Disposable browsers and authentication techniques for a secure online user environment
First Claim
1. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:
- a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication;
a web authentication server in communication with the user authentication memory; and
an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application operable to configure a secure access channel to remotely control a secure disposable browser using a local client machine, the secure browser application being further operable to;
receive a result determined by the web authentication server, the result based upon data received from a thin client process running on the local client machine;
generate data for passing to the local client machine, the data for instructing the thin client process to access the secure disposable browser;
provide the generated data from the application server to the local client machine using a secure access channel, the secure access channel for controlling the secure disposable browser;
receive web code commands from an online service provider site;
translate the received web code commands into an image protocol for transmission via the secure access channel to the local client machine;
receive user-generated inputs via the secure access channel; and
process the user-generated inputs via the secure disposable browser, such that the user-generated inputs are passed via the secure disposable browser to the online service provider site;
whereby the application server configures the secure access channel to the local client machine to display the image protocol as images representative of accessed web pages displayed by the local client machine, the images displayed without the local client machine receiving the web code commands from the online service provider site, such that control of the secure disposable browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine; and
the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.
26 Citations
26 Claims
-
1. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:
-
a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication; a web authentication server in communication with the user authentication memory; and an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application operable to configure a secure access channel to remotely control a secure disposable browser using a local client machine, the secure browser application being further operable to; receive a result determined by the web authentication server, the result based upon data received from a thin client process running on the local client machine; generate data for passing to the local client machine, the data for instructing the thin client process to access the secure disposable browser; provide the generated data from the application server to the local client machine using a secure access channel, the secure access channel for controlling the secure disposable browser; receive web code commands from an online service provider site; translate the received web code commands into an image protocol for transmission via the secure access channel to the local client machine; receive user-generated inputs via the secure access channel; and process the user-generated inputs via the secure disposable browser, such that the user-generated inputs are passed via the secure disposable browser to the online service provider site; whereby the application server configures the secure access channel to the local client machine to display the image protocol as images representative of accessed web pages displayed by the local client machine, the images displayed without the local client machine receiving the web code commands from the online service provider site, such that control of the secure disposable browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine; and the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing user interaction with online services within a secure system provided to a local client machine using a configured secure access channel, the method comprising:
-
receiving a result determined by an authentication server, the authentication server comprising a hardware processor associated with a computing device, the result determined based upon data from a thin client process running on a local client machine; generating data for passing to the local client machine, the data constituting session file contents for instructing the thin client process to access an application server comprising a secure browser application; configuring a secure access channel based on indications received in response to the passed session file contents, the secure access channel operable to provide an interface for the local client machine to control the secure browser application using a protocol that is restricted to providing display data to the local client machine and to receiving user input data from the local client machine; receiving, at the secure browser application, web code commands from an online service provider site; translating the received web code commands into display data comprising an image protocol for transmission via the configured secure access channel to the local client machine; enabling the local client machine to transmit the user-generated inputs and to display the images representative of accessed web pages; receiving user-generated inputs via the secure access channel; and passing the inputs via the secure browser application to the online service provider site; whereby control of the secure browser via images through use of the secure access channel by the local client machine operates to allow the execution of the web code within the secure system rather than the local client machine. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A secure system for providing user interaction with online services, a user accessing the secure system through a local client machine, the secure system comprising:
-
a user authentication memory comprising user authentication indicators and computer instructions for performing user authentication; a web authentication server in communication with the user authentication memory the web authentication server for determining a result based upon data received from a thin client process running on a local client machine; and an application server comprising a hardware processor associated with a computing device, said hardware processor programmed to provide a secure browser application, the secure browser application operable to provide an interface for the local client machine to remotely control the secure browser using a secure access channel configured between the local client machine and the application server, the secure browser application being further operable to translate the web code commands into an image protocol for transmission through the configured secure access channel to the local client machine, the application server being further operable to build, on-demand, instantiated user sessions that are operated outside the local client machine and are remotely controlled by the local client machine using the configured secure access channel, such that the application server provides images representative of accessed web pages for display by the local machine without the application server providing the web code commands from the online service provider site to the local client machine, such that providing control of the secure disposable browser via images through use of the secure access channel by the client machine operates to allow the execution of the web code within the secure system rather than the local client machine, and whereby the on-demand user sessions can be deleted upon termination of the instantiated user sessions; and the application server being further operable to establish private user areas, wherein the private user areas can be established and/or disposed of within the secure system, thereby protecting user data from unauthorized access. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification