Method and system to provide and manage secure access to internal computer systems from an external client

US 20020133723A1
Filed: 04/06/2001
Published: 09/19/2002
Est. Priority Date: 03/16/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing and managing secure access to computer resources from an external source, the method including the steps of :

—

a) receiving a message from said external source at an authorisation check module, b) requesting credentials from the external source, c) sending the message and credentials to a session management module, d) checking the credentials of the external source, and, if valid, issuing a ticket to the external source, the ticket being valid for a plurality of trusted computer systems, e) receiving a further message together with said ticket from said external source at said authorisation check module, f) checking the validity of the ticket via the session management module, and g) passing the message and ticket to an impersonator module which provides secure communication between the external source and the desired destination computer system or resource, the impersonator module also providing usage information to the session management module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing and managing secure access to computer systems or resources from an external client, the method including the steps of a) receiving a message from the client at an authorisation module, b) requesting credentials from the client, c) sending the message and credentials to a session management module, d) checking the credentials of the client, and, if valid, issuing a ticket to the client, the ticket being valid for a plurality of trusted computer systems, e) receiving a further message together with said ticket from the client at the authorisation module, f) checking the validity of the ticket via the session management module, and g) passing the message and ticket to an impersonator module which provides secure communication between the client and the desired destination computer system or resource, the impersonator module also providing usage information to the session management module.

143 Citations

7 Claims

1. A method of providing and managing secure access to computer resources from an external source, the method including the steps of :
- —
  
  a) receiving a message from said external source at an authorisation check module, b) requesting credentials from the external source, c) sending the message and credentials to a session management module, d) checking the credentials of the external source, and, if valid, issuing a ticket to the external source, the ticket being valid for a plurality of trusted computer systems, e) receiving a further message together with said ticket from said external source at said authorisation check module, f) checking the validity of the ticket via the session management module, and g) passing the message and ticket to an impersonator module which provides secure communication between the external source and the desired destination computer system or resource, the impersonator module also providing usage information to the session management module.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as claimed in claim 1 in which secure access is provided to a plurality of trusted computer systems or resources.
  - 3. A method as claimed in claim 2 in which the trustworthiness of each destination computer system or resource is established using a cryptographic methodology in which the public key characteristic of an internal computer system and the public key of the external destination computer system or resource are exchanged over a non-secure channel.
  - 4. Computer apparatus connected to a network adapted to perform a method as claimed in claim 1.
  - 5. Computer apparatus connected to a network adapted to perform a method as claimed in claim 2.
  - 6. Computer apparatus connected to a network adapted to perform a method as claimed in claim 3.
  - 7. Computer apparatus as claimed in claim 4, 5 or 6 including a user management module comprising a meta directory in the form of a global user profile database which controls a plurality of LDAP compliant directories.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
QED Intellectual Property Services Limited, Kleinwort Benson Bank Limited (RHJ International SA)
Original Assignee
Kleinwort Benson Bank Limited (RHJ International SA)
Inventors
Tait, John King Frederick

Application Number

US09/826,845
Publication Number

US 20020133723A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/166   at the transport layer

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

Method and system to provide and manage secure access to internal computer systems from an external client

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to provide and manage secure access to internal computer systems from an external client

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links