System and method for securely accessing data through web applications

US 10,158,618 B2
Filed: 03/06/2013
Issued: 12/18/2018
Est. Priority Date: 03/06/2013
Status: Active Grant

First Claim

Patent Images

1. A system to provide information server security, said system comprising:

a computer apparatus configured to transmit a solicitation of requests for service by a requestor via a public data network;

a server network infrastructure having;

a web server on a first secured network space, said web server configured to receive said solicitation of request for service and transmit said solicitation of request for service;

an application server configured to receive said solicitation of request for service from said web server and transmit said solicitation of requests for service;

a mediating entity client located on said first secured network space, said mediating entity client configured to receive said solicitation of request for service from said web server, authenticates said solicitation of request for service into a secure solicitation of request for service via an exchange of one or more credentials from a requestor, and transmit said secure solicitation of request for service, anda mediating entity server located on a second secured network space, said mediating entity server configured to receive said secure solicitation of request for service from said mediating entity client, said mediating entity server configured to authenticate said secure solicitation of request for service using a security protocol, wherein said security protocol further comprises an industry security protocol selected by a business organization without publicly disclosing the selected said industry security protocol and known only to privileged administrators and transmit an authenticated, secure solicitation of request for service; and

an information server located on said second secured network space, on a separate device from said mediating entity server on said second secured network space, said information server configured to receive said authenticated secure solicitation of request for service from said mediating entity server, said information server configured to extract data responsive to said authenticated secure solicitation of request for service from said requestor,wherein said server network infrastructure utilizes said mediating entity client as a secure communication intercessor amid said computer apparatus and said information server, to enable a secure communication initiated by said solicitation for service request received by said web server via said public data network from said requestor.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing information server security in a distributed computing environment achieved by injecting a proprietary mediating entity into the solicitation of service request process via web server between application servers and information servers. The system comprises a computer apparatus, a mediating entity, solicitation for service requests and responses to the solicitations for service requests. The mediating entity is comprised of an application server hosting a proprietary mediating entity client and a mediating entity server, where the proprietary mediating entity client comprises industry-recognized business organization selected security protocols. The information server comprises a database server and a database, the database comprises data that is extracted or stored based on the service request.

21 Citations

11 Claims

1. A system to provide information server security, said system comprising:
- a computer apparatus configured to transmit a solicitation of requests for service by a requestor via a public data network;
  
  a server network infrastructure having;
  
  a web server on a first secured network space, said web server configured to receive said solicitation of request for service and transmit said solicitation of request for service;
  
  an application server configured to receive said solicitation of request for service from said web server and transmit said solicitation of requests for service;
  
  a mediating entity client located on said first secured network space, said mediating entity client configured to receive said solicitation of request for service from said web server, authenticates said solicitation of request for service into a secure solicitation of request for service via an exchange of one or more credentials from a requestor, and transmit said secure solicitation of request for service, anda mediating entity server located on a second secured network space, said mediating entity server configured to receive said secure solicitation of request for service from said mediating entity client, said mediating entity server configured to authenticate said secure solicitation of request for service using a security protocol, wherein said security protocol further comprises an industry security protocol selected by a business organization without publicly disclosing the selected said industry security protocol and known only to privileged administrators and transmit an authenticated, secure solicitation of request for service; and
  
  an information server located on said second secured network space, on a separate device from said mediating entity server on said second secured network space, said information server configured to receive said authenticated secure solicitation of request for service from said mediating entity server, said information server configured to extract data responsive to said authenticated secure solicitation of request for service from said requestor,wherein said server network infrastructure utilizes said mediating entity client as a secure communication intercessor amid said computer apparatus and said information server, to enable a secure communication initiated by said solicitation for service request received by said web server via said public data network from said requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said mediating entity client is implemented in a non-transitory computer readable medium on said application server.
  - 3. The system of claim 2, wherein said security protocol comprise at least one of a plurality of industry authentication protocols.
  - 4. The system of claim 1, wherein said web server authenticates said requestor before transmitting said solicitation of requests for service.
  - 5. The system of claim 1 wherein said web server and said application server function on the same computer apparatus.
  - 6. The system of claim 1, wherein said solicitation of request for service originates from said computer apparatus.
  - 7. The system of claim 6, wherein said computer apparatus is a mobile device.

8. A method of providing information server security, said method comprising the steps of:
- providing a secure network infrastructure having;
  
  a web server on a first secured network space, said web server configured to receive a service request and transmit said service request;
  
  an application server configured to receive said service request from said web server and transmit said service request;
  
  a mediating entity client located on said first secured network space, said mediating entity client configured to receive said service request from said web server and transmit said service request for service;
  
  a mediating entity server located on a second secured network space, said mediating entity server configured to receive said service request from said mediating entity client, said mediating entity server configured with a security protocol; and
  
  an information server located on said second secured network space, on a separate device from said mediating entity server on said second secured network space;
  
  soliciting said service request from a computer apparatus to an information server via a public data network;
  
  receiving said service request from said web server at said mediating entity client, wherein said mediating entity client authenticates said service request into a secure service request via an exchange of one or more credentials from a requestor and transmits said secure service request to said mediating entity server;
  
  authenticating said secure service request via said security protocol, wherein said security protocol further comprises an industry security protocol selected by a business organization without publicly disclosing the selected said industry security protocol and known only to privileged administrators by said mediating entity server;
  
  transmitting said authenticated secure service request from said mediating entity server to said information server; and
  
  obtaining data from said information server responsive to said authenticated secure service request.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein said security protocol further comprises utilizing at least one of a plurality of business security protocols to further perform the step of:
    - providing a means of authentication for a requestor, wherein said plurality of business protocols comprise at least one of a plurality of industry authentication protocols.
  - 10. The method of claim 9, wherein said mediating entity further performs the step of:
    - providing a layer of security for said information server against malicious attacks;
      
      implementing said plurality of business security protocols;
      
      authenticating said requestor, wherein said authentication adheres to said business security protocols and utilizes at least one of a plurality of credentials provided by said requestor.
  - 11. The method of claim 10, wherein said information server further performs the steps of:
    - integrating a requestor'"'"'s data into a computer readable medium; and
      
      transmitting said requestor'"'"'s data to said mediating entity server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nuesoft Technologies Incorporated (Global Payments Incorporated)
Original Assignee
Nuesoft Technologies Incorporated (Global Payments Incorporated)
Inventors
Alibakhsh, Massoud, Famorzadeh, Shahram
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Teng, Louis C

Application Number

US13/786,723
Publication Number

US 20140259105A1
Time in Patent Office

2,113 Days
Field of Search

726 3, 726 4, 726 5
US Class Current
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/14 for detecting or protecting...

System and method for securely accessing data through web applications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely accessing data through web applications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links