Secure network computing

US 8,707,387 B2
Filed: 10/22/2008
Issued: 04/22/2014
Est. Priority Date: 10/22/2008
Status: Active Grant

First Claim

Patent Images

1. A host based security system for a computer network comprising:

a local computer in communication with said network;

a destination server in communication with said network, said destination server having a credential authentication policy;

a credential host in communication with said network, said credential host being operative to transmit credentials associated with a user of said local computer onto said network in response to a request initiated at said local computer to connect to said destination server, said destination server upon said credentials being received and authenticated in accordance with said authentication policy being operative to transmit session information onto said network for receipt at said credential host which upon receipt thereof is further operative to retransmit said session information to said local computer;

said local computer upon receipt of said session information having a communication session operatively established with said destination server such that during said communication session said local computer is authenticated to communicate data bi-directionally with said destination server in accordance with said session information; and

an auxiliary device associated with said user of said local computer, said credential host having a credential authentication policy under which credentials associated with said user of said local computer, wherein said credentials associated with said user includes a user ID and a password, upon being authenticated authorizes said credential host to be responsive to said request initiated by said local computer, said auxiliary device being in communication with said credential host, said credentials being transmitted to said credential host upon user ID being entered at said local computer and said password being entered at said auxiliary device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A host based security system for a computer network includes in communication with the network a credential host that is operative in concert with a local computer and a destination site. The destination site has a credential authentication policy under which credentials associated with the local computer upon being authenticated authorizes data to be communicated between each of the destination site and the local computer during a communication session over the network. The credential host stores the credentials to be used by the destination and is operative to transmit the credentials onto the network in response to a request received from the local computer. The destination site upon the credentials being received and authenticated thereat is operative to transmit session information onto the network. In turn, the local computer is then operative to commence the communication session upon receipt of said the information.

Citations

72 Claims

1. A host based security system for a computer network comprising:
- a local computer in communication with said network;
  
  a destination server in communication with said network, said destination server having a credential authentication policy;
  
  a credential host in communication with said network, said credential host being operative to transmit credentials associated with a user of said local computer onto said network in response to a request initiated at said local computer to connect to said destination server, said destination server upon said credentials being received and authenticated in accordance with said authentication policy being operative to transmit session information onto said network for receipt at said credential host which upon receipt thereof is further operative to retransmit said session information to said local computer;
  
  said local computer upon receipt of said session information having a communication session operatively established with said destination server such that during said communication session said local computer is authenticated to communicate data bi-directionally with said destination server in accordance with said session information; and
  
