The present disclosure relates to computer systems, and more specifically, to systems and computer-implemented methods for establishing and managing secure communications between an application server and a trusted user agent executing on a remote client device.
Providing secure communications between application servers and remote client devices has always been challenging. For example, the communications between user devices and a secure site (e.g., an application server operated by a financial institution), are subject to an increasing number of malicious eavesdropping techniques. In one particular technique known as “phishing,” the malicious party may first direct the user device to a fake website that has the same “look and feel” as the secure site. Duped into thinking that he or she is communicating with an authorized application server at the secure site, the user enters private information (e.g., usernames, passwords, credit card information, etc.). The malicious party then captures that information for later unauthorized uses.
There are different techniques that help to make communications between two devices more secure. However, many of the known techniques focus on securing the user-level applications executing at the user device, such as browser applications, for example. Further, despite these attempts at increasing security, user-level applications are still the “weakest link” in a communications session. Thus, users and their client devices remain susceptible to the viruses and malware used by malicious third parties to steal private data.