WO2009137946A1 - Portable device and method for exchanging data securely with a remote computer - Google Patents

Portable device and method for exchanging data securely with a remote computer Download PDF

Info

Publication number
WO2009137946A1
WO2009137946A1 PCT/CH2008/000216 CH2008000216W WO2009137946A1 WO 2009137946 A1 WO2009137946 A1 WO 2009137946A1 CH 2008000216 W CH2008000216 W CH 2008000216W WO 2009137946 A1 WO2009137946 A1 WO 2009137946A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
application
browser module
computer
data
Prior art date
Application number
PCT/CH2008/000216
Other languages
French (fr)
Inventor
Thomas Avedik
Stéphane Martignoni
Original Assignee
Crealogix Holding Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crealogix Holding Ag filed Critical Crealogix Holding Ag
Priority to CH01812/10A priority Critical patent/CH701203B1/en
Priority to PCT/CH2008/000216 priority patent/WO2009137946A1/en
Publication of WO2009137946A1 publication Critical patent/WO2009137946A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • the present invention relates to a portable device and a communication method for exchanging data securely via a telecommunication network between a local computer and a remote computer.
  • the present invention relates to a communication method using a portable device which comprises a storage medium that is connectable to a computer, a browser module stored in a read-only memory area of the storage medium, and a launcher configured to load the browser module for execution in the computer upon connection to the computer.
  • BESTATIGUNGSKOPIE US 2008/0034210 describes a device including a storage medium that is connectable to a computer and a hardened, standalone browser stored on the storage medium. Conventional web browsers cannot run in standalone mode.
  • the hardened browser of US 2008/0034210 is a modified web browser set up for standalone operation on a read-only data carrier. According to US 2008/0034210, the browser is hardened through specific security settings such as limiting communication to a list of browsable addresses, forcing encrypted communication, forcing mutual authentication, and/or preventing access to security related browser options.
  • the device further includes a loader which is stored on a read-only portion of the storage medium and performs an integrity check on the browser before launching the browser in debug mode, thereby utilizing the debug handle and preventing other programs from debugging the browser software components.
  • a loader which is stored on a read-only portion of the storage medium and performs an integrity check on the browser before launching the browser in debug mode, thereby utilizing the debug handle and preventing other programs from debugging the browser software components.
  • a portable device which comprises a storage medium that is connectable to a computer, a browser module stored in a read-only memory area of the storage medium, and a launcher configured to load the browser module for execution in the computer upon connection to the computer
  • the browser module is configured, upon execution in the computer, to store securely in a read/write memory area of the portable device work data generated or received by the browser module at run-time, and to retrieve work data stored securely in said read/write memory as needed by the browser module at run-time.
  • the browser's run-time work data includes, for example, session logs, cache data and/or cookies.
  • the portable device comprises a USB-interface (Universal Serial Bus) for connecting the storage medium to the computer.
  • the browser module is configured as a hardened browser having a set-up that reduces exposure to potential security threats.
  • at least a portion of the read/write memory area in the portable device is set up as a hidden memory zone and the browser module is configured, upon execution in the computer, to store in the hidden memory zone the work data generated or received by the browser module at run-time, and to retrieve from the hidden memory zone the work data needed by the browser module at run-time.
  • the browser module is configured, upon execution in the computer, in addition or alternatively, to encrypt and store in said read/write memory area the work data generated or received by the browser module at run-time, and to retrieve and decrypt from said read/write memory area the work data needed by the browser module at run-time.
  • the secure storing and retrieving of the browser's run-time work data by the browser make it possible to protect the work data from being intercepted, copied and/or altered by unauthorized program entities, e.g. malware configured to attempt so called man-in-the-middle attacks.
  • storing the browser's run-time work data in the storage medium of the external portable device has the advantage that no traces are left on the local computer ("zero foot prints") during and/or after execution of the browser.
  • the browser module is stored in encrypted form in the read-only memory area, and the launcher is configured to decrypt the browser module prior to loading the browser module in the computer. This additional security feature prevents the browser module from being altered maliciously.
  • the browser module comprises an embedded transport layer security module for securing browser communication over the telecommunication network. Having the transport layer security module integrated in the browser prevents attacks on the data that would otherwise be exchanged in the computer between the browser and a separate transport layer security module.
  • the portable device further comprises an application module, e.g. an e- banking application, stored in the read-only memory area and configured, upon execution in the computer, to store securely in the read/write memory area application data, e.g. financial (e-banking) data, received and/or generated by the application module, and to retrieve and pass to the browser module application data, e.g. financial (e-banking) data, stored securely in the read/write memory area.
  • application data is secured by storing it (on-line and/or off-line) in the hidden memory zone of the portable device's read/write memory area and/or by storing it in encrypted form in the portable device.
  • the portable device further comprises an application proxy module coupled with the browser module and configured, upon execution in the computer, to receive a login request from the application module executing in the computer, to forward the login request through the browser module to a remote server, to receive a login response with session-specific identification data for an accepted login request, and to forward the session-specific data to the application module.
  • the application proxy module is further configured to receive from the application module an application data request along with
  • the application proxy module is further configured to include in the forwarding of the requests from the io application module to the remote server a cryptographic certificate stored securely on the portable device.
  • the portable device further comprises a cryptography module configured, upon execution in the computer, to receive from a user of the computer secret personal identification data, to establish a secure communication link to a remote i s certification server, to forward via the secure communication link to the remote certification server at least some of the personal identification data for verification, to generate a cryptographic key pair upon successful verification, to generate and forward to the certification server a certificate signing request, and to receive from the certification server and store securely on the portable device a cryptographic certificate.
  • a cryptography module configured, upon execution in the computer, to receive from a user of the computer secret personal identification data, to establish a secure communication link to a remote i s certification server, to forward via the secure communication link to the remote certification server at least some of the personal identification data for verification, to generate a cryptographic key pair upon successful verification, to generate and forward to the certification server a certificate signing request, and to receive from the certification server and store securely on the portable device a cryptographic certificate.
  • the 20 device with the cryptography module makes it possible for the user to perform a self- enrolment process, making it unnecessary to personalize the portable device prior to its delivery to the user.
  • the present invention also relates to a computer program product comprising computer program code means for controlling one or more processors of a communication terminal, preferably a computer program product comprising a computer- readable medium containing the computer program code means therein.
  • the computer program code means are configured as an extension for a (hardened) browser module, based on a conventional browser such as Internet Explorer by Microsoft, Mozilla Firefox by the Mozilla Foundation, or Safari by Apple, for example, and are set up to control the processors such that the communication terminal stores securely in a read/write memory area of the portable device connected removably to the communication terminal, during run-time of the browser module executing in the communication terminal, work data generated or received by the browser module at run-time, and retrieves work data stored securely in said read/write memory as needed by the browser module at run-time.
  • a conventional browser such as Internet Explorer by Microsoft, Mozilla Firefox by the Mozilla Foundation, or Safari by Apple
  • Figure 1 shows a block diagram illustrating schematically a system for secure data exchange via a telecommunication network between a local computer, having a portable device connected thereto, and a remote computer.
  • Figure 2 shows a timing diagram illustrating an exemplary sequence of steps for self enrolment of a user using the portable device.
  • Figure 3 shows a block diagram illustrating schematically an exemplary configuration of the system for secure data exchange between the local and the remote computer via the telecommunication network, as well as an exemplary sequence of steps for a login at an application server of the remote computer.
  • Figure 4 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application login from the local computer to the remote computer.
  • Figure 5 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application data request from the local computer to the remote computer.
  • Figure 6 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application logout from the remote computer.
  • reference numeral 1 refers to a mobile, portable device which comprises a storage medium and is removably connected to a (local) computer 2 via a device interface 10.
  • the device interface 10 provides for an electrical connection of the portable device 1 to the computer 2.
  • the device interface 10 not only enables data communication between the computer 2 and the portable device 1 but also enables the computer 2 to provide power to the portable device 1 .
  • the portable device 1 is a USB token device and the device interface 10 is a USB interface.
  • the (local) computer 2 is provided with a communication module for exchanging data with the remote computer system 4 via the telecommunication network 3.
  • the local computer 2 comprises operating elements 26 for data entry, e.g. a keyboard, and a display 27 for showing user interfaces and data input/output.
  • the local computer 2 is a fully operational, conventional computer comprising data/program memory and at least one processor for executing programs loaded in the program memory.
  • the local computer 2 is implemented as a personal computer (PC), a PDA-computer (Personal Digital Assistant) or a mobile communication terminal such as a mobile radio telephone, for example.
  • the telecommunication network 3 includes the Internet accessible to the local and remote computers 2, 4 through fixed networks and/or wireless networks.
  • the telecommunication network 3 includes a local area network (LAN), an integrated services digital network (ISDN), a GSM-network (Global System for Mobile communication), a UMTS network (Universal Mobile Telephone System) or another mobile radio telephone system, and/or a wireless local area network (WLAN) for accessing the Internet.
  • LAN local area network
  • ISDN integrated services digital network
  • GSM-network Global System for Mobile communication
  • UMTS Universal Mobile Telephone System
  • WLAN wireless local area network
  • the remote computer system 4 comprises one or more computers, e.g. Web servers, each having one or more processors.
  • the remote computer system 4 comprises an application security gateway 40 with a secure data store 41 for session cookies, for example, the Application Security Gateway AirLock by Visonys AG 1 Switzerland, an application server 43, an application database 42, and a certification server 5.
  • the application server 43 is configured for remote customer e-banking and the application database 42 comprises e-banking data including customer-specific financial data, contract data and certificate data.
  • functional modules, including the application server 43 and the certification server 5 are implemented on the remote computer system 4 as programmed software modules.
  • the application security gateway 40 is implemented preferably (but not necessarily) as a hardware module.
  • the portable device 1 comprises a visible public read/write memory area 1 1 , e.g. a (USB) flash drive, a read-only memory (ROM) area 1 2, and a hidden read/write memory area 1 3.
  • the hidden memory zone is set up to be invisible to a computer's operating system and can be accessed only through specific programming interfaces.
  • a browser module 1 20 Stored in the read-only memory area 1 2 are a browser module 1 20, comprising an embedded transport layer security module 121 (TLS protocol), an application proxy module 1 22 coupled with the browser module 1 20, an application module 1 23, a cryptography module 124, and a launcher 125.
  • These functional modules comprise computer program code configured to control a processor of computer 2 such that the computer 2 executes functions as described later.
  • the browser module 1 20, the application proxy module 1 22, and the application module 1 23 are stored in encrypted from in the read-only memory area 1 2.
  • the browser.module 1 20 is implemented as a secured browser, i.e. a hardened browser, with limitations on features that may pose a potential security threat.
  • the browser module 1 20 is set up to disallow executable extensions such as Plug-ins, Browser Helper Objects (BHO), Active X objects, and/or Javascript and Java applets.
  • the browser module 1 20 is configured as a stripped browser having disabled interpretation of any compiler symbols. Moreover access to external objects determining browser execution is disabled, for example, the use of external Document Object Models (DOM) is disabled.
  • a further increase of security is achieved by having the transport layer security module 1 21 embedded in the browser module 1 20, avoiding a separation between the browser core and the TLS engine.
  • the hidden read/write memory area 1 3 is used to store work data 1 31 generated and/or used by the browser module 1 20 at run-time, application data 1 32 generated and/or received by the application module 1 23 on-line or off-line, one or more cryptographic key pairs 1 33, and one or more cryptographic certificates 1 34.
  • the user of the local computer 2 is registered as a customer with the application provider.
  • a customer-specific password i.e. a personal identification code (PIC)
  • PIC personal identification code
  • contract number are generated and stored in the application database 42.
  • a portable device 1 is provided to the customer.
  • the PIC and contract number are provided separately to the customer through a communication channel such as paper mail, electronic mail or SMS (Short Messaging Services), for example.
  • the user For accessing services provided by the application server 43, the user connects the portable device 1 to his local computer 2.
  • step Sl the launcher 1 25 is started either automatically or manually by the user of the local computer 2 when the portable device 1 is connected to the local computer 2.
  • the functionality of the launcher 1 25 is described with reference to launcher 25, decrypted, loaded and executed in the local computer 2.
  • step S2 the launcher 25 checks whether or not a cryptographic certificate 134 is present in the respective hidden read/write memory area 1 3.
  • step S3 if there is no cryptographic certificate 1 34 present, the launcher 25 initiates a self enrolment process and, in step S3, shows a dialogue on display 27, requesting the user to define a personal identification number (PIN).
  • PIN personal identification number
  • the PIN is stored for the customer in a respective hidden memory area 1 3 of the portable device 2. Otherwise, if the cryptographic certificate 1 34 is present and the customer does not select an update of the certificate, the launcher 25 requests the customer to enter his PIN. After correctness of the PIN has been checked and verified, the launcher starts the browser module 1 20 in step Sl 2.
  • step S4 the launcher 25 establishes an SSL (Secure Socket Layer) session with a certification server 5 executing in the remote computer 4.
  • step S5 the launcher 25 shows a dialogue on display 27, requesting the user to enter his password, i.e. his personal identification code (PIC), and his contract number.
  • PIC personal identification code
  • the PIC and contract number are transmitted securely by the launcher 25 to the certification server 5.
  • step S6 the certification server verifies the received PIC and contract number in the application database 42 and reports the verification result to the launcher 25.
  • step S8 the launcher 25 determines in step S7 that PIC and contract number were verified positively by the verification server 5, in step S8, the launcher 25 generates a cryptographic key pair and stores this cryptographic key pair 1 33 in the respective hidden read/write memory area 1 3.
  • step S9 the launcher 25 generates and transmits to the certification server 5 a signing request for the respective customer.
  • the signing request is a PKCS (Public Key Cryptography Standards) Certification Request (PKSC #10, PEM format) for requesting certification of the public key, and comprises a session identifier.
  • PKCS Public Key Cryptography Standards
  • PEM Public Key Cryptography Standards
