Disposable browsers and authentication techniques for a secure online user environment

US 9,461,982 B2
Filed: 07/07/2014
Issued: 10/04/2016
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:

a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;

a web authentication server in communication with the user authentication memory; and

an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application operable to configure a secure access channel to remotely control a secure disposable browser using a local client machine, the secure browser application being further operable to;

receive a result determined by the web authentication server, the result based upon data received from a thin client process running on the local client machine;

generate data for passing to the local client machine, the data for instructing the thin client process to access the secure disposable browser;

provide the generated data from the application server to the local client machine using a secure access channel, the secure access channel for controlling the secure disposable browser;

receive web code commands from an online service provider site;

translate the received web code commands into an image protocol for transmission via the secure access channel to the local client machine;

receive user-generated inputs via the secure access channel; and

process the user-generated inputs via the secure disposable browser, such that the user-generated inputs are passed via the secure disposable browser to the online service provider site;

whereby the application server configures the secure access channel to the local client machine to display the image protocol as images representative of accessed web pages displayed by the local client machine, the images displayed without the local client machine receiving the web code commands from the online service provider site, such that control of the secure disposable browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine; and

the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

26 Citations

View as Search Results

26 Claims

1. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
  
  a web authentication server in communication with the user authentication memory; and
  
  an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application operable to configure a secure access channel to remotely control a secure disposable browser using a local client machine, the secure browser application being further operable to;
  
  receive a result determined by the web authentication server, the result based upon data received from a thin client process running on the local client machine;
  
  generate data for passing to the local client machine, the data for instructing the thin client process to access the secure disposable browser;
  
  provide the generated data from the application server to the local client machine using a secure access channel, the secure access channel for controlling the secure disposable browser;
  
  receive web code commands from an online service provider site;
  
  translate the received web code commands into an image protocol for transmission via the secure access channel to the local client machine;
  
  receive user-generated inputs via the secure access channel; and
  
  process the user-generated inputs via the secure disposable browser, such that the user-generated inputs are passed via the secure disposable browser to the online service provider site;
  
  whereby the application server configures the secure access channel to the local client machine to display the image protocol as images representative of accessed web pages displayed by the local client machine, the images displayed without the local client machine receiving the web code commands from the online service provider site, such that control of the secure disposable browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine; and
  
  the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The secure system according to claim 1, further comprising:
    - a policy database memory comprising usage policies for multiple users;
      
      a policy portal server connected to the policy database memory and accessible by an administrator to set security policies for one or more users of the secure system.
  - 3. The secure system according to claim 2, wherein the administrator is one of the one or more users, whereby the administrator is enabled to set his own user security policies.
  - 4. The secure system according to claim 2, wherein the administrator can set certain usage policies on behalf of individual user accounts or globally for multiple users.
  - 5. The secure system according to claim 1, wherein the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the secure system.
  - 6. The secure system according to claim 5, wherein the dynamic authentication procedures change randomly, such as to avoid automated attacks.
  - 7. The secure system according to claim 1, wherein the private user areas comprise disposable browsers that perform the accessing of the online service provider site.
  - 8. The secure system of claim 1, wherein the user may access the secure system initially through a standard local browser running on the user'"'"'s local machine.
  - 9. The secure system of claim 8, wherein the standard local browser initially accesses the secure system via an encrypted HTTPS connection, wherein the encrypted HTTPS connection connects to a web authentication server within the secure service environment.

