Secure Network Computing

US 20140230013A1
Filed: 04/17/2014
Published: 08/14/2014
Est. Priority Date: 10/22/2008
Status: Active Grant

First Claim

Patent Images

1. A host based security system for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the system comprising:

a credential host being in communication with the network and having the user credentials of the user of the local computer stored thereat, wherein the credential host intercepts a request transmitted onto the network by the local computer to connect securely to the destination site and further wherein the credential host in response to intercepting the request transmits the user credentials onto the network;

wherein the destination site upon receipt of the user credentials executes the credential authentication policy with the received user credentials and further wherein in the event the received user credentials are authenticated the destination site transmits secure session information onto the network; and

wherein the local computer upon receipt of the session information establishes a secure communication session with the destination site.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A host based security system for a computer network includes in communication with the network a credential host that is operative in concert with a local computer and a destination site. The destination site has a credential authentication policy under which credentials associated with the local computer upon being authenticated authorizes data to be communicated between each of the destination site and the local computer during a communication session over the network. The credential host stores the credentials to be used by the destination and is operative to transmit the credentials onto the network in response to a request received from the local computer. The destination site upon the credentials being received and authenticated thereat is operative to transmit session information onto the network. In turn, the local computer is then operative to commence the communication session upon receipt of said the information.

10 Citations

View as Search Results

46 Claims

1. A host based security system for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the system comprising:
- a credential host being in communication with the network and having the user credentials of the user of the local computer stored thereat, wherein the credential host intercepts a request transmitted onto the network by the local computer to connect securely to the destination site and further wherein the credential host in response to intercepting the request transmits the user credentials onto the network;
  
  wherein the destination site upon receipt of the user credentials executes the credential authentication policy with the received user credentials and further wherein in the event the received user credentials are authenticated the destination site transmits secure session information onto the network; and
  
  wherein the local computer upon receipt of the session information establishes a secure communication session with the destination site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A host based security system as set forth in claim 1 wherein the user credentials are first received from the network at the local computer and retransmitted by the local computer to the destination site and the session information is received from the network at the local computer such that the communication session is established between the local computer and the destination site.
  - 3. A host based security system as set forth in claim 1 wherein the session information is received from the network at the credential host such that the communication session is established between the credential host and the destination site and further wherein a further secure communication session is established by the credential host between the credential host and the local computer in which data transmitted in the communication session between the destination site and the credential host is replicated in the further communication session between the credential host and the local computer.
  - 4. A host based security system as set forth in claim 3 wherein the session information includes an address of the destination site, wherein the data transmitted between the credential host and the destination site is associated with the address and further wherein the address is translated at the credential host in which the replicated data transmitted between the credential host and the destination site is associated with the translated address.
  - 5. A host based security system as set forth in claim 3 wherein the credential host stores the session information for the communication session between the credential host and the destination site, and further wherein the credential host develops new session information for a second communication session between the credential host and the local computer.
  - 6. A host based security system as set forth in claim 5 wherein the credential host inspects data transmitted in the second communication session and further operative to implement predetermined rules in the event predetermined information at the destination site is selected prior to the predetermined information being acted upon at the destination site.
  - 7. A host-based security system as set forth in claim 6 further comprising an auxiliary device associated with the user of the local computer wherein the auxiliary device is adapted for communication with the credential host and further wherein one of the predetermined rules requires additional credentials associated with the user to be entered at the auxiliary device and transmitted to the credential host upon selection of the predetermined information, the predetermined information being acted upon only in the event the additional credentials are authenticated at the credential host.
