WEB AUTHENTICATION USING CLIENT PLATFORM ROOT OF TRUST
First Claim
Patent Images
1. A device for device-specific web authentication, the device comprising:
- at least one processor arranged to;
request a website; and
access the website in response to an website access initiation from an authorization module on a server; and
a secure execution environment arranged to;
store a device-stored uniform resource identifier;
send the device-stored uniform resource identifier to the authorization module;
receive a server-stored uniform resource identifier from the authorization module; and
send a validity determination to the authorization module in response to a validation of the server-stored uniform resource identifier by the secure execution environment, the website access initiation being based on the validity determination.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for performing web authentication using a client platform root of trust are disclosed herein. Website and user validity and integrity may be authenticated based on the user device'"'"'s attempt to access the website. A user device may securely access the website once the user device is successfully authenticated with a server. In an embodiment, the user device may perform an authentication of the website to ensure the website is a valid entity.
-
Citations
36 Claims
-
1. A device for device-specific web authentication, the device comprising:
-
at least one processor arranged to; request a website; and access the website in response to an website access initiation from an authorization module on a server; and a secure execution environment arranged to; store a device-stored uniform resource identifier; send the device-stored uniform resource identifier to the authorization module; receive a server-stored uniform resource identifier from the authorization module; and send a validity determination to the authorization module in response to a validation of the server-stored uniform resource identifier by the secure execution environment, the website access initiation being based on the validity determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for web authentication, the method comprising:
-
responsive to a request to access a website using a device having a secure execution environment, the device arranged to use a client platform root of trust, sending to a server a device-stored web address stored at the secure execution environment, the device-stored web address being specific to the device; receiving at the secure execution environment on the device, a server-stored web address stored at the server, the server-stored web address being specific to the device; determining, via the secure execution environment, whether the server-stored web address is valid; and initiating access to the website if the server-stored web address is valid and if the server determines that the device-stored web address is valid. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An authorization module for device-specific web authentication, the authorization module arranged to:
-
receive a request to access a website from a device having a secure execution environment; receive a device-stored uniform resource identifier from the device, the device-stored uniform resource identifier being stored in the secure execution environment; send a server-stored uniform resource identifier to the secure execution environment; and provide access to the website in response to a determination that the device-stored uniform resource identifier is valid and in response to a determination by the secure execution environment that the server-stored uniform resource identifier is valid. - View Dependent Claims (22, 23)
-
-
24-29. -29. (canceled)
-
30. A method for web authentication, the method comprising:
-
receiving at a server a device-stored web address stored at the secure environment, the device-stored web address being a web address specific to the device, the device arranged to use a client platform root of trust; sending from the server to the secure execution environment on the device a server-stored web address stored at the server; determining, via the server, whether the device-stored web address is valid; and providing access to the website if the device-stored web address is valid and if the secure execution environment of the device determines that the server-stored web address is valid. - View Dependent Claims (35)
-
-
31-34. -34. (canceled)
-
36-40. -40. (canceled)
Specification