Disposable browsers and authentication techniques for a secure online user environment

US 8,776,169 B2
Filed: 03/30/2011
Issued: 07/08/2014
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A secure system for providing user interaction with online services, a user accessing the system through a local client machine, the system comprising:

a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;

a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;

whereby the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system;

a web analysis server, the web analysis server operable to communicate with third-party online service provider sites associated with the user;

a secure user data store comprising user attributes associated with the user for interacting with the third-party online service provider sites; and

an application server comprising a secure user browser environment, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from the secure user data store and a secure browser application, the secure browser application operable within the secure user browser environment of the application server to receive web code commands from the third-party online service provider sites and to translate the web code commands into an image protocol for transmission to the local client machine,whereby the application server is operable to build, on-demand, instantiated user sessions that are operated outside the local client machines such that the local client machines receive images representative of accessed web pages without receiving the web code commands from the third-party online service provider sites, andwhereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions, andwhereby the application server is operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the security of the secure system, thereby protecting user data from unauthorized access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

Citations

14 Claims

1. A secure system for providing user interaction with online services, a user accessing the system through a local client machine, the system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
  
  a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;
  
  whereby the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system;
  
  a web analysis server, the web analysis server operable to communicate with third-party online service provider sites associated with the user;
  
  a secure user data store comprising user attributes associated with the user for interacting with the third-party online service provider sites; and
  
  an application server comprising a secure user browser environment, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from the secure user data store and a secure browser application, the secure browser application operable within the secure user browser environment of the application server to receive web code commands from the third-party online service provider sites and to translate the web code commands into an image protocol for transmission to the local client machine,whereby the application server is operable to build, on-demand, instantiated user sessions that are operated outside the local client machines such that the local client machines receive images representative of accessed web pages without receiving the web code commands from the third-party online service provider sites, andwhereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions, andwhereby the application server is operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the security of the secure system, thereby protecting user data from unauthorized access.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The secure system according to claim 1, further comprising:
    - a policy database memory comprising usage policies for multiple users;
      
      a policy portal server connected to the policy database and accessible by administrators to set security policies for one or more users of the system.
  - 3. The secure system according to claim 2, wherein the administrator is one of the one or more users, whereby the administrator is enabled to set his own user security policies.
  - 4. The secure system according to claim 2, wherein the administrator can set certain usage policies on behalf of individual user accounts or globally for multiple user.
  - 5. The secure system according to claim 1, wherein the dynamic authentication procedures changes randomly, such as to avoid automated attacks.
  - 6. The secure system according to claim 1, wherein the private user areas can be established and or disposed of at the end of user sessions to further protect the user data from unauthorized access.
  - 7. The secure system according to claim 6, wherein the private user areas comprise disposable browsers that perform the accessing of third-party online service provider sites.

8. A method for establishing a secure, remote user online session operating in a secure service environment, the method comprising:
- a) establishing an internet-based authentication process for authenticating a remote user access to the secure session through a remote user machine operable to display images representative of accessed web pages without receiving web code from a downstream third-party web server, the internet-based authentication process operating through a web-based communications protocol;
  
  b) receiving a user access request from the remote user machine through the web-based communications protocol;
  
  c) evaluating an environment around the user access request for initial indicia of user authenticity, whereby the evaluating employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system;
  
  d) establishing a remote client application on the remote user machine operable to display images representative of accessed web pages without receiving web code commands from a downstream third-party web server, the remote client application operable to communicate directly with the secure service environment through a secure protocol not employing the web-based communications protocol;
  
  e) establishing a user interface window on the remote client application, whereby the communications between the secure service environment and the remote client application through the secure protocol may be conducted with the user through the user interface window and not through the web-based communications protocol;
  
  f) conducting an explicit user authentication process with the user through the user interface window; and
  
  g) establishing a secure user browsing environment, the secure user browser environment being instantiated with the building of a user browsing session, the secure browser environment including data retrieved from a user data store, the secure browser environment operable as the interface point to the remote client application, the user browsing session operable to interact with the online service provider sites from within the secure user browsing environment and thereby isolate the remote client machine from direct interaction with the internet;
  
  whereby the user browsing sessions can be deleted upon termination of the instantiated user sessions; and
  
  whereby the secure user browser environment can be established and/or disposed of within the secure service environment, thereby protecting user data from unauthorized access.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further operable to store user credentials for third-party online service provider sites and to use those credentials to login to the third-party online service provider sites on behalf of users.
  - 10. The method of claim 9, further comprising resetting a user'"'"'s credentials with the third party online service provider sites to provide further security of the user'"'"'s access to those sites.
  - 11. The method of claim 8, further operable to validate the safety of such third-party online service provider sites and to provide access to, deny access to, or provide information to users about those online service provider sites in accordance with usage policies stored in a policy database.

12. A method for redirecting URL queries on a user machine to an online session operating in a secure service environment rather than through a user-machine-based web browser, the method comprising:
- a) establishing on the user machine a remote client application, the remote client application being a client to the secure service environment and operable to communicate directly with the secure service environment through a secure protocol not employing the user-machine-based web browser;
  
  b) establishing logical linkages in one or more applications running on the user machine whereby the remote client application receives URL queries submitted within those applications, thereby avoiding transmission of web-based transactions from the user machine through the user-machine-based web browser;
  
  c) authenticating a user based on dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system, andd) transmitting the URL queries through the remote client application to an application server in the secure service environment, the application server to submit the URL queries using a secure user browser environment operating on the application server and to initiate a web session with a downstream third-party web server associated with the URL queries, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from a secure user data store, the application server further operable to build, on demand, instantiated user sessions that are operated outside the user machine, the application server further operable to translate web code commands sent to and received from the downstream third-party web server into an image protocol for further communications from and to the remote client application on the user machine using the secure protocol, whereby the user machine is operable to display images representative of accessed web pages without receiving the web code commands from the downstream third-party web server;
  
  whereby the user browsing sessions can be deleted upon termination of the instantiated user sessions.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein the logical linkages act to intercept URL inquiries from being handled by the user-machine-based web browsers and redirect such inquiries through the secure protocol to be submitted at the secure service environment by the secure browser.
  - 14. The method of claim 13 and further comprising instructing the user machine'"'"'s operating system to prevent or restrict the start-up of user-machine-based browsers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentic8, Inc.
Original Assignee
Authentic8, Inc.
Inventors
Rajagopal, Ramesh, Tosh, James K., Cox, Fredric L., Nguyen, Perry F., Champion, Jason T.
Primary Examiner(s)
Chao, Michael
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US13/076,421
Publication Number

US 20110247045A1
Time in Patent Office

1,196 Days
Field of Search

726/1, 726/7
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/313   using a call-back technique...

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

G06F 21/43   wireless channels

G06F 21/53   by executing in a restricte...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Disposable browsers and authentication techniques for a secure online user environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Disposable browsers and authentication techniques for a secure online user environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links