Capability-enabled uniform resource locator for secure web exporting and method of using same
First Claim
1. A communications network with controlled access to web resources comprising:
- an intranet having a firewall and a web enabled resource;
a reverse proxy server for controlling access to said intranet coupled to said intranet and coupled to said web browser enabled client, said reverse proxy server having a database with a record associated with said web enabled resource, said record containing a unique identification number and a random number;
wherein access to said web enabled resource is granted to a web browser enabled client in response to submission of a uniform resource identifier (URI) containing a character string produced by an encoding of said identification number and said random number to said reverse proxy server.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for providing a user with selective access to resources on an intranet. In a communications network accessible using HTTP, a reverse proxy server is coupled to an intranet and also coupled to a browser enabled client. Requests for access to resources inside the intranet are made through the reverse proxy server. Access to the requested resource is provided to the client by means of a capability-enabled uniform resource locator (URI) having a character string that is produce by encoding an identification number and a random number. The character string, identification number and random number are associated with a database record accessed by the reverse proxy server to determine whether access is to be provided to the client, and what conditions to apply to the access when the capability-enabled URI is invoked. Multiple resources may be grouped together in a secure container to which access is provided. The capability-enabled URI may be used to provide access to common gateway interface (CGI) scripts.
83 Citations
31 Claims
-
1. A communications network with controlled access to web resources comprising:
-
an intranet having a firewall and a web enabled resource;
a reverse proxy server for controlling access to said intranet coupled to said intranet and coupled to said web browser enabled client, said reverse proxy server having a database with a record associated with said web enabled resource, said record containing a unique identification number and a random number;
wherein access to said web enabled resource is granted to a web browser enabled client in response to submission of a uniform resource identifier (URI) containing a character string produced by an encoding of said identification number and said random number to said reverse proxy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for providing access to a resource on a communications network comprising:
-
associating an identification number and a random number with said resource;
encoding said identification number and said random number into a first character string using a coding method;
receiving a request for access to said resource, said request including a uniform resource identifier (URI) having a scheme dependent part , said scheme dependent part further including a second character string with a length identical to the length of said first character string;
decoding said second character string into a first number and a second number using said coding method;
comparing said first number to said identification number;
comparing said second number to said random number; and
,granting access to said resource if said first number matches said identification number and said second number matches said random number. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A reverse proxy server for controlling access to a web enabled resource on a communications network comprising:
-
a database record associating an identification number, a random number and a first character string with said resource, wherein said character string is the product of encoding said identification number and said random number;
a means for receiving a request for access to said resource, wherein said request includes a uniform resource identifier (URI) having a scheme dependent part, said scheme dependent part further including a second character string with a length identical to the length of said first character string;
a processor means for decoding said identification number and said random number into a first character string a processor means for comparing said first number to said identification number; and
a processor means for comparing said second number to said random number. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification