Web authentication using client platform root of trust
First Claim
Patent Images
1. A device for device-specific web authentication, the device comprising:
- at least one processor arranged to;
request a website to be accessed; and
access the website in response to a website access initiation from an authorization module on a server; and
a secure execution environment arranged to;
store a device-stored uniform resource identifier representing an address of the website to be accessed;
send the device-stored uniform resource identifier to the authorization module;
receive a server-stored uniform resource identifier representing the address of the website to be accessed from the authorization module;
compare the server-stored uniform resource identifier to the device-stored uniform resource identifier and make a validity determination valid if they match and invalid otherwise;
send the validity determination to the authorization module in response to a validation of the server-stored uniform resource identifier by the secure execution environment, the website access initiation being based on the validity determination;
send a provisioning request to the authorization module to configure the device to securely access the website, the provisioning request including credentials of a user having an account associated with the website; and
receive the device-stored uniform resource identifier after the authorization module has determined that the credentials are valid and that the device is associated with the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for performing web authentication using a client platform root of trust are disclosed herein. Website and user validity and integrity may be authenticated based on the user device'"'"'s attempt to access the website. A user device may securely access the website once the user device is successfully authenticated with a server. In an embodiment, the user device may perform an authentication of the website to ensure the website is a valid entity.
16 Citations
20 Claims
-
1. A device for device-specific web authentication, the device comprising:
-
at least one processor arranged to; request a website to be accessed; and access the website in response to a website access initiation from an authorization module on a server; and a secure execution environment arranged to; store a device-stored uniform resource identifier representing an address of the website to be accessed; send the device-stored uniform resource identifier to the authorization module; receive a server-stored uniform resource identifier representing the address of the website to be accessed from the authorization module; compare the server-stored uniform resource identifier to the device-stored uniform resource identifier and make a validity determination valid if they match and invalid otherwise; send the validity determination to the authorization module in response to a validation of the server-stored uniform resource identifier by the secure execution environment, the website access initiation being based on the validity determination; send a provisioning request to the authorization module to configure the device to securely access the website, the provisioning request including credentials of a user having an account associated with the website; and receive the device-stored uniform resource identifier after the authorization module has determined that the credentials are valid and that the device is associated with the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for web authentication, the method comprising:
-
responsive to a request to access a website using a device having a secure execution environment, the device arranged to use a client platform root of trust, sending to a server a device-stored web address of the website stored at the secure execution environment, the device-stored web address being specific to the device; receiving at the secure execution environment on the device, a server-stored web address of the website as stored at the server, the server-stored web address being specific to the device; determining, via the secure execution environment, whether the server-stored web address is valid, including comparing the server-stored web address to the device-stored web address and making a validity determination valid if they match and invalid otherwise; initiating access to the website if the server-stored web address is valid and if the server determines that the device-stored web address is valid; sending to the server a request to configure the device to securely access the website including sending credentials of a user having an account associated with the website; receiving at the secure execution environment the device-stored web address after the server has determined that the credentials are valid and that the device is associated with the user; and storing the device-stored web address at the secure execution environment. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An authorization module for device-specific web authentication, the authorization module arranged to:
-
receive a provisioning request to access a website from a device having a secure execution environment, the provisioning request to configure the device to securely access the website, and the provisioning request including credentials of a user having an account associated with the website; perform a validation of whether the credentials are valid and that the device is associated with the user and, in response to a positive validation send a uniform resource identifier to be stored in the secure execution environment of the device as a device-stored uniform resource identifier, and representing an address of the website; thereafter, receive the device-stored uniform resource identifier from the device, the device-stored uniform resource identifier being stored in the secure execution environment and representing an address of the website; send a server-stored uniform resource identifier to the secure execution environment, the server-stored uniform resource identifier representing the address of the website; and provide access to the website in response to a determination that the device-stored uniform resource identifier is valid and in response to a comparison of the server-stored web address to the device-stored web address to produce a determination by the secure execution environment that the server-stored uniform resource identifier is valid; wherein the determination that the device-stored uniform resource identifier is valid is provided by the authorization module being arranged to compare the device-stored uniform resource identifier to the server-stored uniform resource identifier and find it valid if they match and invalid otherwise. - View Dependent Claims (19)
-
-
20. A method for web authentication to control access to a web site, the method comprising:
-
receiving at a server a device-stored web address of the website stored at a secure environment, the device-stored web address being a web address specific to the device, the device arranged to use a client platform root of trust; sending from the server to the secure execution environment on the device a server-stored web address of the website stored at the server; determining, via the server, whether the device-stored web address is valid; providing access to the website if the device-stored web address is valid and if the secure execution environment of the device determines that the server-stored web address is valid based on a comparison between the server-stored web address to the device-stored web address; receiving at the server a request to configure the device to securely access the website including receiving credentials of a user having an account associated with the website; determining whether the credentials are valid and whether the device is associated with the user; generating the device-stored web address if the credentials are valid and if the device is associated with the user; and sending to the secure execution environment the device-stored web address, wherein the device-stored web address is stored at the secure execution environment.
-
Specification