LOGIN AUTHENTICATION USING A TRUSTED DEVICE
First Claim
1. A computer-implemented process for allowing a user working on a client computer to remotely login to a server over a computer network, comprising using the client to perform the process actions of:
- establishing a first secure connection between the client and the server;
establishing communications with a trusted device which is in the user'"'"'s control via a communication channel between the trusted device and the client other than said network; and
facilitating the establishment of a second secure connection between the trusted device and the server through the client, wherein the second secure connection is tunneled within the first secure connection and is employed to remotely login to the server using the trusted device.
2 Assignments
0 Petitions
Accused Products
Abstract
A user working on a client computer is allowed to remotely login to a server over a computer network. A first secure connection is established between the client and the server. Communications with a trusted device which is in the user'"'"'s control is established via a communication channel between the trusted device and the client, where this channel is not part of the network. A second secure connection is established between the trusted device and the server through the client, where this second secure connection is tunneled within the first secure connection. The user remotely logs into the server over the second secure connection using the trusted device.
-
Citations
20 Claims
-
1. A computer-implemented process for allowing a user working on a client computer to remotely login to a server over a computer network, comprising using the client to perform the process actions of:
-
establishing a first secure connection between the client and the server; establishing communications with a trusted device which is in the user'"'"'s control via a communication channel between the trusted device and the client other than said network; and facilitating the establishment of a second secure connection between the trusted device and the server through the client, wherein the second secure connection is tunneled within the first secure connection and is employed to remotely login to the server using the trusted device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented process for allowing a user working on a client computer to remotely login to a server over a computer network, comprising using the server to perform the process actions of:
-
establishing a first secure connection between the server and the client; establishing a second secure connection between the server and a trusted device through the client, wherein, the trusted device is in the user'"'"'s control and communicates with the client via a communication channel between the trusted device and the client other than said network, and the second secure connection is tunneled within the first secure connection; and facilitating the user'"'"'s remote login over the second secure connection to the server using the trusted device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented process for allowing a user working on a client computer comprising a web browser to remotely login to a server over a computer network, comprising using the client to perform the process actions of:
-
establishing a first secure connection between the client and the server, said establishment comprising actions of, receiving a digital certificate which identifies the server and specifies a public key for the server, using the digital certificate to verify the authenticity of the server, and whenever the server is determined to be unauthentic, disabling the first secure connection; prompting the user to choose between a plurality of different methods for remotely logging into the server via a user interface of the client; and whenever the user chooses to remotely login to the server using a trusted device which is in the user'"'"'s control, wherein the trusted device communicates with the client via a communication channel there-between other than said network, pairing the client'"'"'s browser to the trusted device, facilitating the establishment of a second secure connection between the trusted device and the server through the client, wherein the second secure connection is tunneled within the first secure connection, said facilitation comprising actions of, transmitting the digital certificate over the communication channel to the trusted device, upon the trusted device using the digital certificate to verify the authenticity of the server and the trusted device subsequently generating a random number-based second session key which the trusted device encrypts with the public key, receiving a server authentication result message over the communication channel from the trusted device, said message comprising the encrypted second session key, whenever said message specifies that the server was determined to be unauthentic, disabling the second secure connection, and whenever said message specifies that the server was determined to be authentic, transmitting the encrypted second session key over the first secure connection to the server, and verifying the trusted device'"'"'s pairing to the client'"'"'s browser, said verification comprising actions of, receiving a first random number over the first secure connection from the server, displaying the first random number to the user via the user interface of the client along with a prompt for the user to visually compare said displayed number to a second random number which is displayed to the user via a user interface of the trusted device, and upon the user'"'"'s entry into the user interface of the client of their comparison result, transmitting a comparison result message over the first secure connection to the server, and transmitting said message over the communication channel to the trusted device, wherein said message specifies whether or not the first random number matches the second random number, and upon receipt of said message by the trusted device said message is displayed to the user via the user interface of the trusted device.
-
Specification