  • step Sl O based on the received signing request, the certification server 5 generates a customer-specific (signed) cryptographic certificate, stores it for the respective customer in the application database 42, and returns it to the launcher 25.
  • the digital certificate is provided in PEM format (Privacy Enhanced Mail, Base64 encoded DER certificate [Distinguished Encoding Rules], enclosed between "—BEGIN CERTIFICATE—” and "— END CERTIFICATE—” ).
  • step Sl 1 the launcher 25 installs the customer-specific cryptographic certificate 1 34 by storing it in the respective hidden read/write memory area 1 3.
  • step Sl 2 the launcher 25 starts the browser module 1 20. If applicable, the launcher 25 decrypts the browser module 1 20, prior to starting its execution in the local computer 2.
  • the functionality of the browser module 120 (including the transport layer security module 1 21 ) is described with reference to browser module 20 (including the transport layer security module 21 ) decrypted, loaded and executed in the local computer 2.
  • the browser module 20 uses the embedded transport layer security module 21 to establish an SSL (Secure Socket Layer) session with the application server 43 implemented on the remote computer 4 (mutual authentication).
  • SSL Secure Socket Layer
  • step Sl 4 using the transport layer security module 21 , the browser module 20 transmits a login request to a login URL at the remote computer 4.
  • the request includes the customer-specific cryptographic certificate 1 34.
  • the application security gateway 40 receives the request to the login URL and checks the customer's certificate.
  • step Sl 5 the application security gateway 40 forwards the login request to a login control module of the application server 43, if the certificate is valid.
  • the certificate information is passed to the control module in a so-called environment cookie.
  • the login control module reads the certificate from the environment cookie and, in step Sl 6, queries the application database 42 for the contract associated with the respective certificate. Additionally, the contract number and password (PIC) are checked.
  • PIC contract number and password
  • step Sl 7 the login control module of the application server 43 returns to the application security gateway 40 a response which includes a control cookie, indicating that access is granted, and a contract cookie, indicating the respective customer-specific contract.
  • the application security gateway 40 receives the response, enables for the current session access to the respective contract, based on the control and contract cookies, and stores the contract cookie in the secure data store 41 for session cookies.
  • step Sl 8 the application security gateway 40 returns to the browser module 20 a response including a session cookie provided by the application security gateway 40.
  • step Sl 9 the browser module 20 receives the response and stores the session cookie provided by the application security gateway 40 securely as browser work data 1 31 in the respective hidden memory area 1 3.
  • the browser module 20 encrypts the session cookie prior to storing it in the portable device 2.
  • the customer uses the established session between the browser module 20 and the application server 43 to perform data transmission and/or data query requests (using the stored session cookie for reference).
  • the customer uses the browser module 20 to transmit a logout request to the application server 43.
  • the application server 43 closes the session to the application security gateway 40 which in turn closes the SSL session to the browser module 20.
  • the browser configuration permits enabling the start of the browser module 20 with enabled application proxy module 1 22, and if this feature is set, the browser module 120 is started with enabled application proxy module 122 in step Sl 2.
  • the launcher 1 25 decrypts also the application proxy module 1 22 and the application module 1 23, prior to starting their execution in the local computer 2.
  • the functionality of the application proxy module 122 and the application module 1 23 is also described with reference to the application proxy module 22 and the application module 23 which are in each case decrypted, loaded and executed in the local computer 2.
  • the application module 23 sends a login request to the application proxy module 22, using a login URL, e.g. https://localhost:1 234/login/[...].
  • the login request includes customer-specific credentials, contract number and password (PIC).
  • step S22 using the browser module 20, the application proxy module 22 forwards the login request to the actual (real) login URL at the remote computer 4.
  • the forwarded request includes the customer-specific cryptographic certificate 1 34.
  • the application security gateway 40 receives the request to the login URL and checks the customer's certificate.
  • step S23 the application security gateway 40 forwards the login request to a login control module of the application server 43, if the certificate is valid.
  • the certificate information is passed to the control module in a so-called environment cookie.
  • the login control module reads the certificate from the environment cookie and, in step S24, queries the application database 42 for the contract associated with the respective certificate. Additionally, the contract number and password (PIC) are checked.
  • PIC contract number and password
  • step S25 the login control module of the application server 43 returns to the application security gateway 40 a response which includes a control cookie, indicating that access is granted, and a contract cookie, indicating the respective customer-specific contract.
  • the application security gateway 40 receives the response, enables for the current session access to the respective contract, based on the control and contract cookies, and stores the contract cookie in the secure data store 41 for session cookies.
  • step S26 the application security gateway 40 returns to the application proxy module 22 a response including a session cookie provided by the application security gateway 40.
  • step S27 the application proxy module 22 receives the response through the browser module 20 and forwards the response to the application module 23.
  • step S28 the application module 23 reads the response and stores in the respective hidden read/write memory area 13 the session cookie provided by the application security gateway 40 as application data 132.
  • the application module 23 sends application requests to the application server 43 at the remote computer 4, e.g. a request for transmitting or querying application data such as e-banking data (financial data).
  • application data may be supplied on-line by the customer or retrieved from the respective hidden memory area 1 3 where it was stored previously by the application module 23 in off-line mode as application data 132, for example.
  • the application module 23 retrieves from the read/write memory area 13 the session cookie provided previously by the application security gateway 40.
  • step S32 the application module 23 sends an application request to the application proxy module 22.
  • the application request includes the session cookie provided previously by the application security gateway 40 addressed to an application URL, e.g. https://localhost:l 234/application/[...].
  • step S33 the application proxy module 22 forwards the application request to the application security gateway 40, along with the customer's certificate.
  • the application security gateway 40 reads the session cookie included in the application request and retrieves the corresponding contract cookie from the secure data store 41 for session cookies.
  • step S34 the application security gateway 40 forwards the application request, including the contract cookie, to the application server 43.
  • the application server 43 identifies the customer based on the contract cookie.
  • step S35 the application server 43 retrieves the requested application data from the application database 42 or stores the submitted application data in the application database 42, respectively.
  • step S36 the application server 43 returns a response to the application security gateway 40.
  • step S37 the application security gateway 40 forwards the response to the application proxy module 22.
  • step S38 the application proxy module 22 forwards the response to the application module 23.
  • step S41 the application module 23 sends a logout request to the application proxy module 22.
  • step S42 the application proxy module 22 forwards the logout request to the application security gateway 40, along with the customer's certificate.
  • step S43 the application security gateway 40 forwards the logout request to the application server 43.
  • step S44 the application server 43 closes the Web session and the session in the application database 42.
  • step S45 the application server 43 returns a response with a control cookie for terminating the session.
  • the application security gateway 40 receives the control cookie and closes its session. In step S46, the application security gateway 40 sends a logout response to the application proxy module 22.
  • step S47 the application proxy module 22 forwards the logout response to the application module 23.
  • step S48 the application module 23 removes the session cookie from the respective hidden memory area 1 3.

