METHOD AND APPARATUS FOR SECURE INTERACTION WITH A COMPUTER SERVICE PROVIDER
First Claim
1. A method for interacting with a website server by means of the HTTP and SSL/TLS protocols, the website server capable of a login operation using user authentication records on the website server for checking a username and a password, the method comprising the steps of:
- (a) arranging a first computing environment by securely coupling a first data processor, an user interface, a RAM memory 3 and a non-volatile memory;
(b) configuring a second computing environment for communicating with the first computing environment and for running a browser;
(c) deciding whether to perform the login operation in the first computing environment;
(d) obtaining the password from said non-volatile memory;
(e) inserting the password into an HTTP request with the first data processor;
(f) checking the website server'"'"'s certificate in said first environment;
(g) establishing a login session using the SSL/TLS protocol by sending the HTTP request from the first computing environment to the website server to obtain an authentication data representative of the login session;
(h) securing the password for not revealing the password to the browser running in the second computing environment; and
(i) browsing, based on the obtained authentication data representative of the login session, the established login session with the browser;
whereby the login operation is carried in the first computing environment without leaking sensitive information and the login session is browsed taking advantage of the powerful resources of the second environment.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for secure interaction with a website server capable of an authentication operation with a login operation checking a username and a password, is described. Standard web browsing environments are generally insecure and private information, such as passwords, are prone to theft. The proposed solution comprises securing the password used for the authentication in a trusted computing environment, such as a separate computer, without the need of revealing the password to a browser running in an untrusted computing environment, and basing the browsing on authentication data obtained as result of the login operation, that can be confirmed by the user in the trusted environment, prior of being performed.
-
Citations
25 Claims
-
1. A method for interacting with a website server by means of the HTTP and SSL/TLS protocols, the website server capable of a login operation using user authentication records on the website server for checking a username and a password, the method comprising the steps of:
-
(a) arranging a first computing environment by securely coupling a first data processor, an user interface, a RAM memory 3 and a non-volatile memory; (b) configuring a second computing environment for communicating with the first computing environment and for running a browser; (c) deciding whether to perform the login operation in the first computing environment; (d) obtaining the password from said non-volatile memory; (e) inserting the password into an HTTP request with the first data processor; (f) checking the website server'"'"'s certificate in said first environment; (g) establishing a login session using the SSL/TLS protocol by sending the HTTP request from the first computing environment to the website server to obtain an authentication data representative of the login session; (h) securing the password for not revealing the password to the browser running in the second computing environment; and (i) browsing, based on the obtained authentication data representative of the login session, the established login session with the browser; whereby the login operation is carried in the first computing environment without leaking sensitive information and the login session is browsed taking advantage of the powerful resources of the second environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification