Remote or externally hosted applications, such as web-based applications, may be deployed and executed on local client devices via the use of web browsers or other local client software. Frequently, a user of the client device is required to authenticate himself before using the remote application in accordance with the security policy of the organization, company, or network of which the user is a member, the security policy of the remote application provider, or other security policy. This authentication may include supplying a username and password, interacting with a biometric scanner or a fingerprint reader, and/or authentication in some other manner. Authentication is particularly stringent for applications involving the exchange or retrieval of sensitive or confidential information.
In conventional systems, the remote application typically collects authentication information. In the case of a username/password process, the remote application may, for example, present a dialog box prompting the user for this information and verify the received username and password against a secure list. In the case of device-based authentication (e.g., a fingerprint reader), the remote application includes software to interact with and operate the device (to, e.g., activate it, receive the scanned user fingerprint data, and either verify the received fingerprint data against known fingerprint data or transmit it to an authentication server). Often, for security reasons, the software used to interact with the hardware device is a browser plug-in.
Although, as noted, security policies may vary greatly depending on the nature of the application and the policies of an organization, authentication generally entails some effort on the part of the would-be user—supplying the password, operating one-time token-generating device to obtain an authentication code, providing a fingerprint, etc.—as well as provision of the supporting hardware (which, in the case of token-generating devices, must be provided on an individual basis to each user, who must be in possession of the device when logging in). A need therefore exists for techniques for managing authentication that reduce or eliminate the need for specialized hardware and/or cumbersome sign-in procedures.