10. A method for providing user interaction with online services within a secure system provided to a local client machine using a configured secure access channel, the method comprising:
- receiving a result determined by an authentication server, the authentication server comprising a hardware processor associated with a computing device, the result determined based upon data from a thin client process running on a local client machine;
  
  generating data for passing to the local client machine, the data constituting session file contents for instructing the thin client process to access an application server comprising a secure browser application;
  
  configuring a secure access channel based on indications received in response to the passed session file contents, the secure access channel operable to provide an interface for the local client machine to control the secure browser application using a protocol that is restricted to providing display data to the local client machine and to receiving user input data from the local client machine;
  
  receiving, at the secure browser application, web code commands from an online service provider site;
  
  translating the received web code commands into display data comprising an image protocol for transmission via the configured secure access channel to the local client machine;
  
  enabling the local client machine to transmit the user-generated inputs and to display the images representative of accessed web pages;
  
  receiving user-generated inputs via the secure access channel; and
  
  passing the inputs via the secure browser application to the online service provider site;
  
  whereby control of the secure browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, further comprising storing user credentials for the online service provider site and using the user credentials to login to the online service provider site on behalf of users.
  - 12. The method of claim 11, further comprising resetting a user'"'"'s credentials with the online service provider site to provide further security of the user'"'"'s access to the site.
  - 13. The method of claim 10, further operable to validate the online service provider site and to provide access to, deny access to, or provide information to users about the online service provider site in accordance with usage policies stored in a policy database.
  - 14. The method of claim 10, further comprising employing dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the secure system.
  - 15. The method of claim 14 wherein the dynamic authentication procedures change randomly, such as to avoid automated attacks.
  - 16. The secure system of claim 10, wherein the user may access the secure system initially through a standard local browser running on the user'"'"'s local machine.
  - 17. The secure system of claim 16, wherein the standard local browser initially accesses the secure system via an encrypted HTTPS connection, wherein the encrypted HTTPS connection connects to a web authentication server within the secure service environment.

18. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
  
  a web authentication server in communication with the user authentication memory the web authentication server for determining a result based upon data received from a thin client process running on a local client machine; and
  
  an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application, the secure browser application operable to provide an interface for the local client machine to remotely control the secure browser using a secure access channel configured between the local client machine and the application server, the secure browser application being further operable to translate the web code commands into an image protocol for transmission through the configured secure access channel to the local client machine,the application server being further operable to build, on-demand, instantiated user sessions that are operated outside the local client machine and are remotely controlled by the local client machine using the configured secure access channel, such that the application server provides images representative of accessed web pages for display by the local machine without the application server providing the web code commands from the online service provider site to the local client machine, such that providing control of the secure disposable browser via images through use of the secure access channel by the client machine operates to allow the execution of the web code within the secure system rather than the local client machine, and whereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions; and
  
  the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The secure system according to claim 18, further comprising:
    - a policy database memory comprising usage policies for multiple users;
      
      a policy portal server connected to the policy database memory and accessible by an administrator to set security policies for one or more users of the secure system.
  - 20. The secure system according to claim 19, wherein the administrator is one of the one or more users, whereby the administrator is enabled to set his own user security policies.
  - 21. The secure system according to claim 19, wherein the administrator can set certain usage policies on behalf of individual user accounts or globally for multiple users.
  - 22. The secure system according to claim 18, wherein the web authentication server employs dynamic authentication procedures in accordance with detected environmental variables associated with the local client machine from which the user is accessing the secure system.
  - 23. The secure system according to claim 22, wherein the dynamic authentication procedures change randomly, such as to avoid automated attacks.
  - 24. The secure system according to claim 18, wherein the private user areas comprise disposable browsers that perform the accessing of the online service provider site.
  - 25. The secure system of claim 18, wherein the user may access the secure system initially through a standard local browser running on the user'"'"'s local machine.
  - 26. The secure system of claim 25, wherein the standard local browser initially accesses the secure system via an encrypted HTTPS connection, wherein the encrypted HTTPS connection connects to a web authentication server within the secure service environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentic8, Inc.
Original Assignee
Authentic8, Inc.
Inventors
Rajagopal, Ramesh, Tosh, James K., Cox, Fredric L., Nguyen, Perry F., Champion, Jason T.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US14/325,128
Publication Number

US 20140325589A1
Time in Patent Office

820 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/313   using a call-back technique...

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

G06F 21/43   wireless channels

G06F 21/53   by executing in a restricte...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Disposable browsers and authentication techniques for a secure online user environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Disposable browsers and authentication techniques for a secure online user environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others