  - 8. A host based security system as set forth in claim 3 wherein the credential host stores additional personal information of the user of the local computer in association with an alphanumeric character string, the character string being enterable by the user at the local computer and transmittable to the credential host, the credential host being operative to transmit the personal information associated with the character string to the destination site in response to receipt of the character string.
  - 9. A host based security system as set forth in claim 1 wherein the session information is received from the network at the credential host and retransmitted therefrom to the local computer such that upon receipt of the session information at the local computer the communication session is established between the local computer and the destination site.
  - 10. A host based security system as set forth in claim 9 wherein a computer-to-host communication session exists between the local computer and the credential host and a host-to-site communication session exists between the credential host and the destination site, and further wherein the request is transmitted from the local computer over the computer-to-host communication session and retransmitted from the credential host over the host-to-site communication session.
  - 11. A host based security system as set forth in claim 10 wherein DNS settings of the local computer are pointed to DNS settings of the credential host such that the credential host resolves domains of the destination site and corresponding IP addresses of the destination site and routes the communication session with the domains through the credential host.
  - 12. A host based security system as set forth in claim 10 wherein the local computer includes a proxy controlled by the credential host such that data communicated between the local computer and the destination during the communication session is routed through the credential host.
  - 13. A host based security system as set forth in claim 1 wherein the session information is received from the network at the credential host such that the communication session is established between the credential host and the destination site and further wherein the credential host extends access to the communication session to the local computer such that the local computer interacts with the data communicated during the communication session.
  - 14. A host based security system as set forth in claim 13 wherein the local computer and the credential host each include executable components of a distributed network browser wherein components at the local computer manage display and input and components at the credential host manage authentication.
  - 15. A host based security system as set forth in claim 14 wherein interfaces of the components are communicated between the local computer and the credential host through an application level tunnel.
  - 16. A host based security system as set forth in claim 13 wherein the credential host includes a browser in which data transmitted in the communication session is rendered, the rendered data being mirrored at the local computer.
  - 17. A host based security system as set forth in claim 1 wherein the credential host is operative to transmit to the destination site additional information associated with the user credentials, the additional information being associated with the user of the local computer such that the credentials are validated as being associated with the user.
  - 18. A host based security system as set forth in claim 17 wherein the host based security system further includes an auxiliary device associated with the user and in communication with the credential host, the additional information being developed at the credential host in response to the auxiliary device being authenticated by the credential host.
  - 19. A host based security system as set forth in claim 17 wherein the additional information is encrypted using a key known only to the credential host and the destination site.
  - 20. A host based security system as set forth in claim 1 wherein the user credentials include a User ID and an initial password associated with the user of the local computer and originally registered with the destination site, the credential host upon the user credentials being stored at thereat registering a subsequent password at the destination site to replace the initial password.
  - 21. A host based security system as set forth in claim 20 wherein the credential host further stores private user information associated with the credentials, the private user information being available to the destination site during the communication session.
  - 22. A host based security system as set forth in claim 1 further comprising an auxiliary device associated with the user of the local computer, the credential host having a credential authentication policy under which the user credentials upon being authenticated at the credential host authorizes the credential host to be responsive to the request received from the local computer, the auxiliary device being in communication with the credential host, the user credentials being entered at the auxiliary device and transmitted to the credential host.
  - 23. A host based security system as set forth in claim 22 wherein the user credentials include a user ID and a password, the user ID being entered at the local computer and transmitted to the credential host, the password being entered at the auxiliary device and transmitted to the credential host.

