Remote or externally hosted applications, such as web-based applications, may be deployed and executed on local client devices via the use of web browsers or other local client software. Frequently, a user of the client device is required to authenticate himself or herself before using the remote application in accordance with the security policy of the organization, company, or network of which the user is a member, the security policy of the remote application provider, or other security policy. This authentication may include supplying a username and password, interacting with a biometric scanner or a fingerprint reader, and/or authentication in some other manner. Authentication is particularly stringent for applications involving the exchange of sensitive or confidential information.
In conventional systems, the remote application typically collects authentication information. In the case of a username/password process, the remote application may, for example, present a dialog box prompting the user for this information and verify the received username and password against a secure list. In the case of device-based authentication (e.g., a fingerprint reader), the remote application includes software to interact with and operate the device (to, e.g., activate it, receive the scanned user fingerprint data, and either verify the received fingerprint data against known fingerprint data or transmit it to an authentication server). Often, for security reasons, the software used to interact with the hardware device is a browser plug-in.
Security policies may vary greatly depending on the nature of the application and the policies of an organization; some may require only a username/password, while others require the use of hardware authentication devices. This variation, in addition to the complexity in interfacing with different makes, models, and types of hardware authentication devices, places a burden on developers of remote applications to create the necessary authentication software. Furthermore, because the interface software is usually in the form of a browser plug-in (or similar construct), the software may further vary across different web-browser types or versions
The difficulty in designing and maintaining these plug-ins may create operability problems, bugs, or security holes in the use of the remote application on the local client, in particular when the remote application attempts to control a local resource in order to, for example, facilitate user authentication. A need therefore exists for a simpler and more secure method for managing secure access to remote applications when the remote application interacts with local resources.