Dynamic web services systems and method for use of personal trusted devices and identity tokens
First Claim
1. A computer-implemented server comprising:
- a processor configured to;
receive a service request from a client computing device;
detect, in response to receiving the service request, a web browser type and a platform type of the client computing device;
select a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine;
send the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device;
receive, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device;
select identifying instructions based upon the type and capabilities of the identifying device;
send the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and
verify a user of the client computing device based on communications between the server and the identifying device, and using the key.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention involves one or more computers that provide software controls to enable a web application to interface with a personal trusted device. The server side of the computer system comprises: a server-based framework process; a device for receiving requests from the client computer and determining which software controls to send in response; and a device for digitally signing and encrypting the software controls before sending them to the client computer so that their authenticity can be verified. The client side of the computer system comprises: a client web browser that runs on a computer; a device for transmitting requests to the server computer and for receiving responses from those requests; a device for decrypting software controls so that the authenticity of their digital signature can be verified; and a connection to one or more personal trusted devices. An authentication proxy may be used to mutually authenticate a client user and server process using personal trusted devices.
109 Citations
20 Claims
-
1. A computer-implemented server comprising:
a processor configured to; receive a service request from a client computing device; detect, in response to receiving the service request, a web browser type and a platform type of the client computing device; select a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine; send the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device; receive, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device; select identifying instructions based upon the type and capabilities of the identifying device; send the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and verify a user of the client computing device based on communications between the server and the identifying device, and using the key. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computing device comprising:
-
a processor configured to; execute a client browser on the computing device; send a server request over a network to a server, wherein the server request includes information that identifies a web browser type of the client browser and a platform type of the computing device; receive, from the server in response to sending the server request, a token browser control and a token discovery module, wherein the token browser control is selected based on the web browser type and the platform type, wherein the token browser control includes a virtual machine that allows the token discovery module to operate independently of the web browser type and the platform type at the computing device; execute the token discovery module within the virtual machine to ascertain and send, to the server, information related to a type and capabilities of an identifying device in communication with the computing device; receive, from the server, identifying instructions with a key, wherein the identifying instructions are selected based upon the type and capabilities of the identifying device, and wherein the selected identifying instructions enable server interaction with the identifying device using the key; and provide authentication of a transaction at the computing device using the identifying instructions, the identifying device, and the key. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-implemented method comprising:
-
receiving a service request at a server from a client computing device; detecting, in response to receiving the service request, a web browser type and a platform type of the client computing device; selecting a token browser control based on the web browser type and the platform type of the client computing device, wherein the token browser control includes a virtual machine; sending the token browser control and a token discovery module to the client computing device, wherein the virtual machine allows the token discovery module to operate independently of the web browser type and the platform type at the client computing device; receiving, from the token discovery module executed by the virtual machine at the client computing device, information related to a type and capabilities of an identifying device in communication with the client computing device; selecting identifying instructions based upon the type and capabilities of the identifying device; sending the selected identifying instructions with a key, wherein the selected identifying instructions enable server interaction with the identifying device on the client computing device using the key; and authenticating a transaction at the client computing device using the identifying instructions, the identifying device, and the key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification