METHOD AND APPARATUS FOR SECURE INTERACTION WITH A COMPUTER SERVICE PROVIDER

US 20140282978A1
Filed: 03/17/2014
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for interacting with a website server by means of the HTTP and SSL/TLS protocols, the website server capable of a login operation using user authentication records on the website server for checking a username and a password, the method comprising the steps of:

(a) arranging a first computing environment by securely coupling a first data processor, an user interface, a RAM memory 3 and a non-volatile memory;

(b) configuring a second computing environment for communicating with the first computing environment and for running a browser;

(c) deciding whether to perform the login operation in the first computing environment;

(d) obtaining the password from said non-volatile memory;

(e) inserting the password into an HTTP request with the first data processor;

(f) checking the website server'"'"'s certificate in said first environment;

(g) establishing a login session using the SSL/TLS protocol by sending the HTTP request from the first computing environment to the website server to obtain an authentication data representative of the login session;

(h) securing the password for not revealing the password to the browser running in the second computing environment; and

(i) browsing, based on the obtained authentication data representative of the login session, the established login session with the browser;

whereby the login operation is carried in the first computing environment without leaking sensitive information and the login session is browsed taking advantage of the powerful resources of the second environment.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure interaction with a website server capable of an authentication operation with a login operation checking a username and a password, is described. Standard web browsing environments are generally insecure and private information, such as passwords, are prone to theft. The proposed solution comprises securing the password used for the authentication in a trusted computing environment, such as a separate computer, without the need of revealing the password to a browser running in an untrusted computing environment, and basing the browsing on authentication data obtained as result of the login operation, that can be confirmed by the user in the trusted environment, prior of being performed.

Citations

25 Claims

1. A method for interacting with a website server by means of the HTTP and SSL/TLS protocols, the website server capable of a login operation using user authentication records on the website server for checking a username and a password, the method comprising the steps of:
- (a) arranging a first computing environment by securely coupling a first data processor, an user interface, a RAM memory 3 and a non-volatile memory;
  
  (b) configuring a second computing environment for communicating with the first computing environment and for running a browser;
  
  (c) deciding whether to perform the login operation in the first computing environment;
  
  (d) obtaining the password from said non-volatile memory;
  
  (e) inserting the password into an HTTP request with the first data processor;
  
  (f) checking the website server'"'"'s certificate in said first environment;
  
  (g) establishing a login session using the SSL/TLS protocol by sending the HTTP request from the first computing environment to the website server to obtain an authentication data representative of the login session;
  
  (h) securing the password for not revealing the password to the browser running in the second computing environment; and
  
  (i) browsing, based on the obtained authentication data representative of the login session, the established login session with the browser;
  
  whereby the login operation is carried in the first computing environment without leaking sensitive information and the login session is browsed taking advantage of the powerful resources of the second environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method according to claim 1 wherein said user interface further comprises a second data processor having at least an interface for controlling at least one of 1) an input device, 2) an output device, and 3) a first wireless module.
  - 3. The method according to claim 1 wherein the first computing environment is implemented as a first computer platform 13 including at least one of 1) the first data processor, 2) the RAM memory, and 3) the non-volatile memory.
  - 4. The method according to claim 1 wherein the second computing environment is implemented as a second platform comprising a computer controlling a second user interface.
  - 5. The method according to claim 1 wherein the login operation data consist essentially of the combination of said password with said username.
  - 6. The method according to claim 3 wherein said first computing platform is transportable as part of a key-chain.
  - 7. The method according to claim 1 wherein the deciding step (c) is based on confirming the login operation based on information comprising the website server shown in said user interface.
  - 8. The method according to claim 1 wherein the password is a password to be remembered.
  - 9. The method according to claim 1 wherein the browsing step (i) comprises receiving responses directly from the website server to the second environment and sending requests directly from the browser to the website server.
  - 10. The method according to claim 1 wherein the securing the password step (h) comprises:
    - encrypting with an obtained first SSL/TLS session key said HTTP request having inserted therein the password; and
      
      obstructing the first SSL/TLS session key to be known in the second environment.
  - 11. The method according to claim 1 wherein for carrying the browsing step comprises obtaining in the browser a second SSL/TLS session key.
  - 12. The method according to claim 11 wherein said second SSL/TLS key is obtained by carrying a SSL/TLS session renegotiation operation.
  - 13. The method according to claim 1 wherein the securing step comprises controlling the software running on the first computing environment by not allowing the execution of non-authenticated software.
  - 14. The method according to claim 1 wherein said authentication data representative of the login session comprises a first cookie.
  - 15. The method according to claim 1 wherein the first data processor is configured for modifying the HTTP request to set the username.
  - 16. The method according to claim 1 wherein the obtaining the password step (d) is carried by decrypting the password using a PIN entered in said user interface.
  - 17. The method according to claim 1 wherein the obtaining the password step (d) is carried by using a password database.
  - 18. The method according to claim 1 wherein the first data processor is configured for receiving the HTTP request from the browser.
  - 19. The method according to claim 1 wherein the second environment is configured for running a routing software module that allows each of the first and second computing environments to make a plurality of connections to the website server and to route HTTP requests generated by the browser, depending on an evaluation, to the first computing environment or to the website server.
  - 20. The method according to claim 19 wherein the routing software module is further configured for separately redirecting a half-duplex stream of said plurality of connections to the website server, from the first computing environment to the second computing environment.
  - 21. The method according to claim 1 further comprising the steps of:
    - (a) transforming in the first computing environment said authentication data representative of the login session to obtain a transformed authentication data;
      
      (b) securing the authentication data representative of the login session for not being revealed to the second computing environment;
      
      (c) sending the transformed authentication data to the browser;
      
      (d) carrying said browsing step (i) in the second computing environment basing the browsing of the established session on the transformed authentication data;
      
      (e) obtaining in the first computing environment the authentication data representative of the login session associated to the transformed authentication data received from the browser; and
      
      (f) inserting in the first computing environment the authentication data representative of the login session in a second request header to be sent to the website server.
  - 22. The method according to claim 21 wherein the first data processor is configured for replacing in a response header received from the website server the authentication data representative of the login session with the transformed authentication data for obtaining a modified response header to be sent to the browser.
  - 23. The method according to claim 21 wherein the transformed authentication data is a second cookie.
  - 24. The method according to claim 21 wherein the step (e) of obtaining in the first computing environment the authentication data representative of the login session is based on one of 1) using an encrypted version of the authentication data representative of the login session as the transformed authentication data, and 2) using the transformed authentication data in a lookup operation.
  - 25. The method according to claim 1, wherein the establishing a login session step (g) uses the HTTPS protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sergio Demian Lerner, Victor Suarez Rovere
Original Assignee
Sergio Demian Lerner, Victor Suarez Rovere
Inventors
LERNER, Sergio Demian, SUAREZ ROVERE, Victor

Application Number

US14/215,787
Publication Number

US 20140282978A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

METHOD AND APPARATUS FOR SECURE INTERACTION WITH A COMPUTER SERVICE PROVIDER

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURE INTERACTION WITH A COMPUTER SERVICE PROVIDER

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links