Disposable browsers and authentication techniques for a secure online user environment
First Claim
1. A secure system for providing user interaction with online services, the user accessing the system through a local client machine, the system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;
a web analysis server, the web analysis server operable to communicate with service provider sites associated with the user;
a secure user date store comprising user attributes associated with the user for interacting with the user'"'"'s online service provider sites;
an application server comprising a secure browser application, the secure browser application operable to receive HTML commands from the third-party online service provider sites and to translate those HTML commands into an image protocol for transmission to the local client machine, whereby the local client machine is operable to display images representative of the accessed web pages without receiving the original HTML commands from the service provider sites.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.
User PCs and other user computers can often be vulnerable to identity theft and other malicious computer attacks due to keyloggers, malware, phishing attacks, untrustworthy internet sites and the like. In particular, such user computers often store credentials on local memory and transmit credentials across the internet. Disclosed in the present application are systems and methods for implementing a secure service environment by which users can access online services without exposing their client machines directly to the internet or storing or transmitting their credentials or other attributes. Also disclosed are methods for authenticating users and validating downstream sites that the users visit and for securely and under stored policies maintaining user credentials and attributes.
188 Citations
19 Claims
-
1. A secure system for providing user interaction with online services, the user accessing the system through a local client machine, the system comprising:
-
a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication; a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory; a web analysis server, the web analysis server operable to communicate with service provider sites associated with the user; a secure user date store comprising user attributes associated with the user for interacting with the user'"'"'s online service provider sites; an application server comprising a secure browser application, the secure browser application operable to receive HTML commands from the third-party online service provider sites and to translate those HTML commands into an image protocol for transmission to the local client machine, whereby the local client machine is operable to display images representative of the accessed web pages without receiving the original HTML commands from the service provider sites. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for establishing a secure, remote user online session operating in a secure service environment, the process comprising:
-
a) establishing an internet-based authentication process for authenticating a remote user access to the secure session through a remote user machine, the internet-based authentication process operating through a web-based communications protocol; b) receiving a user access request from the user'"'"'s remote machine through the web-based communications protocol; c) evaluating the environment around the user'"'"'s remote machine'"'"'s access request for initial indicia of user authenticity; d) establishing a remote client application on the remote client machine, the remote client application operable to communicate directly with the secure service environment through a secure protocol not employing the web-based protocol; e) establishing a user interface window on the remote client application, the user interface window, whereby the further interactions may be conducted with the user through the user interface window and not through the web-based communications protocol; and f) conducting an explicit user authentication process with the user through the user interface window. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for redirecting URL queries on a user machine to an online session operating in a secure service environment rather than through a user-machine-based web browser, the process comprising:
-
a) establishing on the user machine a remote client application, the remote client application being a client to the secure service environment and operable to communicate directly with the secure service environment through a secure protocol not employing the user-machine-based web browser; b) establishing logical linkages in one or more applications running on the user machine whereby the remote client application receives URL queries submitted within those applications, thereby avoiding the transmission of web-based transactions from the user machine through the user-machine-based web browser; c) transmitting the URL query through the remote client application to an application server in the secure service environment, the application server to submit the URL query using a secure browser operating on the application server and to initiate a web session with the downstream third-party web server associated with the URL query, the application server further operable to translate HTML or other web commands sent to and received from the downstream third-party web server for further communications from and to the remote client application using the secure protocol. - View Dependent Claims (18, 19)
-
Specification