  an auxiliary device associated with said user of said local computer, said credential host having a credential authentication policy under which credentials associated with said user of said local computer, wherein said credentials associated with said user includes a user ID and a password, upon being authenticated authorizes said credential host to be responsive to said request initiated by said local computer, said auxiliary device being in communication with said credential host, said credentials being transmitted to said credential host upon user ID being entered at said local computer and said password being entered at said auxiliary device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. A host based security system as set forth in claim 1 wherein said credential host is operative to transmit to said destination server additional information associated with said credentials, said additional information being associated with said user of said local computer such that said credentials are validated as being associated with said user.
  - 3. A host based security system as set forth in claim 2 wherein said host based security system further includes an auxiliary device associated with said user and in communication with said credential host, said additional information being developed at said credential host in response to said auxiliary device being authenticated by said credential host.
  - 4. A host based security system as set forth in claim 2 wherein said additional information is a token.
  - 5. A host based security system as set forth in claim 4 wherein said token is encrypted using a key known only to said credential host and said destination server.
  - 6. A host based security system as set forth in claim 4 wherein said token expires upon expiration of a selected time duration.
  - 7. A host based security system as set forth in claim 1 wherein said session information includes at least one session cookie issued by said destination server upon authentication of said credentials and an address of a location at said destination server.
  - 8. A host based security system as set forth in claim 1 wherein a computer-to-host communication session exists over said network between said local computer and said credential host and a host-to-site communication session exists over said network between said credential host and said destination server, and further wherein said request is a request to connect to said destination server transmitted from said local computer over said computer-to-host communication session and retransmitted from said credential host over said host-to-site communication session.
  - 9. A host based security system as set forth in claim 8 wherein each of said communication session between said local computer and said destination server and said further communication session between said credential host and said local computer is an SSL session.
  - 10. A host based security system as set forth in claim 8 wherein DNS settings of said local computer are pointed to DNS settings of said credential host such that said credential host resolves domains of said destination server and corresponding IP addresses of said destination server and routes said communication session with said domains through said credential host.
  - 11. A host based security system as set forth in claim 8 wherein said local computer includes a proxy controlled by said credential host such that data communicated between said local computer and said destination server during said communication session is routed through said credential server for selected ones of URLs controlled by said credential host.
  - 12. A host based security system as set forth in claim 8 wherein said local computer includes a proxy controlled by said credential host such that data communicated between said local computer and said destination server during said communication session is routed through said credential server.
  - 13. A host based security system as set forth in claim 1 wherein said credentials include a User ID and an initial password associated with said local computer and originally registered with said destination server, said credential server upon said credentials being stored at thereat registering a subsequent password at said destination server to replace said initial password.
  - 14. A host based security system as set forth in claim 13 wherein said credential server further stores private user information associated with said credentials, said private user information being available to said destination server during said communication session.
  - 15. A host based security system as set forth in claim 1 wherein said local computer is authenticated by said credential host to communicate therewith prior to said request being received from said local computer.
  - 16. A host based security system as set forth in claim 15 wherein said local computer is authenticated by auxiliary credentials received from a device associated with said user of said local computer wherein said device is in communication solely with said credential host.
  - 17. A host based security system as set forth in claim 16 wherein said device from which said auxiliary credentials are received is selected in accordance with rules established by said user in accordance with said local computer currently operated by said user.
  - 18. A host based security system as set forth in claim 1 wherein said credential host upon transmission of said credentials to said destination server further is operative to transmit predefined information to a device associated with said user of said local computer.
  - 19. A host based security system as set forth in claim 18 wherein said device is selected in accordance with said destination server.
  - 20. A host based security system as set forth in claim 18 wherein said predefined information is transmitted only for a selected destination server.
  - 21. A host based security system as set forth in claim 1 wherein said credential host maintains a transaction history.
  - 22. A host based security system as set forth in claim 21 wherein said transaction history is user configurable.
  - 23. A host based security system as set forth in claim 22 wherein said transaction history includes an identification of said local computer in which said communication session has been established with said destination server.
  - 24. A host based security system as set forth in claim 23 wherein said identification is determined by a cookie stored at said local computer.
  - 25. A host based security system as set forth in claim 23 wherein said transaction history includes an identification of information accessed at said destination server.
  - 26. A host based security system as set forth in claim 1 wherein said credential host further sends information that is personal to said user of said local computer to said destination server.
  - 27. A host based security system as set forth in claim 26 wherein said personal information expires upon expiration of a selected time duration.
  - 28. A host based security system as set forth in claim 26 wherein said personal information is an identification of a financial instrument.
  - 29. A host based security system as set forth in claim 28 wherein said personal information is encrypted using a key known only to said credential host and said destination server.
  - 30. A host based security system as set forth in claim 1 wherein said credential host in response to said user ID being received thereat signals said auxiliary device at which said user is prompted to enter said password.
  - 31. A host based security system as set forth in claim 30 wherein said auxiliary device is one of a telephone and personal digital assistant.
  - 32. A host based security system as set forth in claim 1 further comprising an auxiliary device associated with said user of said local computer, said auxiliary device being in communication with said credential host, said data to be communicated between said local computer and said destination server including form fields to be transmitted from said destination server, said credential host routing said form fields to said auxiliary device at which said user enters information into said form fields for transmission to said destination server.
  - 33. A host based security system as set forth in claim 32 wherein said form fields are pre-identified as always to be routed to said auxiliary device, said information to be entered into said form fields being associated with personal financial information of said user.
  - 34. A host based security system as set forth in claim 1 wherein said local computer is operated by one of a plurality of users, said credentials associated with said local computer being unique for each of said users, said credentials being stored at said credential host in association with said destination server at which said credentials are to be authenticated and further in association each of said users such that said data to be communicated between said local computer and said destination server is further selectable in accordance with said credentials for each one of said users.
  - 35. A host based security system as set forth in claim 1 wherein said destination server is non-supportive of receipt of said credentials from said credential host such that said destination server transmits to said local computer a form field into which said credentials are to be entered, said credential host storing an alphanumeric character string in association with said credentials, said string being entered into said form field and transmitted form said local computer, said credential host substituting said string for said credentials to transmit to said destination server.
  - 36. A host based security system as set forth in claim 35 wherein said credential host stores personal information of said user of said local computer in association with a further alphanumeric character string and further wherein said destination server transmits to said local computer a further form field into which said personal information is normally entered, said further character string being enterable by said user at said local computer into said further form field and transmittable to said credential host, said credential host being operative to transmit said personal information associated with said character string in said further form field to said destination server in response to receipt of said character string.