Abstract

In a portable device (1) comprising a storage medium that is connectable to a computer (2), a browser (120) is stored in a read-only memory area (12). Upon connection to the computer (2), the browser is loaded from the portable device (1) for execution in the computer (2). The browser is configured to encrypt and store in a hidden memory zone of a read/write memory area (13) in the portable device (1) any work data generated or received by the browser (20) at run-time, and to retrieve and decrypt work data (131) stored in this hidden memory zone as needed at run-time. The secure storing of the run-time work data by the browser (20) protects the work data (131) from being intercepted, copied and/or altered maliciously. Storing the work data in the external portable device (1) leaves no traces in the computer (2) during and/or after execution of the browser.

Description

PORTABLE DEVICE AND METHOD FOR EXCHANGING DATA SECURELY WITH A REMOTE COMPUTER
Field of the Invention The present invention relates to a portable device and a communication method for exchanging data securely via a telecommunication network between a local computer and a remote computer. Specifically, the present invention relates to a communication method using a portable device which comprises a storage medium that is connectable to a computer, a browser module stored in a read-only memory area of the storage medium, and a launcher configured to load the browser module for execution in the computer upon connection to the computer.
Background of the Invention
For exchanging data securely over a telecommunication network, particularly over a public network such as the Internet, measures must be taken to avoid malicious and/or unintentional manipulations of participating software applications which have potentially a negative impact on the integrity and/or privacy of exchanged data. It is common and popular to provide applications and services on the Internet for access through conventional browsers. This has the advantage that users do not need to be provided with special client programs for accessing these services. On the other hand, however, the flexibility of conventional browsers makes them also vulnerable for malicious attacks. For example, the possibility to alter the configuration of a browser through plug-ins and add-ons makes it possible to include malware in the browser. It is also possible to perform security and data integrity attacks by manipulating work data used by a browser at run-time, e.g. session- specific data such as session logs, cookies (i.e. HTTP cookies, tracking cookies or Web cookies used for authenticating, tracking, and maintaining specific information about users) or cached data (e.g. cached web documents, HTML pages, images, etc.).
BESTATIGUNGSKOPIE US 2008/0034210 describes a device including a storage medium that is connectable to a computer and a hardened, standalone browser stored on the storage medium. Conventional web browsers cannot run in standalone mode. The hardened browser of US 2008/0034210 is a modified web browser set up for standalone operation on a read-only data carrier. According to US 2008/0034210, the browser is hardened through specific security settings such as limiting communication to a list of browsable addresses, forcing encrypted communication, forcing mutual authentication, and/or preventing access to security related browser options. The device further includes a loader which is stored on a read-only portion of the storage medium and performs an integrity check on the browser before launching the browser in debug mode, thereby utilizing the debug handle and preventing other programs from debugging the browser software components. Though the standalone browser of US 2008/0034210 provides improved security, the standalone browser is reduced in functionality and/or flexibility as run-time work data cannot be stored by the standalone browser in a strict standalone implementation on read-only memory.
Summary of the Invention
It is an object of this invention to provide a portable device and a communication method for exchanging data securely via a telecommunication network between computers, which portable device and a communication method do not have the disadvantages of the prior art. In particular, it is an object of the present invention to provide a portable device and a data communication method using the portable device, the portable device comprising a storage medium that is connectable to a computer, a browser stored in a read-only memory area of the storage medium, and a launcher configured to load the browser for execution in the computer upon connection to the computer, whereby the browser is not prevented from storing and retrieving run-time work data. According to the present invention, these objects are achieved particularly through the features of the independent claims. In addition, further advantageous embodiments follow from the dependent claims and the description.
According to the present invention, the above-mentioned objects are particularly achieved in that in a portable device which comprises a storage medium that is connectable to a computer, a browser module stored in a read-only memory area of the storage medium, and a launcher configured to load the browser module for execution in the computer upon connection to the computer, the browser module is configured, upon execution in the computer, to store securely in a read/write memory area of the portable device work data generated or received by the browser module at run-time, and to retrieve work data stored securely in said read/write memory as needed by the browser module at run-time. The browser's run-time work data includes, for example, session logs, cache data and/or cookies. For example, the portable device comprises a USB-interface (Universal Serial Bus) for connecting the storage medium to the computer. Preferably, the browser module is configured as a hardened browser having a set-up that reduces exposure to potential security threats. Preferably, at least a portion of the read/write memory area in the portable device is set up as a hidden memory zone and the browser module is configured, upon execution in the computer, to store in the hidden memory zone the work data generated or received by the browser module at run-time, and to retrieve from the hidden memory zone the work data needed by the browser module at run-time. Preferably, the browser module is configured, upon execution in the computer, in addition or alternatively, to encrypt and store in said read/write memory area the work data generated or received by the browser module at run-time, and to retrieve and decrypt from said read/write memory area the work data needed by the browser module at run-time. The secure storing and retrieving of the browser's run-time work data by the browser make it possible to protect the work data from being intercepted, copied and/or altered by unauthorized program entities, e.g. malware configured to attempt so called man-in-the-middle attacks. Moreover, storing the browser's run-time work data in the storage medium of the external portable device has the advantage that no traces are left on the local computer ("zero foot prints") during and/or after execution of the browser.
In an embodiment, the browser module is stored in encrypted form in the read-only memory area, and the launcher is configured to decrypt the browser module prior to loading the browser module in the computer. This additional security feature prevents the browser module from being altered maliciously.
Preferably, the browser module comprises an embedded transport layer security module for securing browser communication over the telecommunication network. Having the transport layer security module integrated in the browser prevents attacks on the data that would otherwise be exchanged in the computer between the browser and a separate transport layer security module.
In an embodiment, the portable device further comprises an application module, e.g. an e- banking application, stored in the read-only memory area and configured, upon execution in the computer, to store securely in the read/write memory area application data, e.g. financial (e-banking) data, received and/or generated by the application module, and to retrieve and pass to the browser module application data, e.g. financial (e-banking) data, stored securely in the read/write memory area. As described above in the context of the browser's run-time work data, the application data is secured by storing it (on-line and/or off-line) in the hidden memory zone of the portable device's read/write memory area and/or by storing it in encrypted form in the portable device.
\ In an embodiment, the portable device further comprises an application proxy module coupled with the browser module and configured, upon execution in the computer, to receive a login request from the application module executing in the computer, to forward the login request through the browser module to a remote server, to receive a login response with session-specific identification data for an accepted login request, and to forward the session-specific data to the application module. The application proxy module is further configured to receive from the application module an application data request along with
5 the session-specific identification data, to forward the application data request with the session-specific identification data through the browser module to a remote server, to receive through the browser module an application data response from the remote server, and to forward the application data response to the application module. Preferably, the application proxy module is further configured to include in the forwarding of the requests from the io application module to the remote server a cryptographic certificate stored securely on the portable device.
In a further embodiment, the portable device further comprises a cryptography module configured, upon execution in the computer, to receive from a user of the computer secret personal identification data, to establish a secure communication link to a remote i s certification server, to forward via the secure communication link to the remote certification server at least some of the personal identification data for verification, to generate a cryptographic key pair upon successful verification, to generate and forward to the certification server a certificate signing request, and to receive from the certification server and store securely on the portable device a cryptographic certificate. Providing the portable
