Systems And Methods Of Transaction Authorization Using Server-Triggered Switching To An Integrity-Attested Virtual Machine

What is claimed is: 1 . A server computer system configured to receive transaction requests from a plurality of client systems, and further configured to employ at least one processor of the server computer system to: in response to receiving a transaction request from a client application executing on a client system of the plurality of client systems, determine whether a transaction indicated by the transaction request requires security clearance; and when the transaction requires security clearance, send a transaction token to the client system, the transaction token uniquely identifying the transaction among a plurality of transactions; wherein the client system is configured to, in response to receiving the transaction token, switch to executing a secure virtual machine (VM) having a virtualized processor, and wherein executing the secure VM comprises: employing the virtualized processor to display an overview of the transaction to a user of the client system, in response to displaying the overview, employing the virtualized processor to receive a user input indicating that the user agrees to the transaction, and in response to receiving the user input, employing the virtualized processor to send a transaction authorization to the server computer system, wherein the transaction authorization is required by the server computer system to perform the transaction. 2 . The server computer system of claim 1 , wherein the client application comprises a web browser application. 3 . The server computer system of claim 1 , wherein the client application executes within a client VM executing on the client system, the client VM distinct from the secure VM. 4 . The server computer system of claim 1 , further configured to, in response to receiving an integrity measurement of the secure VM from the client system, determine according to the integrity measurement whether the secure VM is in a trusted state. 5 . The server computer system of claim 4 , further configured to, in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, send the overview to the client system. 6 . The server computer system of claim 4 , further configured to, in response to determining whether the secure VM is in the trusted state, to perform the transaction only when the secure VM is in the trusted state. 7 . The server computer system of claim 4 , further configured to: in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, send a server authentication token to the client system, the server authentication token specified by the user prior to the server computer system receiving the transaction request; and wherein the secure VM is further configured to display the server authentication token to the user in response to the client system receiving the server authentication token. 8 . The server computer system of claim 4 , wherein the client system is further configured to cryptographically sign the integrity measurement using a key specific to the client system, and to transmit the signed integrity measurement to the server computer system. 9 . The server computer system of claim 1 , wherein displaying the overview of the transaction includes receiving the overview from the client application. 10 . The server computer system of claim 1 , further configured to determine whether the transaction requires security clearance according to a policy determined for the user. 11 . The server computer system of claim 10 , wherein the policy is determined according to a transaction preference specified by the user. 12 . The server computer system of claim 10 , wherein the policy is determined according to a set of transactions successfully carried out for the user. 13 . The server computer system of claim 1 , wherein switching to executing the secure VM comprises transitioning the client system from a state in which a peripheral device used by the client application is in a high-powered condition to a state in which the peripheral device is in a low-powered condition. 14 . The server computer system of claim 1 , wherein switching to executing the secure VM comprises instantiating a hypervisor on the client system, the hypervisor configured to expose the secure VM. 15 . The server computer system of claim 1 , wherein the client system is further configured, in response to the secure VM sending the transaction authorization to the server computer system, to terminate the secure VM. 16 . The server computer system of claim 1 , wherein the transaction request includes an indicator of a transacted item. 17 . The server computer system of claim 1 , further configured to receive an indicator of a transacted item of the transaction from the client system, and to receive the transaction request in response to receiving the indicator of the transacted item. 18 . A non-transitory computer-readable medium storing instructions which, when executed by at least one processor of a client system, cause the client system to form a hypervisor and a virtual machine (VM) launch module, wherein the client system further operates a client application configured to send a transaction request to a remote server computer system, and wherein: the server computer system is configured to: in response to receiving the transaction request, determine whether a transaction indicated by the transaction request requires security clearance; and when the transaction requires security clearance, send a transaction token to the client system, the transaction token uniquely identifying the transaction among a plurality of transactions; the VM launch module is configured to detect a receipt by the client system of the transaction token; and the hypervisor is configured to: expose a secure VM on the client system, the secure VM comprising a virtualized processor, and in response to the VM launch module detecting the receipt of the transaction token, switch the client system to executing the secure VM, wherein executing the secure VM comprises: employing the virtualized processor to display an overview of the transaction to a user of the client system, in response to displaying the overview, employing the virtualized processor to receive a user input indicating that the user agrees to the transaction, and in response to receiving the user input, employing the virtualized processor to send a transaction authorization to the server computer system, wherein the transaction authorization is required by the server computer system to perform the transaction. 19 . The computer-readable medium of claim 18 , wherein the client application comprises a web browser application. 20 . The computer-readable medium of claim 18 , wherein the client application executes within a client VM exposed by the hypervisor on the client system, the client VM distinct from the secure VM. 21 . The computer-readable medium of claim 18 , wherein the secure VM is further configured to send an integrity measurement of the secure VM to the server computer system, and wherein the server computer system is configured to determine according to the integrity measurement whether the secure VM is in a trusted state. 22 . The computer-readable medium of claim 21 , wherein the server computer system is further configured, in response to determining whether the secure VM is in the trusted state, when the secure VM is in the tru