Dynamic web services systems and method for use of personal trusted devices and identity tokens

US 8,364,968 B2
Filed: 05/17/2007
Issued: 01/29/2013
Est. Priority Date: 05/19/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented server comprising:

a processor configured to;

receive a service request from a client computing device;

detect, in response to receiving the service request, a web browser type and a platform type of the client computing device;

select a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine;

send the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device;

receive, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device;

select identifying instructions based upon the type and capabilities of the identifying device;

send the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and

verify a user of the client computing device based on communications between the server and the identifying device, and using the key.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention involves one or more computers that provide software controls to enable a web application to interface with a personal trusted device. The server side of the computer system comprises: a server-based framework process; a device for receiving requests from the client computer and determining which software controls to send in response; and a device for digitally signing and encrypting the software controls before sending them to the client computer so that their authenticity can be verified. The client side of the computer system comprises: a client web browser that runs on a computer; a device for transmitting requests to the server computer and for receiving responses from those requests; a device for decrypting software controls so that the authenticity of their digital signature can be verified; and a connection to one or more personal trusted devices. An authentication proxy may be used to mutually authenticate a client user and server process using personal trusted devices.

109 Citations

View as Search Results

20 Claims

1. A computer-implemented server comprising:
- a processor configured to;
  
  receive a service request from a client computing device;
  
  detect, in response to receiving the service request, a web browser type and a platform type of the client computing device;
  
  select a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine;
  
  send the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device;
  
  receive, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device;
  
  select identifying instructions based upon the type and capabilities of the identifying device;
  
  send the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and
  
  verify a user of the client computing device based on communications between the server and the identifying device, and using the key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server of claim 1 wherein the processor is further configured to encrypt data before sending it to the client computing device.
  - 3. The server of claim 1 wherein the client computing device is one of a personal computer connected to a communications network, a telephone, a user key fob, or other wired or wireless computing device that is able to access the server.
  - 4. The server of claim 1 wherein the identifying device is one of a biometric device, a smart card, or other identity verification device.
  - 5. The server of claim 1 wherein the processor is further configured to communicate using secure socket layer communication.
  - 6. The server of claim 1 wherein the processor is further configured to send proxy agent instructions for interacting with the identifying device.

7. A computing device comprising:
- a processor configured to;
  
  execute a client browser on the computing device;
  
  send a server request over a network to a server, wherein the server request includes information that identifies a web browser type of the client browser and a platform type of the computing device;
  
  receive, from the server in response to sending the server request, a token browser control and a token discovery module, wherein the token browser control is selected based on the web browser type and the platform type, wherein the token browser control includes a virtual machine that allows the token discovery module to operate independently of the web browser type and the platform type at the computing device;
  
  execute the token discovery module within the virtual machine to ascertain and send, to the server, information related to a type and capabilities of an identifying device in communication with the computing device;
  
  receive, from the server, identifying instructions with a key, wherein the identifying instructions are selected based upon the type and capabilities of the identifying device, and wherein the selected identifying instructions enable server interaction with the identifying device using the key; and
  
  provide authentication of a transaction at the computing device using the identifying instructions, the identifying device, and the key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computing device of claim 7 wherein the processor is further configured to decrypt data received by the computing device.
  - 9. The computing device of claim 7 wherein the computing device is one of a personal computer connected to a communications network, a web-enabled cell phone, a web enabled PDA, or other wired or wireless computing device that is able to access the server.
  - 10. The computing device of claim 7 wherein the identifying device is one of a biometric device, a smart card, or other identity verification device.
  - 11. The computing device of claim 7 wherein the processor is further configured to communicate using secure socket layer communication.
  - 12. The computing device of claim 7 wherein the processor is further configured to receive proxy agent instructions and to send the service request to the server using the proxy agent instructions.

13. A computer-implemented method comprising:
- receiving a service request at a server from a client computing device;
  
  detecting, in response to receiving the service request, a web browser type and a platform type of the client computing device;
  
  selecting a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine;
  
  sending the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device;
  
  receiving, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device;
  
  selecting identifying instructions based upon the type and capabilities of the identifying device;
  
  sending the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and
  
  authenticating a transaction at the client computing device using the identifying instructions, the identifying device, and the key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein authenticating comprises authenticating with one of a personal computer connected to a communications network, a web-enabled cell phone, a web-enabled PDA, or other wired or wireless computing device that is able to access the server.
  - 15. The method of claim 13 wherein the identifying device is one of a biometric device, a smart card, or other identity verification device.
  - 16. The method of claim 13 wherein communication with the client computing device uses a secure socket layer communication.
  - 17. The method of claim 13 further comprising sending proxy agent instructions to the client computing device to broker legacy authentication methods.
  - 18. The method of claim 17 further comprising using a diversified key with the proxy agent instructions to authenticate a user of the client computing device.
  - 19. The method of claim 13 further comprising storing transaction information relating to the identifying device.
  - 20. The method of claim 13 wherein authenticating comprises determining a trusted status of a secure application by the identifying device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Osgood, Christopher, Corcoran, David T
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/750,077
Publication Number

US 20070300057A1
Time in Patent Office

2,084 Days
Field of Search

713/182, 713/185, 713/186
US Class Current

713/182
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/123   received data contents, e.g...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Dynamic web services systems and method for use of personal trusted devices and identity tokens

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic web services systems and method for use of personal trusted devices and identity tokens

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links