37. A host based security method for a computer network wherein a local computer initiates a request to connect to a destination server in which the destination server has a credential authorization policy under which credentials of a user of said local computer are authenticated at said destination sever, said user credentials including a user ID and a password, said method comprising steps of:
- entering at said user computer said user ID and at an auxiliary device said password and transmitting said user ID and said password to a credential host, said credential host upon said user credentials being authenticated thereat authorizes said credential host to be responsive to said request initiated by said local computer;
  
  transmitting said user credentials from said credential host to said destination server;
  
  transmitting session information onto said network from said destination server for receipt at said credential host upon said credentials being received and authenticated at said destination server in accordance with said authentication policy; and
  
  retransmitting said session information from said credential host onto said network for receipt at said local computer, said local computer upon receipt of said session information having a communication session operatively established with said destination server such that during said communication session said local computer is authenticated to communicate data bi-directionally with said destination server in accordance with said session information.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 38. A host based security method as set forth in claim 37 wherein said credential transmitting step transmits from said credential host over said network to said destination server additional information associated with said credentials, said additional information being associated with said user of said local computer such that said credentials are validated as being associated with said user.
  - 39. A host based security method as set forth in claim 38 wherein an auxiliary device associated with said user is in communication with said credential host, said additional information being developed at said credential host in response to said auxiliary device being authenticated by said credential host.
  - 40. A host based security method as set forth in claim 38 wherein said additional information is a token.
  - 41. A host based security method as set forth in claim 40 wherein said token is encrypted using a key known only to said credential host and said destination server.
  - 42. A host based security method as set forth in claim 40 wherein said token expires upon expiration of a selected time duration.
  - 43. A host based security method as set forth in claim 37 wherein said session information includes at least one session cookie issued by said destination server upon authentication of said credentials and an address of a location at said destination server.
  - 44. A host based security method as set forth in claim 37 wherein a computer-to-host communication session exists over said network between said local computer and said credential host and a host-to-site communication session exists over said network between said credential host and said destination server, and further wherein said request is a request to connect to said destination server transmitted from said local computer over said computer-to-host communication session and retransmitted from said credential host over said host-to-site communication session.
  - 45. A host based security method as set forth in claim 44 wherein each of said communication session between said local computer and said destination server and said further communication session between said credential host and said local computer is an SSL session.
  - 46. A host based security method as set forth in claim 44 wherein DNS settings of said local computer are pointed to DNS settings of said credential host such that said credential host resolves domains of said destination server and corresponding IP addresses of said destination server and routes said communication session with said domains through said credential host.
  - 47. A host based security method as set forth in claim 44 wherein said local computer includes a proxy controlled by said credential host such that data communicated between said local computer and said destination server during said communication session is routed through said credential server for selected ones of URLs controlled by said credential host.
  - 48. A host based security method as set forth in claim 44 wherein said local computer includes a proxy controlled by said credential host such that data communicated between said local computer and said destination server during said communication session is routed through said credential server.
  - 49. A host based security method as set forth in claim 37 wherein said credentials include a User ID and an initial password associated with said local computer and originally registered with said destination server, said method further comprising the step of registering by said credential server upon said credentials being stored at thereat a subsequent password at said destination server to replace said initial password.
  - 50. A host based security method as set forth in claim 49 wherein said credential server further stores private user information associated with said credentials, said private user information being available to said destination server during said communication session.
  - 51. A host based security method as set forth in claim 37 further comprising the step of authenticating said local computer by said credential host to communicate therewith prior to said request being received from said local computer.
  - 52. A host based security method as set forth in claim 51 wherein said authenticating step authenticates said local computer by auxiliary credentials received from a device associated with said user of said local computer wherein said device is in communication solely with said credential host.
  - 53. A host based security method as set forth in claim 52 wherein said device from which said auxiliary credentials are received is selected in accordance with rules established by said user in accordance with said local computer currently operated by said user.
