System and Method for Securing Software Applications
First Claim
1. A computer network system for securing user communication with a software application comprising:
- a) a digital credential comprising at least one user cryptographic key that is unique to an authorized user of a software application;
b) an access client installed on a computing device, said client having access to the cryptographic key stored on said digital credential and capable of using said cryptographic key to encrypt at least a portion of a communication intended for the application and capable of decrypting an encrypted portion of a received communication intended for the user;
c) a secure access server in digital communication with the access client, said server having access to stored cryptographic keys and capable of using the stored keys to decrypt communication from the client and encrypt communication to the client; and
d) an application server comprising the software application, said application server in digital communication with said secure server;
wherein, all communication between the user and the software application passes from the access client to the secure access server and then to the application server, and wherein the communication between the access client and the secure server is encrypted.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for securing software applications installed on a computer network is disclosed. An authorized user is provided a digital credential and loads a secure access client onto a computerized device that can be connected to the network. The secure access client communicates with a secure access server within the network to authenticate the user and determine which applications the user is allowed to access. When the user sends a communication intended for a secured application, the secure access client intercepts the communication and uses cryptographic keys from the digital credential to encrypt and digitally sign the communication. The secure access server has access to cryptographic keys corresponding to those on the digital credential and is able to decrypt the communication and verify the digital credential. The decrypted message is then sent to an application server hosting the secured application.
-
Citations
36 Claims
-
1. A computer network system for securing user communication with a software application comprising:
-
a) a digital credential comprising at least one user cryptographic key that is unique to an authorized user of a software application; b) an access client installed on a computing device, said client having access to the cryptographic key stored on said digital credential and capable of using said cryptographic key to encrypt at least a portion of a communication intended for the application and capable of decrypting an encrypted portion of a received communication intended for the user; c) a secure access server in digital communication with the access client, said server having access to stored cryptographic keys and capable of using the stored keys to decrypt communication from the client and encrypt communication to the client; and d) an application server comprising the software application, said application server in digital communication with said secure server; wherein, all communication between the user and the software application passes from the access client to the secure access server and then to the application server, and wherein the communication between the access client and the secure server is encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer network system for securing user communication with a software application comprising:
-
a) a user digital credential comprising at least one user cryptographic key that is unique to an authorized user of a software application; b) a user access client installed on a computing device, said user access client having access to the cryptographic key stored on said user digital credential and capable of using said cryptographic key to encrypt at least a portion of a communication intended for the application and capable of decrypting an encrypted portion of a received communication intended for the user; c) a secure access server in digital communication with the user access client, said server having access to stored cryptographic keys and capable of using the stored keys to decrypt the encrypted portion of a communication from the user access client and encrypt at least a portion of a communication to the client, and capable of encrypting of using the stored keys to encrypt at least a portion of a communication intended for the application and to decrypt the an encrypted portion of a communication from the application; and d) an application server in digital communication with the secure access server, said application server comprising the software application, an application digital credential including at least one cryptographic key, and an application access client having access to the cryptographic key stored on the application digital credential and capable of using said cryptographic key to decrypt the encrypted portion of a communication from the secure access server and to encrypt at least a portion of a communication to the secure access server; wherein, all communication between the user and the software application passes through the secure access server, and wherein the communication between the user access client and the secure access server is encrypted, and communication between the secure access sever and the application access client is encrypted. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for securing user communication with a software application comprising:
-
a) providing a digital credential comprising at least one user cryptographic key that is unique to an authorized user of the software application; b) a first encryption step in which an access client installed on a computing device and having access to the cryptographic key stored on said digital credential uses the cryptographic key to encrypt at least a portion of a communication input by the user and intended for a software application; c) a first sending step in which the encrypted user communication is sent to a secure access server; d) a first decryption step in which the secure access server utilizes at least one stored cryptographic key to decrypt the encrypted portion of the user communication; e) a second sending step in which the decrypted user communication is sent to an application server comprising the software application; f) a response step in which the application prepares a new communication responsive to the communication it received from the user; g) a third sending step in which the application communication in response to the user communication is sent by the application server to the secure server; h) a second encryption step in which the secure server utilizes at least one stored cryptographic key to encrypt at least a portion of the application communication; i) a fourth sending step in which the encrypted application communication is sent to the access client; and j) a second decryption step in which the access client uses the user cryptographic key to decrypt the encrypted portion of the application communication. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for securing user communication with a software application comprising:
-
a) providing a digital credential comprising at least one user cryptographic key that is unique to an authorized user of a software application; b) a first encryption step in which a user access client installed on a computing device and having access to the cryptographic key stored on said digital credential uses the cryptographic key to encrypt at least a portion of a communication input by a user and intended for the software application; c) a first sending step in which the encrypted user communication is sent to a secure access server; d) a first decryption step in which the secure access server utilizes at least one stored cryptographic key to decrypt the encrypted portion of the user communication; e) a second encryption step in which the secure server utilizes at least one stored cryptographic key to re-encrypt at least a portion of the user communication; f) a second sending step in which the re-encrypted user communication is sent to an application server comprising the software application; g) a second decryption step in which an application client installed on the application server uses at least one stored cryptographic key to decrypts the re-encrypted user communication; h) a response step in which the application prepares a new communication intended for the user; i) a third encryption step in which the application access client uses a stored cryptographic key to encrypt at least a portion of the application communication; j) a third sending step in which the encrypted application communication is sent from the application access client to the secure access server; k) a third decryption step in which the secure access server utilizes at least one stored cryptographic key to decrypt the encrypted portion of the application communication; l) a fourth encryption step in which the secure server utilizes at least one stored cryptographic key to re-encrypt at least a portion of the application communication; m) a fourth sending step in which the encrypted application communication is sent to the user access client; and n) a fourth decryption step in which the user access client uses the user cryptographic key to decrypt the encrypted portion of the application communication. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A method of authenticating and securing user communication with a computer network comprising:
-
(a) providing a user digital credential comprising at least two cryptographic keys, at least one of which is unique to the user; (b) providing an access client installed on a computing device in digital communication with the computer network, said access client capable of using cryptographic keys to encrypt and digitally sign a communication intended for the computer network such that said communication may be decrypted and authenticated by the computer network; (c) providing the access client with the location of the digital credential so that the access client may access the cryptographic keys of the digital credential to encrypt and digitally sign a communication intended for the computer network. - View Dependent Claims (33, 34, 35, 36)
-
Specification