20 device with the cryptography module makes it possible for the user to perform a self- enrolment process, making it unnecessary to personalize the portable device prior to its delivery to the user.
In addition to the portable device and a communication method using the portable device to enable a secure data exchange between a local computer and a remote computer via a 5 telecommunication network, the present invention also relates to a computer program product comprising computer program code means for controlling one or more processors of a communication terminal, preferably a computer program product comprising a computer- readable medium containing the computer program code means therein. Preferably, the computer program code means are configured as an extension for a (hardened) browser module, based on a conventional browser such as Internet Explorer by Microsoft, Mozilla Firefox by the Mozilla Foundation, or Safari by Apple, for example, and are set up to control the processors such that the communication terminal stores securely in a read/write memory area of the portable device connected removably to the communication terminal, during run-time of the browser module executing in the communication terminal, work data generated or received by the browser module at run-time, and retrieves work data stored securely in said read/write memory as needed by the browser module at run-time.
Brief Description of the Drawings
The present invention will be explained in more detail, by way of example, with reference to the drawings in which:
Figure 1 shows a block diagram illustrating schematically a system for secure data exchange via a telecommunication network between a local computer, having a portable device connected thereto, and a remote computer.
Figure 2 shows a timing diagram illustrating an exemplary sequence of steps for self enrolment of a user using the portable device.
Figure 3 shows a block diagram illustrating schematically an exemplary configuration of the system for secure data exchange between the local and the remote computer via the telecommunication network, as well as an exemplary sequence of steps for a login at an application server of the remote computer. Figure 4 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application login from the local computer to the remote computer.
Figure 5 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application data request from the local computer to the remote computer.
Figure 6 shows the block diagram of Figure 3 provided with an illustration of an exemplary sequence of steps for executing an application logout from the remote computer.
Detailed Description of the Preferred Embodiments In Figures 1 -6, reference numeral 1 refers to a mobile, portable device which comprises a storage medium and is removably connected to a (local) computer 2 via a device interface 10. The device interface 10 provides for an electrical connection of the portable device 1 to the computer 2. Preferably, the device interface 10 not only enables data communication between the computer 2 and the portable device 1 but also enables the computer 2 to provide power to the portable device 1 . For example, the portable device 1 is a USB token device and the device interface 10 is a USB interface.
The (local) computer 2 is provided with a communication module for exchanging data with the remote computer system 4 via the telecommunication network 3. As illustrated in Figure 1 , the local computer 2 comprises operating elements 26 for data entry, e.g. a keyboard, and a display 27 for showing user interfaces and data input/output. The local computer 2 is a fully operational, conventional computer comprising data/program memory and at least one processor for executing programs loaded in the program memory. The local computer 2 is implemented as a personal computer (PC), a PDA-computer (Personal Digital Assistant) or a mobile communication terminal such as a mobile radio telephone, for example. The telecommunication network 3 includes the Internet accessible to the local and remote computers 2, 4 through fixed networks and/or wireless networks. For example, the telecommunication network 3 includes a local area network (LAN), an integrated services digital network (ISDN), a GSM-network (Global System for Mobile communication), a UMTS network (Universal Mobile Telephone System) or another mobile radio telephone system, and/or a wireless local area network (WLAN) for accessing the Internet.
The remote computer system 4 comprises one or more computers, e.g. Web servers, each having one or more processors. As is illustrated in Figures 3-6, the remote computer system 4 comprises an application security gateway 40 with a secure data store 41 for session cookies, for example, the Application Security Gateway AirLock by Visonys AG1 Switzerland, an application server 43, an application database 42, and a certification server 5. For example, the application server 43 is configured for remote customer e-banking and the application database 42 comprises e-banking data including customer-specific financial data, contract data and certificate data. Preferably (but not necessarily), functional modules, including the application server 43 and the certification server 5, are implemented on the remote computer system 4 as programmed software modules. The application security gateway 40 is implemented preferably (but not necessarily) as a hardware module.
As is illustrated in Figures 3-6, the portable device 1 comprises a visible public read/write memory area 1 1 , e.g. a (USB) flash drive, a read-only memory (ROM) area 1 2, and a hidden read/write memory area 1 3. The hidden memory zone is set up to be invisible to a computer's operating system and can be accessed only through specific programming interfaces.
Stored in the read-only memory area 1 2 are a browser module 1 20, comprising an embedded transport layer security module 121 (TLS protocol), an application proxy module 1 22 coupled with the browser module 1 20, an application module 1 23, a cryptography module 124, and a launcher 125. These functional modules comprise computer program code configured to control a processor of computer 2 such that the computer 2 executes functions as described later. In an embodiment, the browser module 1 20, the application proxy module 1 22, and the application module 1 23 are stored in encrypted from in the read-only memory area 1 2. The browser.module 1 20 is implemented as a secured browser, i.e. a hardened browser, with limitations on features that may pose a potential security threat. Particularly, the browser module 1 20 is set up to disallow executable extensions such as Plug-ins, Browser Helper Objects (BHO), Active X objects, and/or Javascript and Java applets. The browser module 1 20 is configured as a stripped browser having disabled interpretation of any compiler symbols. Moreover access to external objects determining browser execution is disabled, for example, the use of external Document Object Models (DOM) is disabled. A further increase of security is achieved by having the transport layer security module 1 21 embedded in the browser module 1 20, avoiding a separation between the browser core and the TLS engine.
The hidden read/write memory area 1 3 is used to store work data 1 31 generated and/or used by the browser module 1 20 at run-time, application data 1 32 generated and/or received by the application module 1 23 on-line or off-line, one or more cryptographic key pairs 1 33, and one or more cryptographic certificates 1 34.
In the following paragraphs, described with reference to Figures 2-6 are possible sequences of steps performed by the functional modules for exchanging data securely via the telecommunication network 3 between the local computer 2 and the remote computer 4, specifically between a browser and/or an application executing on the local computer 2 and an application server 43 executing on the remote computer 4.
In preparatory steps, the user of the local computer 2 is registered as a customer with the application provider. A customer-specific password, i.e. a personal identification code (PIC), and a contract number are generated and stored in the application database 42. As part of the registration process, a portable device 1 is provided to the customer. The PIC and contract number are provided separately to the customer through a communication channel such as paper mail, electronic mail or SMS (Short Messaging Services), for example.
For accessing services provided by the application server 43, the user connects the portable device 1 to his local computer 2.
As illustrated in Figure 2, in step Sl , the launcher 1 25 is started either automatically or manually by the user of the local computer 2 when the portable device 1 is connected to the local computer 2. In the following paragraphs, the functionality of the launcher 1 25 is described with reference to launcher 25, decrypted, loaded and executed in the local computer 2.
In step S2, the launcher 25 checks whether or not a cryptographic certificate 134 is present in the respective hidden read/write memory area 1 3.
In step S3, if there is no cryptographic certificate 1 34 present, the launcher 25 initiates a self enrolment process and, in step S3, shows a dialogue on display 27, requesting the user to define a personal identification number (PIN). The PIN is stored for the customer in a respective hidden memory area 1 3 of the portable device 2. Otherwise, if the cryptographic certificate 1 34 is present and the customer does not select an update of the certificate, the launcher 25 requests the customer to enter his PIN. After correctness of the PIN has been checked and verified, the launcher starts the browser module 1 20 in step Sl 2.
In step S4, the launcher 25 establishes an SSL (Secure Socket Layer) session with a certification server 5 executing in the remote computer 4. In step S5, the launcher 25 shows a dialogue on display 27, requesting the user to enter his password, i.e. his personal identification code (PIC), and his contract number. The PIC and contract number are transmitted securely by the launcher 25 to the certification server 5.
In step S6, the certification server verifies the received PIC and contract number in the application database 42 and reports the verification result to the launcher 25.
If the launcher 25 determines in step S7 that PIC and contract number were verified positively by the verification server 5, in step S8, the launcher 25 generates a cryptographic key pair and stores this cryptographic key pair 1 33 in the respective hidden read/write memory area 1 3.
