Secure network computing
First Claim
1. A host based security system for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the system comprising:
- a credential host being in communication with the network and having the user credentials of the user of the local computer stored thereat, wherein the credential host intercepts a request transmitted onto the network by the local computer to connect securely to the destination site and further wherein the credential host in response to intercepting the request transmits the user credentials onto the network; and
an auxiliary device associated with the user of the local computer, the credential host having a credential authentication policy under which the user credentials upon being authenticated at the credential host authorizes the credential host to be responsive to the request received from the local computer, the auxiliary device being in communication with the credential host, the user credentials being entered at the auxiliary device and transmitted to the credential host;
wherein the destination site upon receipt of the user credentials executes the credential authentication policy with the received user credentials and further wherein in the event the received user credentials are authenticated the destination site transmits secure session information onto the network;
wherein the local computer upon receipt of the session information establishes a secure communication session with the destination site;
wherein the session information is received from the network at the credential host and retransmitted therefrom to the local computer such that upon receipt of the session information at the local computer the communication session is established between the local computer and the destination site;
wherein a computer-to-host communication session exists between the local computer and the credential host and a host-to-site communication session exists between the credential host and the destination site;
wherein the request is transmitted from the local computer over the computer-to-host communication session and retransmitted from the credential host over the host-to-site communication session; and
wherein the local computer includes a proxy controlled by the credential host such that data communicated between the local computer and the destination during the communication session is routed through the credential host.
2 Assignments
0 Petitions
Accused Products
Abstract
A host based security system for a computer network includes in communication with the network a credential host that is operative in concert with a local computer and a destination site. The destination site has a credential authentication policy under which credentials associated with the local computer upon being authenticated authorizes data to be communicated between each of the destination site and the local computer during a communication session over the network. The credential host stores the credentials to be used by the destination and is operative to transmit the credentials onto the network in response to a request received from the local computer. The destination site upon the credentials being received and authenticated thereat is operative to transmit session information onto the network. The local computer is then operative to commence the communication session upon receipt of said the information.
9 Citations
38 Claims
-
1. A host based security system for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the system comprising:
-
a credential host being in communication with the network and having the user credentials of the user of the local computer stored thereat, wherein the credential host intercepts a request transmitted onto the network by the local computer to connect securely to the destination site and further wherein the credential host in response to intercepting the request transmits the user credentials onto the network; and an auxiliary device associated with the user of the local computer, the credential host having a credential authentication policy under which the user credentials upon being authenticated at the credential host authorizes the credential host to be responsive to the request received from the local computer, the auxiliary device being in communication with the credential host, the user credentials being entered at the auxiliary device and transmitted to the credential host; wherein the destination site upon receipt of the user credentials executes the credential authentication policy with the received user credentials and further wherein in the event the received user credentials are authenticated the destination site transmits secure session information onto the network; wherein the local computer upon receipt of the session information establishes a secure communication session with the destination site; wherein the session information is received from the network at the credential host and retransmitted therefrom to the local computer such that upon receipt of the session information at the local computer the communication session is established between the local computer and the destination site; wherein a computer-to-host communication session exists between the local computer and the credential host and a host-to-site communication session exists between the credential host and the destination site; wherein the request is transmitted from the local computer over the computer-to-host communication session and retransmitted from the credential host over the host-to-site communication session; and wherein the local computer includes a proxy controlled by the credential host such that data communicated between the local computer and the destination during the communication session is routed through the credential host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A host based security method for a computer network having a local computer and a destination site in communication therewith to eliminate substantially detection at the local computer of the input of user credentials which uniquely identify a user of the local computer wherein the destination site has associated therewith a credential authentication policy under which the user credentials when received at the destination site are authenticated with respect to registered credentials stored in association with the destination site, the method comprising steps of:
-
storing at a credential host the user credentials of the user of the local computer, the credential host being communication with the network; intercepting at the credential host a request transmitted onto the network by the local computer to connect securely to the destination site; transmitting the user credentials onto the network from the credential host in response to intercepting the request; executing at the destination site upon receipt of the user credentials the credential authentication policy with the received user credentials; transmitting onto the network from the destination site in the event the received user credentials are authenticated secure session information; establishing a secure communication session at the local computer upon receipt of the session information; and entering at an auxiliary device user credentials associated with a user of the local computer and transmitting by the auxiliary device the user credentials to the credential host, the credential host having a credential authentication policy under which credentials associated with a user of the local computer upon being authenticated authorizes the credential host to be responsive to the request received from the local computer, the auxiliary device being in communication with the credential host; wherein the credentials transmitting step transmits the credentials to the destination site and the session information transmitting step includes the steps of transmitting the session information from the destination site to the credential host and retransmitting the session information from the credential host to the local computer such that upon receipt of the session information at the local computer the communication session is established between the local computer and the destination site; wherein a computer-to-host communication session exists between the local computer and the credential host and a host-to-site communication session exists between the credential host and the destination site, and further wherein the request is a request to connect to the destination site transmitted from the local computer over the computer-to-host communication session and retransmitted from the credential host over the host-to-site communication session; and wherein the local computer includes a proxy controlled by the credential host such that data communicated between the local computer and the destination site during the communication session is routed through the credential host. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification