×

Credential-free user login to remotely executed applications

  • US 9,866,545 B2
  • Filed: 08/11/2017
  • Issued: 01/09/2018
  • Est. Priority Date: 06/02/2015
  • Status: Active Grant
First Claim
Patent Images

1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:

  • receiving, via a first network, with an intermediary server, a request to access web content at a web content server, wherein;

    the request is received from a client web browser executing on a client computing device, the client computing device being a different computing device from the intermediary server;

    at least some communications between the client web browser and at least some remote websites accessed by the client web browser are relayed by the intermediary server; and

    the intermediary server comprises an intermediary web browser configured to cooperate with the client web browser to form a distributed web browser in which a first subset of webpage state of remotely hosted webpages is mirrored on both the client web browser and the intermediary server and a second subset of webpage state of the remotely hosted webpages is formed on the intermediary server but not on the client web browser;

    determining, at the intermediary server, that the user needs to be authenticated before accessing at least some content reachable via the web content server, wherein an access credential by which the user is authenticated is accessible to the intermediary server but not to the user of the client computing device;

    submitting, from the intermediary server, to a remote server configured to authenticate the user, via a network socket by which the intermediary web browser is connected to a second network, a value by which possession of the access credential is demonstrated, wherein the value is part of the second subset of webpage state and is withheld from the client web browser;

    receiving, by the intermediary web browser, via the network socket by which the intermediary web browser is connected to the second network, instructions to store in web browser memory an access token, poof of possession of which is to be sent with subsequent messages to one or more severs hosting the at least some content to demonstrate the respective message is from an authenticated user; and

    sending, from the intermediary server, to the client web browser executing on the client computing device, via the first network, instructions to store the access token in browser memory of the client web browser, wherein;

    the instructions cause the client web browser to send messages with a value that demonstrates possession of the access token, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×