In step S9, the launcher 25 generates and transmits to the certification server 5 a signing request for the respective customer. For example, the signing request is a PKCS (Public Key Cryptography Standards) Certification Request (PKSC #10, PEM format) for requesting certification of the public key, and comprises a session identifier.
In step Sl O, based on the received signing request, the certification server 5 generates a customer-specific (signed) cryptographic certificate, stores it for the respective customer in the application database 42, and returns it to the launcher 25. For example, the digital certificate is provided in PEM format (Privacy Enhanced Mail, Base64 encoded DER certificate [Distinguished Encoding Rules], enclosed between "—BEGIN CERTIFICATE—" and "— END CERTIFICATE—" ).
In step Sl 1 , the launcher 25 installs the customer-specific cryptographic certificate 1 34 by storing it in the respective hidden read/write memory area 1 3.
In step Sl 2, the launcher 25 starts the browser module 1 20. If applicable, the launcher 25 decrypts the browser module 1 20, prior to starting its execution in the local computer 2. In the following paragraphs, the functionality of the browser module 120 (including the transport layer security module 1 21 ) is described with reference to browser module 20 (including the transport layer security module 21 ) decrypted, loaded and executed in the local computer 2.
When the browser module 20 is started, it uses the embedded transport layer security module 21 to establish an SSL (Secure Socket Layer) session with the application server 43 implemented on the remote computer 4 (mutual authentication).
As illustrated in Figure 3, in step Sl 4, using the transport layer security module 21 , the browser module 20 transmits a login request to a login URL at the remote computer 4. The request includes the customer-specific cryptographic certificate 1 34. The application security gateway 40 receives the request to the login URL and checks the customer's certificate.
In step Sl 5, the application security gateway 40 forwards the login request to a login control module of the application server 43, if the certificate is valid. The certificate information is passed to the control module in a so-called environment cookie.
At the application server 43, the login control module reads the certificate from the environment cookie and, in step Sl 6, queries the application database 42 for the contract associated with the respective certificate. Additionally, the contract number and password (PIC) are checked.
In step Sl 7, the login control module of the application server 43 returns to the application security gateway 40 a response which includes a control cookie, indicating that access is granted, and a contract cookie, indicating the respective customer-specific contract. The application security gateway 40 receives the response, enables for the current session access to the respective contract, based on the control and contract cookies, and stores the contract cookie in the secure data store 41 for session cookies.
In step Sl 8, the application security gateway 40 returns to the browser module 20 a response including a session cookie provided by the application security gateway 40.
In step Sl 9, the browser module 20 receives the response and stores the session cookie provided by the application security gateway 40 securely as browser work data 1 31 in the respective hidden memory area 1 3. Preferably (but not necessarily) the browser module 20 encrypts the session cookie prior to storing it in the portable device 2.
In subsequent steps, the customer uses the established session between the browser module 20 and the application server 43 to perform data transmission and/or data query requests (using the stored session cookie for reference).
For a logout, the customer uses the browser module 20 to transmit a logout request to the application server 43. The application server 43 closes the session to the application security gateway 40 which in turn closes the SSL session to the browser module 20.
If in an embodiment, the browser configuration permits enabling the start of the browser module 20 with enabled application proxy module 1 22, and if this feature is set, the browser module 120 is started with enabled application proxy module 122 in step Sl 2. If applicable, the launcher 1 25 decrypts also the application proxy module 1 22 and the application module 1 23, prior to starting their execution in the local computer 2. In the following paragraphs, the functionality of the application proxy module 122 and the application module 1 23 is also described with reference to the application proxy module 22 and the application module 23 which are in each case decrypted, loaded and executed in the local computer 2. As illustrated in Figure 4, when the application module is started by the launcher 25, in step S21 , the application module 23 sends a login request to the application proxy module 22, using a login URL, e.g. https://localhost:1 234/login/[...]. To prevent an unauthorized (malicious) application from using the proxy application module 22, the login request includes customer-specific credentials, contract number and password (PIC).
In step S22, using the browser module 20, the application proxy module 22 forwards the login request to the actual (real) login URL at the remote computer 4. The forwarded request includes the customer-specific cryptographic certificate 1 34. The application security gateway 40 receives the request to the login URL and checks the customer's certificate.
In step S23, the application security gateway 40 forwards the login request to a login control module of the application server 43, if the certificate is valid. The certificate information is passed to the control module in a so-called environment cookie.
At the application server 43, the login control module reads the certificate from the environment cookie and, in step S24, queries the application database 42 for the contract associated with the respective certificate. Additionally, the contract number and password (PIC) are checked.
In step S25, the login control module of the application server 43 returns to the application security gateway 40 a response which includes a control cookie, indicating that access is granted, and a contract cookie, indicating the respective customer-specific contract. The application security gateway 40 receives the response, enables for the current session access to the respective contract, based on the control and contract cookies, and stores the contract cookie in the secure data store 41 for session cookies. In step S26, the application security gateway 40 returns to the application proxy module 22 a response including a session cookie provided by the application security gateway 40.
In step S27, the application proxy module 22 receives the response through the browser module 20 and forwards the response to the application module 23.
In step S28, the application module 23 reads the response and stores in the respective hidden read/write memory area 13 the session cookie provided by the application security gateway 40 as application data 132.
Corresponding to user requests and/or application logic, the application module 23 sends application requests to the application server 43 at the remote computer 4, e.g. a request for transmitting or querying application data such as e-banking data (financial data). It should be pointed out that the application data may be supplied on-line by the customer or retrieved from the respective hidden memory area 1 3 where it was stored previously by the application module 23 in off-line mode as application data 132, for example. As illustrated in Figure 5, prior to generating an application request, in step S31 , the application module 23 retrieves from the read/write memory area 13 the session cookie provided previously by the application security gateway 40.
In step S32, the application module 23 sends an application request to the application proxy module 22. The application request includes the session cookie provided previously by the application security gateway 40 addressed to an application URL, e.g. https://localhost:l 234/application/[...].
In step S33, the application proxy module 22 forwards the application request to the application security gateway 40, along with the customer's certificate. The application security gateway 40 reads the session cookie included in the application request and retrieves the corresponding contract cookie from the secure data store 41 for session cookies.
In step S34, the application security gateway 40 forwards the application request, including the contract cookie, to the application server 43. The application server 43 identifies the customer based on the contract cookie.
In step S35, the application server 43 retrieves the requested application data from the application database 42 or stores the submitted application data in the application database 42, respectively.
In step S36, the application server 43 returns a response to the application security gateway 40.
In step S37, the application security gateway 40 forwards the response to the application proxy module 22.
In step S38, the application proxy module 22 forwards the response to the application module 23.
As illustrated in Figure 6, for a logout, in step S41 , the application module 23 sends a logout request to the application proxy module 22.
In step S42, the application proxy module 22 forwards the logout request to the application security gateway 40, along with the customer's certificate.
In step S43, the application security gateway 40 forwards the logout request to the application server 43. In step S44, the application server 43 closes the Web session and the session in the application database 42.
In step S45, the application server 43 returns a response with a control cookie for terminating the session.
The application security gateway 40 receives the control cookie and closes its session. In step S46, the application security gateway 40 sends a logout response to the application proxy module 22.
In step S47, the application proxy module 22 forwards the logout response to the application module 23.
In step S48, the application module 23 removes the session cookie from the respective hidden memory area 1 3.
It should be noted that, in the description, the computer program code has been associated with specific functional modules and the sequence of the steps has been presented in a specific order, one skilled in the art will understand, however, that the computer program code may be structured differently and that the order of at least some of the steps could be altered, without deviating from the scope of the invention.

