Method of securely logging into remote servers

US 8,434,137 B2
Filed: 03/22/2007
Issued: 04/30/2013
Est. Priority Date: 03/22/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising a network device (NSC), a host computer (HOST) and a remote server (SRV), wherein the host computer (HOST) and the network device (NSC) are connectable through a first network, wherein the host computer (HOST) and the remote server (SRV) are connectable through the Internet, wherein the network device (NSC) comprises a web server accessible from the host computer (HOST), wherein the network device (NSC) is set to store a user'"'"'s authentication credential, wherein the host computer (HOST) is set to display a web page produced by the remote server (SRV) to the user in a first browser session, the system further comprising:

a. the remote server (SRV) is set to include a login link in said web page, the login link comprising a pointer that when resolved by a server assigned to resolve network addresses for the host is resolved into a network address that points to said web server on the network device (NSC) storing the user'"'"'s authentication credentials;

b. said host computer (HOST) is set to, in response to the user clicking on said login link, creating a second browser session connected to the network device (NSC) including a session ID for the first browser session;

c. said web server on the network device (NSC) is set to display a login page to the user on the host computer (HOST) in the second browser session, in order to authenticate the user; and

d. upon authentication of the user, the network device (NSC) is set to send the user'"'"'s authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV) including the session ID for the first browser session thereby enabling the remote server (SRV) to link the authentication of the user by the network device (NSC) to the browser session with the user in the first browser session.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a system comprising a network device (NSC), a host computer (HOST) and a remote server remote (SRV). The host computer (HOST) and the network device (NSC) server are connectable through a network. The host computer (HOST) and the remote server (SRV) are connectable through the Internet. The smart network device (NSC) comprises a web server accessible from the host computer (HOST). The network device (NSC) is set to store a user'"'"'s authentication credential. The host computer (HOST) is set to display a web page produced by the remote server (SRV) to the user. The remote server (SRV) is set to include a login link in said web page, the login link pointing to said web server. The web server is set to display a login page to the user on the host computer (HOST) when the user clicks on said login link, in order to authenticate the user. Upon authentication of the user, the network device (NSC) is set to send the user'"'"'s authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV).

12 Citations

View as Search Results

23 Claims

1. A system comprising a network device (NSC), a host computer (HOST) and a remote server (SRV), wherein the host computer (HOST) and the network device (NSC) are connectable through a first network, wherein the host computer (HOST) and the remote server (SRV) are connectable through the Internet, wherein the network device (NSC) comprises a web server accessible from the host computer (HOST), wherein the network device (NSC) is set to store a user'"'"'s authentication credential, wherein the host computer (HOST) is set to display a web page produced by the remote server (SRV) to the user in a first browser session, the system further comprising:
- a. the remote server (SRV) is set to include a login link in said web page, the login link comprising a pointer that when resolved by a server assigned to resolve network addresses for the host is resolved into a network address that points to said web server on the network device (NSC) storing the user'"'"'s authentication credentials;
  
  b. said host computer (HOST) is set to, in response to the user clicking on said login link, creating a second browser session connected to the network device (NSC) including a session ID for the first browser session;
  
  c. said web server on the network device (NSC) is set to display a login page to the user on the host computer (HOST) in the second browser session, in order to authenticate the user; and
  
  d. upon authentication of the user, the network device (NSC) is set to send the user'"'"'s authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV) including the session ID for the first browser session thereby enabling the remote server (SRV) to link the authentication of the user by the network device (NSC) to the browser session with the user in the first browser session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein the login link contains a generic domain name of the network device (NSC), and wherein the network device (NSC) comprises a Domain Name Server set to resolve said generic domain name wherein the host computer (HOST) is set to receive a resolved network address of the generic domain name of the network device (NSC) from the network device (NSC) thereby enabling the host computer (HOST) to create the second browser session with the network device (NSC).
  - 3. The system according to claim 1, wherein the login link further comprises a parameter identifying the remote server (SRV).
  - 4. The system according to claim 1, wherein the web page further comprises the session identifier.
  - 5. The system according to claim 1 wherein the web page further comprises a script set to request the session identifier from the remote server (SRV).
  - 6. The system according to claim 5, wherein the session identifier is obtained by an XMLHttpRequest object.
  - 7. The system according to claim 1, wherein the login page comprises a button, and wherein the user requests the network device (NSC) to send the authentication credential to the remote server (SRV) by clicking the button.
  - 8. The system according to claim 1, wherein all communications between the network device (NSC) and the remote server (SRV) are encrypted by SSL or TLS.
  - 9. The system according to claim 1, wherein the remote server (SRV) is set to include a CAPTCHA in the web page, wherein the user has to input the data displayed in the CAPTCHA into the host computer (HOST), wherein the host computer (HOST) is set to send said data to the network device (NSC), and wherein the network device (NSC) is set to send said data securely to the remote server (SRV).
  - 10. The system according to claim 1, wherein the network device (NSC) is a network smart card.
  - 11. The system according to claim 10, wherein the network device (NSC) is a USB token.

