Disposable browsers and authentication techniques for a secure online user environment

US 20110247045A1
Filed: 03/30/2011
Published: 10/06/2011
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A secure system for providing user interaction with online services, the user accessing the system through a local client machine, the system comprising:

a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;

a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;

a web analysis server, the web analysis server operable to communicate with service provider sites associated with the user;

a secure user date store comprising user attributes associated with the user for interacting with the user'"'"'s online service provider sites;

an application server comprising a secure browser application, the secure browser application operable to receive HTML commands from the third-party online service provider sites and to translate those HTML commands into an image protocol for transmission to the local client machine, whereby the local client machine is operable to display images representative of the accessed web pages without receiving the original HTML commands from the service provider sites.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

User PCs and other user computers can often be vulnerable to identity theft and other malicious computer attacks due to keyloggers, malware, phishing attacks, untrustworthy internet sites and the like. In particular, such user computers often store credentials on local memory and transmit credentials across the internet. Disclosed in the present application are systems and methods for implementing a secure service environment by which users can access online services without exposing their client machines directly to the internet or storing or transmitting their credentials or other attributes. Also disclosed are methods for authenticating users and validating downstream sites that the users visit and for securely and under stored policies maintaining user credentials and attributes.

188 Citations

19 Claims

1. A secure system for providing user interaction with online services, the user accessing the system through a local client machine, the system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
  
  a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;
  
  a web analysis server, the web analysis server operable to communicate with service provider sites associated with the user;
  
  a secure user date store comprising user attributes associated with the user for interacting with the user'"'"'s online service provider sites;
  
  an application server comprising a secure browser application, the secure browser application operable to receive HTML commands from the third-party online service provider sites and to translate those HTML commands into an image protocol for transmission to the local client machine, whereby the local client machine is operable to display images representative of the accessed web pages without receiving the original HTML commands from the service provider sites.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The secure system according to claim 1, further comprising:
    - a policy database memory comprising usage policies for multiple users;
      
      a policy portal server connected to the policy database and accessible by administrators to set security policies for one or more users of the system.
  - 3. The secure system according to claim 2, wherein the administrator is one of the one or more users, whereby the administrator is enabled to set his own user security policies.
  - 4. The secure system according to claim 2, wherein the administrator can set certain usage policies on behalf of individual user accounts or globally for multiple user.
  - 5. The secure system according to claim 1, wherein the web authentication server employs dynamic authentication procedures to authenticate users.
  - 6. The secure system according to claim 5, wherein the dynamic authentication procedures changes randomly, such as to avoid automated attacks.
  - 7. The secure system according to claim 5, wherein the dynamic authentication procedure changes in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system.
  - 8. The secure system according to claim 1, wherein the application server is further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the security of the secure system, thereby protecting user data from unauthorized access.
  - 9. The secure system according to claim 8, wherein the private user areas can be established and or disposed of at the end of user sessions to further protect the user data from unauthorized access.
  - 10. The secure system according to claim 9, wherein the private user areas comprise disposable browsers that perform the accessing of third-party online service provider sites.

11. A method for establishing a secure, remote user online session operating in a secure service environment, the process comprising:
- a) establishing an internet-based authentication process for authenticating a remote user access to the secure session through a remote user machine, the internet-based authentication process operating through a web-based communications protocol;
  
  b) receiving a user access request from the user'"'"'s remote machine through the web-based communications protocol;
  
  c) evaluating the environment around the user'"'"'s remote machine'"'"'s access request for initial indicia of user authenticity;
  
  d) establishing a remote client application on the remote client machine, the remote client application operable to communicate directly with the secure service environment through a secure protocol not employing the web-based protocol;
  
  e) establishing a user interface window on the remote client application, the user interface window, whereby the further interactions may be conducted with the user through the user interface window and not through the web-based communications protocol; and
  
  f) conducting an explicit user authentication process with the user through the user interface window.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further operable to store user credentials for third-party online service provider sites and to use those credentials to login to the third-party online service provider sites on behalf of users.
  - 13. The method of claim 12, further comprising resetting a user'"'"'s credentials with the third-party online service provider sites to provide further security of the user'"'"'s access to those sites.
  - 14. The method of claim 11, further operable to validate the safety of such third-party online service provider sites and to provide access to, deny access to, or provide information to users about those online service provider sites in accordance with usage policies stored in a policy database.
  - 15. The method of claim 11, further comprising establishing a secure disposable browser as the interface point to the remote client application, the secure disposable browser operable to interact with the online service provider sites from within the secure service environment and thereby isolate the remote client machine from direct interaction with the internet.
  - 16. The method of claim 15, wherein the secure disposable browser is instantiated within a secure user environment along with user personal information, and whereby such secure user environment may be deleted upon ending of a user session with the secure user environment.

17. A method for redirecting URL queries on a user machine to an online session operating in a secure service environment rather than through a user-machine-based web browser, the process comprising:
- a) establishing on the user machine a remote client application, the remote client application being a client to the secure service environment and operable to communicate directly with the secure service environment through a secure protocol not employing the user-machine-based web browser;
  
  b) establishing logical linkages in one or more applications running on the user machine whereby the remote client application receives URL queries submitted within those applications, thereby avoiding the transmission of web-based transactions from the user machine through the user-machine-based web browser;
  
  c) transmitting the URL query through the remote client application to an application server in the secure service environment, the application server to submit the URL query using a secure browser operating on the application server and to initiate a web session with the downstream third-party web server associated with the URL query, the application server further operable to translate HTML or other web commands sent to and received from the downstream third-party web server for further communications from and to the remote client application using the secure protocol.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein the logical linkages act to intercept URL inquiries from being handled by the user-machine-based web browsers and redirect such inquiries through the secure protocol to be submitted at the secure service environment by the secure browser.
  - 19. The method of claim 18 and further comprising instructing the user machine'"'"'s operating system to prevent or restrict the start-up of user-machine-based browsers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentic8, Inc.
Original Assignee
Authentic8, Inc.
Inventors
Rajagopal, Ramesh, Champion, Jason T., Nguyen, Perry F., Cox, Fredric L., Tosh, James K.

Granted Patent

US 8,776,169 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/313   using a call-back technique...

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

G06F 21/43   wireless channels

G06F 21/53   by executing in a restricte...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Disposable browsers and authentication techniques for a secure online user environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Disposable browsers and authentication techniques for a secure online user environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links