Claims

Claims
1. A portable device (1 ) comprising:
a storage medium that is conπectable to a computer (2), the storage medium including a read-only memory area (1 2) and a read/write memory area (1 3),
a browser module (1 20) stored in the read-only memory area (1 2), and
a launcher (1 25) configured to load the browser module (1 20) for execution in the computer (2) upon connection to the computer (2),
wherein the browser module (1 20) is configured, upon execution in the computer (2), to store securely in said read/write memory area (1 3) work data generated or received by the browser module (20) at run-time, and to retrieve work data (1 31 ) stored securely in said read/write memory area (1 3) as needed by the browser module (20) at run-time.
2. The portable device (1 ) of claim 1 , wherein at least a portion of the read/write memory area (1 3) is set up as a hidden memory zone and the browser module (1 20) is configured, upon execution in the computer (2), to store in the hidden memory zone the work data generated or received by the browser module (20) at run-time, and to retrieve from the hidden memory zone the work data (1 31 ) needed by the browser module (20) at run-time.
3. The portable device (1 ) of one of claims 1 or 2, wherein the browser module (1 20) is configured, upon execution in the computer (2), to encrypt and store in said read/write memory area (1 3) the work data generated or received by the browser module (20) at run-time, and to retrieve and decrypt from said read/write memory area (1 3) the work data (1 31 ) needed by the browser module (20) at run-time.
4. The portable device (1 ) of one of claims 1 to 3, wherein the browser module (120) is stored in encrypted form in the read-only memory area (12), and wherein the launcher (1 25) is configured to decrypt the browser module (120) prior to loading the browser module (120) in the computer (2).
5. The portable device (1 ) of one of claims 1 to 4, wherein the browser module (1 20) comprises an embedded transport layer security module (121 ) for securing browser communication over a telecommunication network (3).
6. The portable device (1 ) of one of claims 1 to 5, further comprising an application module (123), e.g. an e-banking application, stored in the read-only memory area (12) and configured, upon execution in the computer (2), to store securely in the read/write memory area (1 3) application data, e.g. financial data, received and/or generated by the application module (23), and to retrieve and pass to the browser module (20) application data (132), e.g. financial data, stored securely in the read/write memory area (13).
7. The portable device (1 ) of one of claims 1 to 6, further comprising an application proxy module (122) coupled with the browser module (120) and configured, upon execution in the computer (2), to receive a login request from an application module (23) executing in the computer (2), to forward the login request through the browser module (120) to a remote application server (43), to receive a login response with session-specific identification data for an accepted login request, and to forward the session-specific data to the application module (23).
8. The portable device (1 ) of claim 7, wherein the application proxy module (1 22) is further configured to receive from the application module (23) an application data request along with the session-specific identification data, to forward the application data request with the session-specific identification data through the browser module (1 20) to a remote application server (43), to receive through the browser module
(120) an application data response from the remote application server (43), and to forward the application data response to the application module (23).
9. The portable device (1 ) of one of claims 1 to 8, further comprising a cryptography module (1 24) configured to receive from a user of the computer (2) secret personal identification data, to establish a secure communication link to a remote certification server (5), to forward via the secure communication link to the remote certification server (5) at least some of the personal identification data for verification, to generate a cryptographic key pair upon successful verification, to generate and forward to the certification server (5) a certificate signing request, and to receive from the certification server (5) and store securely on the portable device (1 ) a cryptographic certificate (1 34).
10. The portable device (1 ) of one of claims 1 to 9, wherein the browser module (1 20) is configured as a hardened browser, the work data (1 31 ) used by the browser module (20) at run-time includes at least one of session logs, cache data and cookies, and the portable device (1 ) comprises a USB-interface for connecting the storage medium to the computer (2).
1 1. A communication method for exchanging data securely via a telecommunication network (3) between a local computer (2) and a remote computer (4), the method comprising: providing a portable device (1 ) which comprises a storage medium with a read-only memory area (12) and a read/write memory area (1 3);
storing a browser module (1 20) in the read-only memory area (12);
connecting the storage medium to the local computer (2);
loading the browser module (1 20) for execution in the local computer (2); and
using the browser module (20) for exchanging data via the telecommunication network (3) between the local computer (2) and the remote computer (4), wherein the browser module (20) stores securely in said read/write memory area (13) work data generated or received by the browser module (120) at run-time, and the browser module (20) retrieves work data (131 ) stored securely in said read/write memory area
(13) as needed by the browser module (20) at run-time.
12. The method of claim 1 1 , wherein at least a portion of the read/write memory area (13) is set up as a hidden memory zone, and the browser module (20) stores in the hidden memory zone the work data generated or received by the browser module (20) at run-time, and retrieves from the hidden memory zone the work data (131 ) needed by the browser module (20) at run-time.
13. The method of one of claims 1 1 or 1 2, wherein the browser module (20) encrypts and stores in said read/write memory area (13) the work data generated or received by the browser module (120) at run-time, and the browser module (20) retrieves and decrypts from said read/write memory area (13) the work data (131 ) needed by the browser module (20) at run-time.
14. The method of one of claims 1 1 to 13, further comprising storing an application module (123) in the read-only memory area (12); loading the application module (123) for execution in the local computer (2); the application module (23) encrypting and storing in the read/write memory area (13) application data received from a user of the local computer (2) and/or generated by the application module (23); and the application module (23) retrieving, decrypting and passing to the browser module (1 20) application data (132) stored in the read/write memory area (1 3).
1 5. The method of one of claims 1 1 to 14, further comprising coupling an application proxy module (122) with the browser module (120); loading the application proxy module (122) for execution in the local computer (2); the application proxy module
(22) receiving a login request from an application module (23) executing in the computer (2), forwarding the login request through the browser module (20) to the remote computer (4), receiving a login response with session-specific identification data for an accepted login request, and forwarding the session-specific data to the application module (23).
16. The method of claim 1 5, wherein the application proxy module (22) further receives from the application module (23) an application data request along with the session- specific identification data, forwards the application data request with the session- specific identification data through the browser module (120) to the remote computer (4), receives through the browser module (120) an application data response from the remote computer (4), and forwards the application data response to the application module (23).
17. The method of one of claims 1 1 to 16, further comprising receiving from a user of the local computer (2) secret personal identification data, establishing a secure communication link to a remote certification server (5), forwarding via the secure communication link to the remote certification server (5) at least some of the personal identification data for verification, generating a cryptographic key pair upon successful verification, generating and forwarding to the certification server (5) a certificate signing request, receiving from the certification server (5) a cryptographic certificate, and storing the cryptographic certificate (1 34) securely on the portable device (1 ).
8. A computer program product comprising computer program code mans for controlling one or more processors of a communication terminal such that the communication terminal
stores securely in a read/write memory area (1 3) of a portable device (1 ) connected removably to the communication terminal, during run-time of a browser module (20) executing in the communication terminal, work data generated or received by the browser module (20) at run-time, and
retrieves work data (1 31 ) stored securely in said read/write memory area (1 3) as needed by the browser module (20) at run-time.
PCT/CH2008/000216 2008-05-14 2008-05-14 Portable device and method for exchanging data securely with a remote computer WO2009137946A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CH01812/10A CH701203B1 (en) 2008-05-14 2008-05-14 The portable apparatus and method for securely exchanging data with a remote computer.
PCT/CH2008/000216 WO2009137946A1 (en) 2008-05-14 2008-05-14 Portable device and method for exchanging data securely with a remote computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CH2008/000216 WO2009137946A1 (en) 2008-05-14 2008-05-14 Portable device and method for exchanging data securely with a remote computer