  - 54. A host based security method as set forth in claim 37 wherein said credential transmitting step includes transmitting predefined information to a device associated with said user of said local computer contemporaneously with transmitting said credentials to said destination server.
  - 55. A host based security method as set forth in claim 54 wherein said device is selected in accordance with said destination server.
  - 56. A host based security method as set forth in claim 54 wherein said predefined information is transmitted only for a selected destination server.
  - 57. A host based security method as set forth in claim 37 wherein said credential host maintains a transaction history.
  - 58. A host based security method as set forth in claim 57 wherein said transaction history is user configurable.
  - 59. A host based security method as set forth in claim 58 said transaction history includes an identification of said local computer in which said communication session has been established with said destination server.
  - 60. A host based security method as set forth in claim 59 wherein said identification is determined by a cookie stored at said local computer.
  - 61. A host based security method as set forth in claim 59 wherein said transaction history includes an identification of information accessed at said destination server.
  - 62. A host based security method as set forth in claim 37 further comprising the step of sending from said credential host information personal to said user of said local computer to said destination server.
  - 63. A host based security method as set forth in claim 62 wherein said personal information expires upon expiration of a selected time duration.
  - 64. A host based security method as set forth in claim 62 wherein said personal information is an identification of a financial instrument.
  - 65. A host based security method as set forth in claim 64 wherein said personal information is encrypted using a key known only to said credential host and said destination server.
  - 66. A host based security method as set forth in claim 37 wherein said credential host in response to said user ID being received thereat signals said auxiliary device at which said user is prompted to enter said password.
  - 67. A host based security method as set forth in claim 66 wherein said auxiliary device is one of a telephone and personal digital assistant and said password is a personal identification number.
  - 68. A host based security method as set forth in claim 37 wherein said data to be communicated between said local computer and said destination server includes form fields to be transmitted from said destination server, said method further comprising the steps of routing said form fields from said credential host to said auxiliary device at which said user enters information into said form fields and transmitting from said auxiliary device said information entered into said form fields to said destination server, said auxiliary device associated with said user of said local computer, said auxiliary device being in communication with said credential host.
  - 69. A host based security method as set forth in claim 68 wherein said form fields are pre-identified as always to be routed to said auxiliary device, said information to be entered into said form fields being associated with personal financial information of said user.
  - 70. A host based security method as set forth in claim 37 wherein said local computer is operated by one of a plurality of users, said credentials associated with said local computer being unique for each of said users, said credentials being stored at said credential host in association with said destination server at which said credentials are to be authenticated and further in association each of said users such that said data to be communicated between said local computer and said destination server is further selectable in accordance with said credentials for each one of said users.
  - 71. A host based security method as set forth in claim 37 wherein said destination server is non-supportive of receipt of said credentials from said credential host such that said destination server transmits to said local computer a form field into which said credentials are to be entered, said credential host storing an alphanumeric character string in association with said credentials, said string being entered into said form field and transmitted form said local computer, said credential host substituting said string for said credentials to transmit to said destination server.
  - 72. A host based security method as set forth in claim 71 wherein said credential host stores personal information of said user of said local computer in association with a further alphanumeric character string and further wherein said destination server transmits to said local computer a further form field into which said personal information is normally entered, said further character string being enterable by said user at said local computer into said further form field and transmittable to said credential host, said credential host being operative to transmit said personal information associated with said character string in said further form field to said destination server in response to receipt of said character string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Personal Capital Technology Corporation
Original Assignee
Personal Capital Technology Corporation
Inventors
Gasparini, Louis A., Park, Do-Pil (Don), Harris, William H. Jr.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
HO, DAO Q

Application Number

US12/288,855
Publication Number

US 20100100928A1
Time in Patent Office

2,008 Days
Field of Search

726 1- 2, 726/6, 726/9
US Class Current

726/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/08   for authentication of entit...

H04L 9/3213   using tickets or tokens, e....

Secure network computing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

72 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network computing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

72 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links