Credential-free user login to remotely executed applications
First Claim
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
- receiving, via a first network, with an intermediary server, a request to access web content at a web content server, wherein;
the request is received from a client web browser executing on a client computing device, the client computing device being a different computing device from the intermediary server;
at least some communications between the client web browser and at least some remote websites accessed by the client web browser are relayed by the intermediary server; and
the intermediary server comprises an intermediary web browser configured to cooperate with the client web browser to form a distributed web browser in which a first subset of webpage state of remotely hosted webpages is mirrored on both the client web browser and the intermediary server and a second subset of webpage state of the remotely hosted webpages is formed on the intermediary server but not on the client web browser;
determining, at the intermediary server, that the user needs to be authenticated before accessing at least some content reachable via the web content server, wherein an access credential by which the user is authenticated is accessible to the intermediary server but not to the user of the client computing device;
submitting, from the intermediary server, to a remote server configured to authenticate the user, via a network socket by which the intermediary web browser is connected to a second network, a value by which possession of the access credential is demonstrated, wherein the value is part of the second subset of webpage state and is withheld from the client web browser;
receiving, by the intermediary web browser, via the network socket by which the intermediary web browser is connected to the second network, instructions to store in web browser memory an access token, poof of possession of which is to be sent with subsequent messages to one or more severs hosting the at least some content to demonstrate the respective message is from an authenticated user; and
sending, from the intermediary server, to the client web browser executing on the client computing device, via the first network, instructions to store the access token in browser memory of the client web browser, wherein;
the instructions cause the client web browser to send messages with a value that demonstrates possession of the access token, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
-
Citations
20 Claims
-
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
-
receiving, via a first network, with an intermediary server, a request to access web content at a web content server, wherein; the request is received from a client web browser executing on a client computing device, the client computing device being a different computing device from the intermediary server; at least some communications between the client web browser and at least some remote websites accessed by the client web browser are relayed by the intermediary server; and the intermediary server comprises an intermediary web browser configured to cooperate with the client web browser to form a distributed web browser in which a first subset of webpage state of remotely hosted webpages is mirrored on both the client web browser and the intermediary server and a second subset of webpage state of the remotely hosted webpages is formed on the intermediary server but not on the client web browser; determining, at the intermediary server, that the user needs to be authenticated before accessing at least some content reachable via the web content server, wherein an access credential by which the user is authenticated is accessible to the intermediary server but not to the user of the client computing device; submitting, from the intermediary server, to a remote server configured to authenticate the user, via a network socket by which the intermediary web browser is connected to a second network, a value by which possession of the access credential is demonstrated, wherein the value is part of the second subset of webpage state and is withheld from the client web browser; receiving, by the intermediary web browser, via the network socket by which the intermediary web browser is connected to the second network, instructions to store in web browser memory an access token, poof of possession of which is to be sent with subsequent messages to one or more severs hosting the at least some content to demonstrate the respective message is from an authenticated user; and sending, from the intermediary server, to the client web browser executing on the client computing device, via the first network, instructions to store the access token in browser memory of the client web browser, wherein; the instructions cause the client web browser to send messages with a value that demonstrates possession of the access token, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving, via a first network, with an intermediary server, a request to access web content at a web content server, wherein; the request is received from a client web browser executing on a client computing device, the client computing device being a different computing device from the intermediary server; at least some communications between the client web browser and at least some remote websites accessed by the client web browser are relayed by the intermediary server; and the intermediary server comprises an intermediary web browser configured to cooperate with the client web browser to form a distributed web browser in which a first subset of webpage state of remotely hosted webpages is mirrored on both the client web browser and the intermediary server and a second subset of webpage state of the remotely hosted webpages is formed on the intermediary server but not on the client web browser; determining, at the intermediary server, that the user needs to be authenticated before accessing at least some content reachable via the web content server, wherein an access credential by which the user is authenticated is accessible to the intermediary server but not to the user of the client computing device; submitting, from the intermediary server, to a remote server configured to authenticate the user, via a network socket by which the intermediary web browser is connected to a second network, a value by which possession of the access credential is demonstrated, wherein the value is part of the second subset of webpage state and is withheld from the client web browser; receiving, by the intermediary web browser, via the network socket by which the intermediary web browser is connected to the second network, instructions to store in web browser memory an access token, poof of possession of which is to be sent with subsequent messages to one or more severs hosting the at least some content to demonstrate the respective message is from an authenticated user; and sending, from the intermediary server, to the client web browser executing on the client computing device, via the first network, instructions to store the access token in browser memory of the client web browser, wherein; the instructions cause the client web browser to send messages with a value that demonstrates possession of the access token, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
-
Specification