Publications (1)

Publication Number Publication Date
WO2009137946A1 true WO2009137946A1 (en) 2009-11-19

Family

ID=40228035

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CH2008/000216 WO2009137946A1 (en) 2008-05-14 2008-05-14 Portable device and method for exchanging data securely with a remote computer

Country Status (2)

Country Link
CH (1) CH701203B1 (en)
WO (1) WO2009137946A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103455011A (en) * 2013-09-11 2013-12-18 昆山奥德鲁自动化技术有限公司 Intelligent terminal device
US8713705B2 (en) 2009-08-03 2014-04-29 Eisst Ltd. Application authentication system and method
US11122013B2 (en) 2017-02-16 2021-09-14 Emerald Cactus Ventures, Inc. System and method for encrypting data interactions delineated by zones
US11165825B2 (en) 2017-02-16 2021-11-02 Emerald Cactus Ventures, Inc. System and method for creating encrypted virtual private network hotspot
US11165751B2 (en) 2017-02-16 2021-11-02 Emerald Cactus Ventures, Inc. System and method for establishing simultaneous encrypted virtual private networks from a single computing device
US11258772B2 (en) 2018-06-19 2022-02-22 Cypress Semiconductor Corporation Secured communication from within non-volatile memory device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020162009A1 (en) * 2000-10-27 2002-10-31 Shimon Shmueli Privacy assurance for portable computing
US20070233880A1 (en) * 2005-10-20 2007-10-04 The Trustees Of Columbia University In The City Of New York Methods, media and systems for enabling a consistent web browsing session on different digital processing devices
US20080034210A1 (en) * 2006-08-01 2008-02-07 Ramsey Jallad Systems and Methods for Securely Providing and/or Accessing Information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020162009A1 (en) * 2000-10-27 2002-10-31 Shimon Shmueli Privacy assurance for portable computing
US20070233880A1 (en) * 2005-10-20 2007-10-04 The Trustees Of Columbia University In The City Of New York Methods, media and systems for enabling a consistent web browsing session on different digital processing devices
US20080034210A1 (en) * 2006-08-01 2008-02-07 Ramsey Jallad Systems and Methods for Securely Providing and/or Accessing Information

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVID KUSHNER: "Big Brother at Work", December 2004 (2004-12-01), pages 57 - 58, Retrieved from the Internet <URL:ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1363643&isnumber=29873> [retrieved on 20090119] *
IAN JONSON: "STEALTHSURFER", 13 January 2004 (2004-01-13), XP002510875, Retrieved from the Internet <URL:http://stealthsurfer.com/press_content/TheGlobeandMail1-13-04.pdf> [retrieved on 20090119] *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8713705B2 (en) 2009-08-03 2014-04-29 Eisst Ltd. Application authentication system and method
CN103455011A (en) * 2013-09-11 2013-12-18 昆山奥德鲁自动化技术有限公司 Intelligent terminal device
US11122013B2 (en) 2017-02-16 2021-09-14 Emerald Cactus Ventures, Inc. System and method for encrypting data interactions delineated by zones
US11165825B2 (en) 2017-02-16 2021-11-02 Emerald Cactus Ventures, Inc. System and method for creating encrypted virtual private network hotspot
US11165751B2 (en) 2017-02-16 2021-11-02 Emerald Cactus Ventures, Inc. System and method for establishing simultaneous encrypted virtual private networks from a single computing device
US11258772B2 (en) 2018-06-19 2022-02-22 Cypress Semiconductor Corporation Secured communication from within non-volatile memory device

Also Published As

Publication number Publication date
CH701203B1 (en) 2013-05-15

Similar Documents

Publication Publication Date Title
US9832183B2 (en) Key management using quasi out of band authentication architecture
CA2689847C (en) Network transaction verification and authentication
US6986040B1 (en) System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
JP4520840B2 (en) Encrypted communication relay method, gateway server device, encrypted communication program, and encrypted communication program storage medium
AU2007267836B2 (en) Policy driven, credential delegation for single sign on and secure access to network resources
CN101427510B (en) Digipass for the web-functional description
US9686258B2 (en) Computer system authentication using security indicator
US20110264913A1 (en) Method and apparatus for interworking with single sign-on authentication architecture
Sun et al. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
KR101482564B1 (en) Method and apparatus for trusted authentication and logon
US20150172292A1 (en) Method and system for authenticating a security device
US20090055642A1 (en) Method, system and computer program for protecting user credentials against security attacks
US20130173759A1 (en) Portable device for accessing a server, corresponding system, server and method
JP2014503094A (en) Communication method between server and client, and corresponding client, server, and system
AU2002235149A1 (en) System and method for securing a non-secure communication channel
AU2005255513A1 (en) Method, system and computer program for protecting user credentials against security attacks
WO2009137946A1 (en) Portable device and method for exchanging data securely with a remote computer
US8844056B2 (en) Service provision
JP4608929B2 (en) Authentication system, server authentication program, and client authentication program
Doherty et al. Dynamic symmetric key provisioning protocol (dskpp)
Lu et al. Making smart cards truly portable
TWI454121B (en) Method for generating dynamic code over secure network connection
Kyrillidis et al. Web Server on a SIM card
CA2471917A1 (en) A method, system and computer program for protecting user credentials against security attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08733837

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 10201000001812

Country of ref document: CH

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08733837

Country of ref document: EP

Kind code of ref document: A1