Method for secure delegation of trust from a security device to a host computer application for enabling secure access to a resource on the web
First Claim
1. A method for authenticating a user on a host computer to a web server, comprising:
- establishing a secure communications channel between a plug-in operating on a host computer and a network security device;
authenticating the user to the network security device;
designating a web server to which a connection is desired from a browser operated by the user;
establishing a connection between the network security device and the web server;
establishing a security context by the web server;
transferring the security context from the web server to the trusted network security device;
transmitting the security context from the network security device to the plug-in;
operating the plug-in to store the security context such that the security context may be retrieved by the browser;
operating the browser to connect to the web server including transmitting the security context from the browser to the web server; and
upon presentment of the security context, granting the user access to the services of the web server.
0 Assignments
0 Petitions
Accused Products
Abstract
Secure authentication of a user on a host computer to a web server including a security device acquiring trust or a security context from the web server. The security device is operable of providing an X.509 certificate to a browser plug-in on the host computer. The browser plug-in on the host computer performing authentication of the security device and in response providing user credentials to the security device. The security device performing authentication of the user and requests a security context from the web server. In response, the web server provides a security context to the security device. The security device delegates the web server trust by transmitting the context to the host computer and enabling the user to securely access resources on the web server.
45 Citations
15 Claims
-
1. A method for authenticating a user on a host computer to a web server, comprising:
-
establishing a secure communications channel between a plug-in operating on a host computer and a network security device; authenticating the user to the network security device; designating a web server to which a connection is desired from a browser operated by the user; establishing a connection between the network security device and the web server; establishing a security context by the web server; transferring the security context from the web server to the trusted network security device; transmitting the security context from the network security device to the plug-in; operating the plug-in to store the security context such that the security context may be retrieved by the browser; operating the browser to connect to the web server including transmitting the security context from the browser to the web server; and upon presentment of the security context, granting the user access to the services of the web server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating a user on a host computer to a web server, comprising:
-
establishing a security context by the web server; transferring the security context from the web server to a smart card; receiving the user credential from the browser plug-in on the host computer; authenticating the user on the host computer; establishing trust between the smart card and the browser plug-in; establishing a secure channel of communication between the network security device and the browser plug-in on a host computer; and authenticating the network security device by the browser plug-in on the host computer; and in response the network security device authenticating the user on the host computer; and establishing trust between the plug-in on the host computer and the network security device; and delegating security context to a browser plug-in on a host computer by transferring the security context to the plug-in on the host computer; and authenticating the user on the host computer to the web server using the security context. - View Dependent Claims (10)
-
-
11. A system for authenticating a user on a host computer to a web server, comprising:
-
a security device connectable to the host computer; a browser plug-in having instructions executable on the host computer within the context of a browser, the browser plug-in comprising instructions to; establish a secure communications channel between a plug-in operating on a host computer and a network security device; authenticate the user to the network security device; designate a web server to which a connection is desired from a browser operated by the user; the security device having instructions to establish a connection between the security device and the web server; receive a security context from the web server to a security device; and transfer the security context to a browser plug-in on the host computer; transmitting the security context from the network security device to the plug-in; the browser plug-in further having instructions to; store the security context such that the security context may be retrieved by the browser; the web server having instructions to receive the security context from the browser; and upon presentment of the security context, to grant the user access to the services of the web server. - View Dependent Claims (12, 13, 14, 15)
-
Specification