Platform-neutral system and method for providing secure remote operations over an insecure computer network
First Claim
1. A method of enhancing the security of a message sent by a principal from a client computer through a network server to a destination server, comprising the steps of:
- (a) obtaining by the client computer credentials for authorizing the principal from a validation center;
(b) establishing a secure connection for exchanging data between the client and the network server;
(c) transmitting from the client computer to the network server the principal-authenticating credentials and the message;
(d) transmitting the principal-authenticating credentials from the network server to the validation center;
(e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials;
(f) verifying the authorization of the principal in the network server to access a digital certificate and issuing a digital certificate to the network server;
(g) establishing a secure connection for exchanging data between the network server and the destination server based on the digital certificate;
and (h) transmitting the message to the destination server.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product are disclosed for enhancing the security of a message sent through a network server from a client computer to a destination server running any computer platform. Credentials for authorizing a principal are obtained by the client computer from a validation center. The principal-authentication information is transmitted to the network server. The network server may use the principal-authenticating information to obtain permission data from the validation center for use in accessing the destination server. Also described is a method of providing a remote interactive login connection using the same method.
-
Citations
36 Claims
-
1. A method of enhancing the security of a message sent by a principal from a client computer through a network server to a destination server, comprising the steps of:
-
(a) obtaining by the client computer credentials for authorizing the principal from a validation center;
(b) establishing a secure connection for exchanging data between the client and the network server;
(c) transmitting from the client computer to the network server the principal-authenticating credentials and the message;
(d) transmitting the principal-authenticating credentials from the network server to the validation center;
(e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials;
(f) verifying the authorization of the principal in the network server to access a digital certificate and issuing a digital certificate to the network server;
(g) establishing a secure connection for exchanging data between the network server and the destination server based on the digital certificate;
and (h) transmitting the message to the destination server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of providing a remote interactive login connection for a principal from a client computer through a network server to a destination server, comprising the steps of:
-
(a) obtaining credentials for authorizing the principal from a validation center;
(b) establishing a secure connection for exchanging data between the client and the network server;
(c) transmitting from the client computer to the network server the principal-authenticating credentials;
(d) transmitting the principal-authenticating credentials from the network server to the validation center;
(e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials;
(f) verifying the authorization of the principal in the network server to access a digital certificate and issuing a digital certificate to the network server;
(g) establishing a secure connection for exchanging data between the network server and the destination server based on the digital certificate; and
(h) executing a command interpreter in the destination computer wherein the command interpreter may execute commands sent by the client computer.
-
-
24. A computer system for enhancing the security of one or more messages sent by a principal comprising:
-
a client computer for transmitting principal-authenticating credentials and the one or more messages;
a gateway computer operatively connected to the client computer, the gateway computer receiving principal-authenticating credentials and the one or more messages from the client computer;
a validation computer operatively connected to the gateway computer and capable of receiving the principal-authenticating credentials from the gateway computer and of transmitting permission data based on the principal-authenticating credentials to the gateway computer; and
one or more host computers operatively connected to the gateway computer and operating on any computer platform, wherein, based on the permission data, the gateway computer establishes a secure connection with at least one of the one or more host computers, and wherein the gateway computer transmits the one or more messages to at least one of the host computers. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer system for providing a remote interactive login connection comprising:
-
a client computer for transmitting principal-authenticating credentials;
a gateway computer operatively connected to the client computer, the gateway computer receiving principal-authenticating credentials;
a validation computer operatively connected to the gateway computer and capable of receiving the principal-authenticating credentials from the gateway computer and of transmitting permission data based on the principal-authenticating credentials to the gateway computer; and
one or more host computers operatively connected to the gateway computer and operating on any computer platform, wherein, based on the permission data, the gateway computer establishes a secure connection with the host computer. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
-
36. A computer program product for use with a computer system,
the computer program product comprising a computer readable storage medium and a computer program stored therein for carrying out a process comprising: -
(a) obtaining by the client computer credentials for authorizing the principal from a validation center;
(b) establishing a secure connection for exchanging data between a client and a network server;
(c) transmitting from the client computer to the network server the principal-authenticating credentials and the message;
(d) transmitting the principal-authenticating credentials from the network server to the validation center;
(e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials;
(f) verifying the authorization of the principal in the network server to access a digital certificate and issuing a digital certificate to the network server;
(g) establishing a secure connection for exchanging data between the network server and a destination server based on the digital certificate; and
(h) transmitting the message to the destination server.
-
Specification