12. A method for authenticating a user of a host computer (HOST) to a remote server (SRV), wherein the user has a network device (NSC), wherein the network device (NSC) and the host computer (HOST) are connectable through a first network, wherein the host computer (HOST) and the remote server (SRV) are connectable through the Internet, wherein the user connects to the remote server (SRV) through a web page produced by the remote server (SRV) and displayed on the host computer (HOST) in a first browser session, wherein the network device (NSC) is set to store a user'"'"'s authentication credential, wherein the network device (NSC) comprises a web server accessible from the host computer (HOST), the method comprising:
- a. the remote server (SRV) is set to include a login link in said web page comprising a pointer that when resolved by a server assigned to resolve network addresses for the host is resolved into a network address that points to said web server on the network device (NSC) storing the user'"'"'s authentication credentials;
  
  b. said host computer (HOST) is set to, in response to the user clicking on said login link, creating a second browser session connected to the network device (NSC) including a session ID for the first browser session;
  
  c. said web server on the network device (NSC) is set to display a login page to the user on the host computer (HOST) in the second browser session, in order to authenticate the user; and
  
  d. upon authentication of the user, the network device (NSC) is set to send the user'"'"'s authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV) including the session ID for the first browser session thereby enabling the remote server (SRV) to link the authentication of the user by the network device (NSC) to the browser session with the user in the first browser session.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method according to claim 12, wherein the login link contains a generic domain name of the network device (NSC), and wherein the network device (NSC) comprises a Domain Name Server set to resolve said generic domain name wherein the host computer (HOST) is set to receive a resolved network address of the generic domain name of the network device (NSC) from the network device (NSC) thereby enabling the host computer (HOST) to create the second browser session with the network device (NSC).
  - 14. The method according to claim 12 wherein the login link further comprises a parameter identifying the remote server (SRV).
  - 15. The method according to claim 12 wherein the web page further comprises a the session identifier.
  - 16. The method according to claim 12 wherein the web page further comprises a script set to request a the session identifier from the remote server (SRV).
  - 17. The method according to claim 16, wherein the session identifier is obtained by an XMLHttpRequest object.
  - 18. The method according to claim 12, wherein the login page comprises a button, and wherein the user requests the network device (NSC) to send the authentication credential to the remote server (SRV) by clicking the button.
  - 19. The method according to claim 12, wherein all communications between the network device (NSC) and the remote server (SRV) are encrypted by SSL or TLS.
  - 20. The method according to claim 12, wherein the remote server (SRV) is set to include a CAPTCHA in the web page, wherein the user has to input the data displayed in the CAPTCHA into the host computer (HOST), wherein the host computer (HOST) is set to send said data to the network device (NSC), and wherein the network device (NSC) is set to send said data securely to the remote server (SRV).
  - 21. The method according to claim 12, wherein the network device (NSC) is a network smart card.
  - 22. The method according to claim 21, wherein the network device (NSC) is a USB token.
  - 23. The method according to claim 12, wherein the method comprises the following steps:
    - a. The user types the address of the remote server (SRV) in a browser on the host computer (HOST);
      
      b. The user connects his network device (NSC) with the host computer (HOST);
      
      c. The user clicks on the login link inside the web page of the remote server (SRV);
      
      d. The user authenticates to the network device (NSC) through the login page opened when clicking the login link, by using an authentication method of the network device (NSC); and
      
      e. Upon authentication of the user, the network device (NSC) sends the authentication credential to the remote server (SRV) in order to authenticate the user to the remote server (SRV).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemalto SA (Thales SA)
Inventors
Lu, HongQian Karen
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
King, John B

Application Number

US12/293,632
Publication Number

US 20100169962A1
Time in Patent Office

2,231 Days
Field of Search

726 1- 10, 726 26- 30
US Class Current

726/9
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 63/166   at the transport layer

Method of securely logging into remote servers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method of securely logging into remote servers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links