24. A host based security method for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the method comprising steps of:
- storing at a credential host the user credentials of the user of the local computer, the credential host being communication with the network;
  
  intercepting at the credential host a request transmitted onto the network by the local computer to connect securely to the destination site;
  
  transmitting the user credentials onto the network from the credential host in response to intercepting the request;
  
  executing at the destination site upon receipt of the user credentials the credential authentication policy with the received user credentials;
  
  transmitting onto the network from the destination site in the event the received user credentials are authenticated secure session information; and
  
  establishing a secure communication session at the local computer upon receipt of the session information.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 25. A host based security method as set forth in claim 24 wherein the user credentials transmitting step includes the steps of first transmitting the user credentials from the credential host to the local computer and retransmitting the credentials from the local computer to the destination site and wherein the session information transmitting step transmits the credentials from the destination site to the local computer such that the communication session is established between the local computer and the destination site.
  - 26. A host based security method as set forth in claim 24 wherein the credentials transmitting step transmits the credentials to the destination site and wherein the session information transmitting step transmits the session information to the credential host such that the communication session is established between the credential host and the destination site, the method further comprising the steps of transmitting from the credential host to the local computer further session information such that a further communication session is established between the credential host and the local computer and replicating data transmitted in the communication session between the destination site and the credentials host in the further communication session between the credential host and the local computer.
  - 27. A host based security method as set forth in claim 26 wherein the session information includes an address of a location at the destination site wherein the data transmitted between the credential host and the destination site is associated with the address, the method further comprising the step of translating the address at the credential host wherein the replicated data transmitted between the credential host and the destination site is associated with the translated address.
  - 28. A host based security method as set forth in claim 26 further comprising the steps of storing at the credential host the session information for the communication session between the credential host and the destination site, and developing at the credential host new session information for a second communication session between the credential host and the local computer.
  - 29. A host based security method as set forth in claim 28 further comprising the steps of inspecting at the credential host data transmitted in the communication session and implementing predetermined rules in the event predetermined information at the destination site is selected prior to the predetermined information being acted upon at the destination site.
  - 30. A host-based security method as set forth in claim 29 further comprising the steps of entering additional credentials associated with the user of the local computer at an auxiliary device and communicating the additional credentials from the auxiliary device to the credential host, wherein one of the predetermined rules requires the additional credentials upon selection of the predetermined information, the predetermined information being acted upon only in the event the additional credentials are authenticated at the credential host.
  - 31. A host based security method as set forth in claim 26 further comprising the steps of storing at the credential host personal information of the user of the local computer in association with an alphanumeric character string, entering the character string at the local computer and transmitting the character string to the credential host, and transmitting the personal information associated with the character string to the destination site in response to receipt of the character string.
  - 32. A host based security method as set forth in claim 24 wherein the credentials transmitting step transmits the credentials to the destination site and the session information transmitting step includes the steps of transmitting the session information from the destination site to the credential host and retransmitting the session information from the credential host to the local computer such that upon receipt of the session information at the local computer the communication session is established between the local computer and the destination site.
  - 33. A host based security method as set forth in claim 32 wherein a computer-to-host communication session exists between the local computer and the credential host and a host-to-site communication session exists between the credential host and the destination site, and further wherein the request is a request to connect to the destination site transmitted from the local computer over the computer-to-host communication session and retransmitted from the credential host over the host-to-site communication session.
  - 34. A host based security method as set forth in claim 33 wherein DNS settings of the local computer are pointed to DNS settings of the credential host such that the credential host resolves domains of the destination site and corresponding IP addresses of the destination site and routes the communication session with the domains through the credential host.
  - 35. A host based security method as set forth in claim 33 wherein the local computer includes a proxy controlled by the credential host such that data communicated between the local computer and the destination site during the communication session is routed through the credential host.
  - 36. A host based security method as set forth in claim 24 wherein the credentials transmitting step transmits the credentials to the destination site and the session information transmitting step transmits the session information to the credential host such that the communication session is established between the credential host and the destination site, the method further comprising extending access by the credential host to the communication session to the local computer such that the local computer interacts with the data communicated during the communication session.
  - 37. A host based security method as set forth in claim 36 wherein the local computer and the credential host each included executable components of a distributed network browser wherein components at the local computer manage display and input and components at the credential host manage authentication.
  - 38. A host based security method as set forth in claim 37 wherein interfaces of the components are communicated between the local computer and the credential host through an application level tunnel.
  - 39. A host based security method as set forth in claim 36 wherein the credential host includes a browser in which data transmitted in the communication session is rendered, the rendered data being further mirrored at the local computer.
  - 40. A host based security method as set forth in claim 24 wherein the credential transmitting step transmits from the credential host to the destination site additional information associated with the credentials, the additional information being associated with a user of the local computer such that the credentials are validated as being associated with the user.
  - 41. A host based security method as set forth in claim 40 wherein an auxiliary device associated with the user is in communication with the credential host, the additional information being developed at the credential host in response to the auxiliary device being authenticated by the credential host.
  - 42. A host based security method as set forth in claim 40 wherein the additional information is encrypted using the key known only to the credential host and the destination site.
  - 43. A host based security method as set forth in claim 24 wherein the credentials include a User ID and an initial password associated with the local computer and originally registered with the destination site, the method further comprising the step of registering by the credential host upon the credentials being stored at thereat a subsequent password at the destination site to replace the initial password.
  - 44. A host based security method as set forth in claim 43 wherein the credential host further stores private user information associated with the credentials, the private user information being available to the destination site during the communication session.
  - 45. A host based security method as set forth in claim 24 further comprising the step of entering at an auxiliary device user credentials associated with a user of the local computer and transmitting by the auxiliary device the user credentials to the credential host, the credential host having a credential authentication policy under which credentials associated with a user of the local computer upon being authenticated authorizes the credential host to be responsive to the request received from the local computer, the auxiliary device being in communication with the credential host.
  - 46. A host based security method as set forth in claim 45 wherein the credentials associated with the user includes a user ID and a password, the user ID being entered at the local computer and transmitted to the credential host, the password being entered at the auxiliary device and transmitted to the credential host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Personal Capital Technology Corporation
Original Assignee
Personal Capital Technology Corporation
Inventors
Gasparini, Louis A., Harris, William H. Jr., Park, Do-Pil (Don)

Granted Patent

US 9,246,901 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/08   for authentication of entit...

H04L 9/3213   using tickets or tokens, e....

Secure Network Computing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

Secure Network Computing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others