Secure communication system and method
First Claim
1. A secure communication system comprising:
- a software program client operating on a host computing device, wherein said client is configured to access one or more protected services running on a computing device that is remote to said host computing device over a communication channel, and wherein said client is configured to unlock a token such that said client uses a particular user identity;
a service manager configured to manage said access to said protected services by said client, wherein said service manager is remote to said host computing device, and wherein said service manager maintains a list of predetermined services authorized for said client and limits said access of said client to said predetermined services;
an authorizer in communication between said client and said service manager, wherein said authorizer is operable to authenticate said client'"'"'s user identity and, upon authentication, request said predetermined services authorized for said client from said service manager to relay to said client; and
a receiver in communication with said service manager and serving as an interface to said protected services, wherein said receiver ignores connection requests from said client until a notification is received from said service manager authorizing said receiver to open a communication channel with said client, wherein access of at least one of a browser and an application of said client is limited to said predetermined services, and wherein the at least one of a browser and an application of said client communicates with said predetermined services through said receiver.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure communication system comprises a software program client operating on a host computing device, a service manager configured to manage client access to the protected services, an authorizer in communication between the client and the service manager, and a receiver in communication with the service manager and serves as an interface to the protected services. At least one of a browser and an application of the client is configured to access one or more protected services running on a computing device that is remote to the host computing device over a communication channel. The service manager maintains a list of predetermined services authorized for the client and limits client access to the predetermined services.
-
Citations
30 Claims
-
1. A secure communication system comprising:
-
a software program client operating on a host computing device, wherein said client is configured to access one or more protected services running on a computing device that is remote to said host computing device over a communication channel, and wherein said client is configured to unlock a token such that said client uses a particular user identity; a service manager configured to manage said access to said protected services by said client, wherein said service manager is remote to said host computing device, and wherein said service manager maintains a list of predetermined services authorized for said client and limits said access of said client to said predetermined services; an authorizer in communication between said client and said service manager, wherein said authorizer is operable to authenticate said client'"'"'s user identity and, upon authentication, request said predetermined services authorized for said client from said service manager to relay to said client; and a receiver in communication with said service manager and serving as an interface to said protected services, wherein said receiver ignores connection requests from said client until a notification is received from said service manager authorizing said receiver to open a communication channel with said client, wherein access of at least one of a browser and an application of said client is limited to said predetermined services, and wherein the at least one of a browser and an application of said client communicates with said predetermined services through said receiver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An authorizer comprising:
-
a communication device operable to send and receive messages over a network; and
a processing device in digital communication with said communication device, wherein said processing device is enabled to;authenticate an access request to one or more protected services running on a remote computing device based on a user identity received through said communication device from a client operating on a remote host computing device, wherein said user identity identifies the user requesting access to said protected services, and wherein said client acquires the user identity by unlocking a token; request a list of available services associated with said user identity from a service manager using said communication device, wherein said service manager maintains a list of predetermined services authorized for said user identity, and wherein said service manager is remote to said host computing device; and return said list of predetermined services to said client using said communication device. - View Dependent Claims (14, 15)
-
-
16. A service manager comprising:
-
a communication device operable to send and receive messages over a network; a memory device for storing access rights to one or more protected services running on a remote computing device; and a processing device in digital communication with said communication device and said memory device, wherein said processing device is enabled to; retrieve from said memory device a list of protected services authorized for a remote client operating on a host computing system based on a user identity received through said communication device from an authorizer, and return to said authorizer said list of said protected services associated with said user identity using said communication device, wherein said user identity is acquired when said client unlocks a token, and wherein said service manager is remote to said host computing device; and validate a request received through said communication device to access said protected services based on said access rights stored in said memory device and notify a receiver of said valid request, wherein said receiver is in communication between said client and said protected services when notified of said valid session request by said service manager, and wherein said receiver ignores all attempts to communicate with said protected services until notified of said valid session request. - View Dependent Claims (17, 18)
-
-
19. A receiver comprising:
-
a communication device operable to send and receive messages over a network; a memory; and a processing device in communication with said communication device; wherein said processing device is enabled to create a communication session between at least one of a browser and an application of a client operating on a host computing system and one or more protected services running on a remote computing device, and wherein said receiver is remote to said computing device running said protected services, wherein said processing device ignores requests from said client to access said protected services until said processing device receives an authorization from a service manager through said communication device to allow a secure communication session with said client, wherein said service manager is configured to manage access to said protected services, wherein said service manager is remote to said host computing device, and wherein said communication session between the at least one of a browser and an application of said client and said protected services is through said receiver, and wherein said processing device disconnects the secure communication session between the receiver and said client if the client fails to maintain a heartbeat with an authorizer. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method of securely accessing protected services running on a remote computing device by a remote client operating on a host computing system, the method comprising:
-
transmitting a user identity over a network to an authorizer for authentication, wherein the user identity is acquired by the client unlocking a token, wherein said authorizer is in communication with a service manager configured to limit access to said protected services based on limitations established by an administrator of said protected services, wherein said service manager is remote to said client operating on said host computing system; waiting to receive an authentication response from said authorizer over said network, wherein said authentication response includes a list of protected services authorized for said user identity; transmitting a request to access one or more services from said list of protected services to said authorizer over said network, wherein said authorizer relays said request to said service manager, and wherein said request is verified by said service manager based on said list of protected services authorized for said user identity; transmitting a connection request from the client over said network to a receiver, wherein said receiver is in communication with said protected services, and wherein said receiver is configured to ignore said connection request until said receiver receives a notification from said service manager that said request to access said protected services via a secure communication session has been verified; waiting for said receiver to validate said connection request and open a communication channel; and communicating with said service through said receiver over said communication channel. - View Dependent Claims (25, 26, 27)
-
-
28. A method of providing access to protected services running on a remote server comprising:
-
authenticating, with an authorizer, a client requesting access to said protected services based on a user identity received from said client, wherein said user identity identifies a host computing system running said client, and wherein said user identity is acquired by the client unlocking a token; requesting, with the authorizer, a list of protected services authorized for said host computing system based on said user identity from a service manager; and authorizing, with the service manager, a receiver to open a communication channel between at least one of a browser and an application of said client and said protected services through said receiver, wherein said service manager is remote to said client, wherein all communication between the at least one of a browser and an application of said client and said protected services is through said receiver, and wherein said access of the at least one of a browser and an application of said client to said protected services is limited to protected services authorized for said host computing system. - View Dependent Claims (29, 30)
-
Specification