SECURE CUSTOMER INTERFACE FOR WEB BASED DATA MANAGEMENT
First Claim
1. A security system for communications network management having an integrated customer interface, said security system comprising:
- (a) a plurality of client web browsers to enable interactive secure communications with said system, each of said web browsers identified with a customer and providing an integrated interface for said customer, each of said web browsers supporting client identification, client authentication and secure sockets layer communications protocol;
(b) at least one secure web server for managing secure client sessions over the internet, said secure web server supporting secure socket layer for encrypted communication between said client browser and said secure web server, said secure server also providing session management including client identification, validation and session management to link said session with said client;
(c) at least one dispatcher server for communicating with said secure web server through a first firewall, and communicating with a plurality of proxy services and system resources using an internal network, said dispatcher server providing verification of system access after client entitlements have been verified;
(d) said plurality of system resources providing communications network management capabilities for said client, each of said system resources responsive to a request from one of said plurality of client browsers to generate client data or instructions relating to said communications network.
9 Assignments
0 Petitions
Accused Products
Abstract
An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described.
82 Citations
36 Claims
-
1. A security system for communications network management having an integrated customer interface, said security system comprising:
-
(a) a plurality of client web browsers to enable interactive secure communications with said system, each of said web browsers identified with a customer and providing an integrated interface for said customer, each of said web browsers supporting client identification, client authentication and secure sockets layer communications protocol;
(b) at least one secure web server for managing secure client sessions over the internet, said secure web server supporting secure socket layer for encrypted communication between said client browser and said secure web server, said secure server also providing session management including client identification, validation and session management to link said session with said client;
(c) at least one dispatcher server for communicating with said secure web server through a first firewall, and communicating with a plurality of proxy services and system resources using an internal network, said dispatcher server providing verification of system access after client entitlements have been verified;
(d) said plurality of system resources providing communications network management capabilities for said client, each of said system resources responsive to a request from one of said plurality of client browsers to generate client data or instructions relating to said communications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system having an integrated and secure customer interface for communications network management, said system including a web browser for use on a client computer, and a secure web server having a system home page, said system comprising:
-
(a) a client web browser for displaying said system log on and home pages, (b) at least one Java applet embedded in said home page to provide interactive sessions with said communications network, said sessions including client authentication, session authentication and transaction requests for said communications network, (c) an encryption layer between said browser and said secure server to provide encryption of each client session with a public key provided by said communications network, each session also including session authentication with a client cookie generated by said system, said session cookie being encrypted with said public key during transmission of each transaction request to said secure server;
(d) at least one security firewall on either side of said secure server to prevent direct public access to said communications network. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. An integrated network system having a plurality of on-line system security functions for a plurality of disparate application servers and services over the public Internet, the network system comprising:
-
a plurality of disparate application server platforms, each server platform having one or more transaction requesting nodes, each of the transaction requesting nodes generating a plurality of transaction requests;
at least one client object resident in a customer platform, the client object having a user interface for enabling a customer to interact with one or more of the disparate application servers on the integrated network system, the client object also generating transaction requests in response to a customer selection;
an administrative server platform, said administrative server platform having a security profile for each customer having access to said network system, said security profile having information associated with the customer;
a first security module for encrypting transactions between said customer platform and said network system in accordance with a first security protocol;
a second security module for encrypting transactions between within said network system with a second security protocol;
a plurality of messaging objects for encapsulating the transaction requests and the transaction responses and communicating the transaction requests and the transaction responses between the client object, the security modules, and the transaction requesting nodes on the disparate application server platforms, whereby each of the transaction requesting nodes may obtain the security profile associated with the customer by transacting with the administrative server platform. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method for providing a secure communications session between a customer and an enterprise network over the public Internet, said method comprising:
-
(a) authenticating a secure server to a customer'"'"'s client browser over the Internet;
(b) encrypting communications between said client browser and said secure server with a first security protocol;
(c) authenticating said customer and a set of customer entitlement at log on with an authentication server;
(d) encrypting communications within said network with a second security protocol;
(e) creating a session management object at each log on to authenticate the customer'"'"'s browser at each communication from the browser during the communications session. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification