Method, apparatus, and system for sending credentials securely

US 8,856,873 B2
Filed: 07/30/2012
Issued: 10/07/2014
Est. Priority Date: 03/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

connecting to a remote server using a software application executing in a first local operating environment;

determining in the first local operating environment that the remote server requires a user credential to complete a transaction;

requesting from the first local operating environment to a second local operating environment via a secure interface, that the second local operating environment authenticate the user credential to the remote server;

authenticating with the second local operating environment the user credential in response to the request from the first local operating environment;

communicating the user credential of the user to the remote server from the second local operating environment to initiate a secure session with the remote server; and

communicating in the secure session from the first local operating environment with the remote server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed.

Citations

21 Claims

1. A method comprising:
- connecting to a remote server using a software application executing in a first local operating environment;
  
  determining in the first local operating environment that the remote server requires a user credential to complete a transaction;
  
  requesting from the first local operating environment to a second local operating environment via a secure interface, that the second local operating environment authenticate the user credential to the remote server;
  
  authenticating with the second local operating environment the user credential in response to the request from the first local operating environment;
  
  communicating the user credential of the user to the remote server from the second local operating environment to initiate a secure session with the remote server; and
  
  communicating in the secure session from the first local operating environment with the remote server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the user credential is accessible only in the second local operating environment.
  - 3. The method of claim 1, wherein the software application comprises a plugin to communicate with the second local operating environment.
  - 4. The method of claim 1 comprising:
    - connecting to a database server using the first software application executing in the first local operating environment; and
      
      in the second local operating environment, receiving from the database server a command request string for completing the transaction.
  - 5. The method of claim 1, wherein authenticating further comprises accepting the user credential in the second local operating environment in a secure input mode not visible to the first local operating environment.
  - 6. The method of claim 1, wherein the second local operating environment comprises a manageability engine.
  - 7. The method of claim 1, comprising encrypting the user credential in the second local operating environment before the user credential is communicated to the remote server.
  - 8. The method of claim 1, wherein the first and second local operating environments are executed by a same processing hardware device.

9. An apparatus comprising:
- a computing platform to host a first local operating environment and a second local operating environment, the second local operating environment to operate external to the first local operating environment, the first operating environment to execute a first software application to connect to a remote server, to determine that the remote server requires a user credential to complete a transaction, and to request via a secure interface, and to request via a secure interface that the second local operating environment authenticate the user credential to the remote server, the second local operating environment to execute a second software application to authenticate the user credential in response to the request, and to communicate the user credential of the user to the remote server, wherein the first local operating environment is to communicate in the secure session with the remote server; and
  
  an input device to collect the user input for reception in the second local operating environment.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9, wherein the user credential is accessible only in the second local operating environment.
  - 11. The apparatus of claim 9, wherein the software application comprises a plugin to communicate with the second local operating environment.
  - 12. The apparatus of claim 9, wherein:
    - the first software application is to connect to a database server; and
      
      the second software application to receive from the database server an https string for completing the transaction.
  - 13. The apparatus of claim 9, wherein the second local operating environment is a manageability engine.
  - 14. The apparatus of claim 9, wherein the first and second local operating environments are executed by a same processing hardware device.

15. A method comprising:
- connecting to a remote application from a host operating environment;
  
  determining with the host operating environment that the remote application requires a user credential for completion of a transaction;
  
  determining that the remote application supports completing the transaction from a secure local operating environment, the secure local operating environment operating external to the host operating environment;
  
  providing an out-of-band connection for the remote application to communicate with the secure local operating environment, the out-of-band connection being inaccessible to the host operating environment;
  
  receiving in the secure local operating environment via the out-of-band connection a string for completing the transaction;
  
  in the secure local operating environment, determining a user is authorized to complete the transaction based on a user input to the secure local operating environment, the user input received by the secure local operating environment in a secure input mode not visible to the host operating environment; and
  
  in response to determining the user is authorized to complete the transaction, communicating the user credential to the remote application via the out-of-band connection.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein confirming comprises:
    - connecting to a database of supported applications; and
      
      confirming an entry referencing the remote application is in the database.
  - 17. The method of claim 15, comprising:
    - receiving in the secure local operating environment from the remote application session information after completing the transaction; and
      
      passing the session information to the host operating environment.

18. A non-transitory processor-readable storage medium having stored thereon instructions that, if executed by a processor, cause the processor to perform a method comprising:
- connecting to a remote server using a software application executing in a first local operating environment;
  
  determining in the first local operating environment that the remote server requires a user credential to complete a transaction;
  
  requesting from the first local operating environment to a second local operating environment via a secure interface, that the second local operating environment authenticate the user credential to the remote server;
  
  authenticating with the second local operating environment the user credential in response to the request from the first local operating environment;
  
  communicating the user credential of the user to the remote server from the second local operating environment to initiate a secure session with the remote server; and
  
  communicating in the secure session from the first local operating environment with the remote server.
- View Dependent Claims (19, 20, 21)
- - 19. The processor-readable storage medium of claim 18, further comprising instructions that if executed by a processor, cause the processor to perform the method wherein the user credential is accessible only in the second local operating environment.
  - 20. The processor-readable storage medium of claim 18, further comprising instructions that if executed by a processor, cause the processor to perform the method wherein the software application comprises a plugin to communicate with the second local operating environment.
  - 21. The processor-readable storage medium of claim 18, wherein the instructions cause a processor device to execute both the first and second local operating environments.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Chhabra, Jasmeet
Primary Examiner(s)
Song, Hosuk

Application Number

US13/562,054
Publication Number

US 20130191888A1
Time in Patent Office

799 Days
Field of Search

726 2- 7, 713168-170, 713182-186, 709/225, 709228-229
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/606   by securing the transmissio...

G06F 21/83   input devices, e.g. keyboar...

G06F 9/44526   Plug-ins; Add-ons

G06Q 20/10   specially adapted for elect...

G06Q 20/356   Aspects of software for car...

G06Q 20/3567   Software being in the reader

G06Q 20/35765   Access rights to memory zones

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G07F 19/208   Use of an ATM as a switch o...

H04L 63/08   for authentication of entit...

H04L 63/1483   service impersonation, e.g....

H04L 63/166   at the transport layer

Method, apparatus, and system for sending credentials securely

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus, and system for sending credentials securely

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links