Method and apparatus for processing requests in a network data processing system based on a trust association between servers

US 20020091757A1
Filed: 01/05/2001
Published: 07/11/2002
Est. Priority Date: 01/05/2001
Status: Active Grant

First Claim

Patent Images

1. A method in a data processing system for authenticating a request, the method comprising:

receiving a request from a client;

performing authentication of the request;

adding information to the request to form a modified request, wherein the information indicates that the request is from a trusted source; and

sending the modified request to a server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and computer implemented instructions for handling requests in a network data processing system. The network data processing system includes a network and clients connected to the network. A first server is present in which the first server receives a request from a client to access a resource, performs an authentication process with the client, add information to the request in which the information indicates that the request is from a trusted source to form a modified request, and sends the modified request for processing. This modified request is received by a second server. This second server determines whether the first server is a trusted server based on the information, and provides access to the resource in response to a determination that the first server is a trusted server. If the second server receives the request directly from a client, it would process the request by itself instead of basing its trust on any of the known first servers.

79 Citations

View as Search Results

37 Claims

1. A method in a data processing system for authenticating a request, the method comprising:
- receiving a request from a client;
  
  performing authentication of the request;
  
  adding information to the request to form a modified request, wherein the information indicates that the request is from a trusted source; and
  
  sending the modified request to a server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the request is a request to access data.
  - 3. The method of claim 1, wherein the data processing system is a reverse proxy server.
  - 4. The method of claim 1, wherein the information includes a user identification.
  - 5. The method of claim 1, wherein the information includes an identification of the data processing system.

6. A method in a data processing system for processing a request, the method comprising:
- receiving a request from a server, wherein the request is originated by a client;
  
  determining whether selected information is represent in the request; and
  
  responsive to the selected information being present in the request, processing the request.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 20, 21, 22, 23, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35)
- - 7. The method of claim 6, wherein the request is originated by a user at the client and wherein the request requests access to a resource and wherein the processing step comprises:
    - determining whether the user is authorized to access to the resource; and
      
      responsive to a determination that the user is authorized, accessing the resource using the request.
  - 8. The method of claim 6, wherein the server is a reverse proxy server.
  - 9. The method of claim 6, wherein the information is an identification of the server.
  - 10. The method of claim 6, wherein the information is a user name and password.
  - 11. The method of claim 6, wherein the selected information is a presence of a value within a preselected location in the request.
  - 12. The method of claim 6, wherein the determining step is executed using a set of interceptors.
  - 14. The data processing system of claim 13, wherein the bus system is a single bus.
  - 15. The data processing system of claim 13, wherein the bus system includes a primary bus and a secondary bus.
  - 16. The data processing system of claim 13, wherein the processing unit includes a plurality of processors.
  - 17. The data processing system of claim 13, wherein the communications unit is one of a modem and Ethernet adapter.
  - 20. The network data processing system of claim 19 further comprising a third server connected to the network, wherein the third server receives requests from clients to access a resource, performs an authentication process with the clients, add information to the requests in which the information indicates that the requests are from a trusted source to form modified requests, and sends the modified requests to the second server for processing.
  - 21. The network data processing system of claim 19, wherein the network is at least one of a local area network, an intranet, an extranet and an Internet.
  - 22. The network data processing system of claim 19, wherein the second server includes a set of interceptors in which the set of interceptors are used to determine whether the first server is a trusted server, wherein the request is sent to each of the set of interceptors to determine whether the interceptors can handle the request.
  - 23. The network data processing system of claim 19, wherein the second server receives the request directly from the client.
  - 25. The data processing system of claim 24, wherein the request is a request to access data.
  - 26. The data processing system of claim 24, wherein the data processing system is a reverse proxy server.
  - 27. The data processing system of claim 24, wherein the information includes a user identification.
  - 28. The data processing system of claim 24, wherein the information includes an identification of the data processing system.
  - 30. The data processing system of claim 29, wherein the determining means is a first determining means and wherein the request is originated by a user at the client and wherein the request requests access to a resource and wherein the processing step comprises:
    - second determining means for determining whether the user is authorized to access to the resource; and
      
      accessing means for accessing the resource using the request in response to a determination that the user is authorized.
  - 31. The data processing system of claim 29, wherein the server is a reverse proxy server.
  - 32. The data processing system of claim 29, wherein the information is an identification of the server.
  - 33. The data processing system of claim 29, wherein the information is a user name and password.
  - 34. The data processing system of claim 29, wherein the selected information is a presence of a value within a preselected location in the request.
  - 35. The data processing system of claim 29, wherein the determining means includes a set of interceptors.

13. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive a request from a client;
  
  perform authentication of the request;
  
  add information to the request is from a trusted source to form a modified request, wherein the information indicates that the request; and
  
  send the modified request to a server.

18. A data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive a request from a server, wherein the request is originated by a client;
  
  determine whether selected information is represent in the request; and
  
  process the request, in response to the selected information being present in the request.

19. A network data processing system comprising:
- a network;
  
  a plurality of clients connected to the network;
  
  a first server connected to the network, wherein the first server receives a request from a client to access a resource, performs an authentication process with the client, add information to the request in which the information indicates that the request is from a trusted source to form a modified request, and sends the modified request for processing; and
  
  a second server connected to the network, wherein the second server receives the modified request from a first server, determines whether the first server is a trusted server based on the information, and provides access to the resource in response to a determination that the first server is a trusted server.

24. A data processing system for authenticating a request, the data processing system comprising:
- receiving means for receiving a request from a client;
  
  performing means for performing authentication of the request;
  
  adding means for adding information to the request to form a modified request, wherein the information indicates that the request is from a trusted source; and
  
  sending means for sending the modified request to a server.

29. A data processing system for processing a request, the data processing system comprising:
- receiving means for receiving a request from a server, wherein the request is originated by a client;
  
  determining means for determining whether selected information is represent in the request; and
  
  processing means for processing the request in response to the selected information being present in the request.

36. A computer program product in a computer readable medium for authenticating a request, the computer program product comprising:
- first instructions for receiving a request from a client;
  
  second instructions for performing authentication of the request;
  
  third instructions for adding information to the request is from a trusted source to form a modified request, wherein the information indicates that the request; and
  
  fourth instructions for sending the modified request to a server.

37. A computer program product in a computer readable medium for processing a request, the computer program product comprising:
- first instructions for receiving a request from a server, wherein the request is originated by a client;
  
  second instructions for determining whether selected information is represent in the request; and
  
  third instructions, responsive to the selected information being present in the request, for processing the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nagaratnam, Nataraj, Cuomo, Gennaro A., Jamison, Wilfred C.

Granted Patent

US 6,965,939 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 67/56   Provisioning of proxy servi...

H04L 67/561   Adding application-function...

Method and apparatus for processing requests in a network data processing system based on a trust association between servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for processing requests in a network data processing system based on a trust association between servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links