  - 3. The server of claim 1 wherein the client computing device is one of a personal computer connected to a communications network;
    - a telephone;
      
      a user key fob;
      
      or other wired or wireless computing device that is able to access a server.
  - 4. The server of claim 1 wherein the identifying device is one of a biometric device, a smart card, or other identity verification device.
  - 5. The server of claim 1 further comprising software for communicating using secure socket layer communication.
  - 6. The server of claim 1 further comprising proxy agent dispatcher adapted to send a proxy agent module adapted to interact with said identifying module.

7. A computing device for interacting with a network of computing devices, said computing device comprising:
- a client browser adapted to run on the computing device;
  
  a service request module adapted to send server request messages over the network and to receive responses to the requests; and
  
  a token discovery module adapted to ascertain the presence of identifying hardware or software and provide configuration information to the service request module.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computing device of claim 7 further comprising a decryption device for decrypting data received by computing device.
  - 9. The computing device of claim 7 wherein the computing device is one of a personal computer connected to a communications network;
    - a web-enabled cell phone;
      
      a web-enabled PDA;
      
      or other wired or wireless computing device that is able to access a server.
  - 10. The computing device of claim 7 wherein the identifying device is one of a biometric device, a smart card, or other identity verification device.
  - 11. The computing device of claim 7 further comprising software for communicating using secure socket layer communication.
  - 12. The computing device of claim 7 further comprising a proxy module for interacting between said service request module and an external server.

13. A method for authenticating a user for a secure application over a communications network comprising the steps of:
- receiving information relating to an identifying device on the computing device;
  
  sending an identifying module adapted to interface with the identifying device to the computing device; and
  
  authenticating a transaction with information from the identifying module and the identifying device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the step of authenticating is configured to operate with one of a personal computer connected to a communications network;
    - a web-enabled cell phone;
      
      a web-enabled PDA;
      
      or other wired or wireless computing device that is able to access a server.
  - 15. The method of claim 13 wherein the authenticating step is performed with an identifying device that is one of a biometric device, a smart card, or other identity verification device.
  - 16. The method of claim 13 wherein the secure application and the computing device communicate using secure socket layer communication.
  - 17. The method of claim 13 further comprising the step of sending a proxy module to the computing device wherein the proxy module is configured to broker legacy authentication methods.
  - 18. The method of claim 17 further comprising the step of using a diversified key with the proxy module to authenticate a user of the computing device.
  - 19. The method of claim 13 further comprising the step of storing transaction information relating to the identifying module.
  - 20. The method of claim 13 wherein the step of authenticating includes the step of determining the trusted status of the secure application by the identifying module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Identity Alliance
Inventors
Osgood, Christopher, Corcoran, David

Granted Patent

US 8,364,968 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/154
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Dynamic Web Services Systems and Method For Use of Personal Trusted Devices and Identity Tokens

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic Web Services Systems and Method For Use of Personal Trusted Devices and Identity Tokens

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links