Disposable browsers and authentication techniques for a secure online user environment
First Claim
1. A secure system for providing user interaction with online services, a user accessing the system through a local client machine, the system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;
whereby the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system;
a web analysis server, the web analysis server operable to communicate with third-party online service provider sites associated with the user;
a secure user data store comprising user attributes associated with the user for interacting with the third-party online service provider sites; and
an application server comprising a secure user browser environment, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from the secure user data store and a secure browser application, the secure browser application operable within the secure user browser environment of the application server to receive web code commands from the third-party online service provider sites and to translate the web code commands into an image protocol for transmission to the local client machine,whereby the application server is operable to build, on-demand, instantiated user sessions that are operated outside the local client machines such that the local client machines receive images representative of accessed web pages without receiving the web code commands from the third-party online service provider sites, andwhereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions, andwhereby the application server is operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the security of the secure system, thereby protecting user data from unauthorized access.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.
-
Citations
14 Claims
-
1. A secure system for providing user interaction with online services, a user accessing the system through a local client machine, the system comprising:
-
a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication; a web authentication server in communication with the user authentication memory, the authentication server operable perform the computer instructions stored in the user authentication memory and to communicate with the local client machine to authenticate that the user on the local client machine is who the user purports to be by comparing user inputs to expected data in accordance with the user authentication indicators stored in the user authentication memory;
whereby the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system;a web analysis server, the web analysis server operable to communicate with third-party online service provider sites associated with the user; a secure user data store comprising user attributes associated with the user for interacting with the third-party online service provider sites; and an application server comprising a secure user browser environment, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from the secure user data store and a secure browser application, the secure browser application operable within the secure user browser environment of the application server to receive web code commands from the third-party online service provider sites and to translate the web code commands into an image protocol for transmission to the local client machine, whereby the application server is operable to build, on-demand, instantiated user sessions that are operated outside the local client machines such that the local client machines receive images representative of accessed web pages without receiving the web code commands from the third-party online service provider sites, and whereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions, and whereby the application server is operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the security of the secure system, thereby protecting user data from unauthorized access. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for establishing a secure, remote user online session operating in a secure service environment, the method comprising:
-
a) establishing an internet-based authentication process for authenticating a remote user access to the secure session through a remote user machine operable to display images representative of accessed web pages without receiving web code from a downstream third-party web server, the internet-based authentication process operating through a web-based communications protocol; b) receiving a user access request from the remote user machine through the web-based communications protocol; c) evaluating an environment around the user access request for initial indicia of user authenticity, whereby the evaluating employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system; d) establishing a remote client application on the remote user machine operable to display images representative of accessed web pages without receiving web code commands from a downstream third-party web server, the remote client application operable to communicate directly with the secure service environment through a secure protocol not employing the web-based communications protocol; e) establishing a user interface window on the remote client application, whereby the communications between the secure service environment and the remote client application through the secure protocol may be conducted with the user through the user interface window and not through the web-based communications protocol; f) conducting an explicit user authentication process with the user through the user interface window; and g) establishing a secure user browsing environment, the secure user browser environment being instantiated with the building of a user browsing session, the secure browser environment including data retrieved from a user data store, the secure browser environment operable as the interface point to the remote client application, the user browsing session operable to interact with the online service provider sites from within the secure user browsing environment and thereby isolate the remote client machine from direct interaction with the internet; whereby the user browsing sessions can be deleted upon termination of the instantiated user sessions; and whereby the secure user browser environment can be established and/or disposed of within the secure service environment, thereby protecting user data from unauthorized access. - View Dependent Claims (9, 10, 11)
-
-
12. A method for redirecting URL queries on a user machine to an online session operating in a secure service environment rather than through a user-machine-based web browser, the method comprising:
-
a) establishing on the user machine a remote client application, the remote client application being a client to the secure service environment and operable to communicate directly with the secure service environment through a secure protocol not employing the user-machine-based web browser; b) establishing logical linkages in one or more applications running on the user machine whereby the remote client application receives URL queries submitted within those applications, thereby avoiding transmission of web-based transactions from the user machine through the user-machine-based web browser; c) authenticating a user based on dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the system, and d) transmitting the URL queries through the remote client application to an application server in the secure service environment, the application server to submit the URL queries using a secure user browser environment operating on the application server and to initiate a web session with a downstream third-party web server associated with the URL queries, the secure user browser environment being instantiated with the building of a user browsing session within the application server, the secure user browser environment including data retrieved from a secure user data store, the application server further operable to build, on demand, instantiated user sessions that are operated outside the user machine, the application server further operable to translate web code commands sent to and received from the downstream third-party web server into an image protocol for further communications from and to the remote client application on the user machine using the secure protocol, whereby the user machine is operable to display images representative of accessed web pages without receiving the web code commands from the downstream third-party web server;
whereby the user browsing sessions can be deleted upon termination of the instantiated user sessions. - View Dependent Claims (13, 14)
-
Specification