Capability-enabled uniform resource locator for secure web exporting and method of using same

US 20030061515A1
Filed: 09/27/2001
Published: 03/27/2003
Est. Priority Date: 09/27/2001
Status: Abandoned Application

First Claim

Patent Images

1. A communications network with controlled access to web resources comprising:

an intranet having a firewall and a web enabled resource;

a reverse proxy server for controlling access to said intranet coupled to said intranet and coupled to said web browser enabled client, said reverse proxy server having a database with a record associated with said web enabled resource, said record containing a unique identification number and a random number;

wherein access to said web enabled resource is granted to a web browser enabled client in response to submission of a uniform resource identifier (URI) containing a character string produced by an encoding of said identification number and said random number to said reverse proxy server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for providing a user with selective access to resources on an intranet. In a communications network accessible using HTTP, a reverse proxy server is coupled to an intranet and also coupled to a browser enabled client. Requests for access to resources inside the intranet are made through the reverse proxy server. Access to the requested resource is provided to the client by means of a capability-enabled uniform resource locator (URI) having a character string that is produce by encoding an identification number and a random number. The character string, identification number and random number are associated with a database record accessed by the reverse proxy server to determine whether access is to be provided to the client, and what conditions to apply to the access when the capability-enabled URI is invoked. Multiple resources may be grouped together in a secure container to which access is provided. The capability-enabled URI may be used to provide access to common gateway interface (CGI) scripts.

83 Citations

View as Search Results

31 Claims

1. A communications network with controlled access to web resources comprising:
- an intranet having a firewall and a web enabled resource;
  
  a reverse proxy server for controlling access to said intranet coupled to said intranet and coupled to said web browser enabled client, said reverse proxy server having a database with a record associated with said web enabled resource, said record containing a unique identification number and a random number;
  
  wherein access to said web enabled resource is granted to a web browser enabled client in response to submission of a uniform resource identifier (URI) containing a character string produced by an encoding of said identification number and said random number to said reverse proxy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The communications network of claim 1, wherein said web enabled resource comprises a printer.
  - 3. The communications network of claim 1, wherein said web enabled resource comprises a hypertext markup language (HTML) document.
  - 4. The communications network of claim 1, wherein said web browser enabled client is coupled to said reverse proxy server by a wireless communications link.
  - 5. The communications network of claim 4, wherein said web browser enabled client is also coupled to said intranet by a wireless communications link.
  - 6. The communications network of claim 1, wherein said URI is submitted using hypertext transfer protocol (HTTP).
  - 7. The communications network of claim 1, wherein said URI is submitted using hypertext transfer protocol with secure socket layer (HTTPS).
  - 8. The communications network of claim 1, wherein said character string is encoded using six bits or less per character.
  - 9. The communications network of claim 8 wherein said character string is encoded using base 64 encoding.
  - 10. The communications network of claim 1, wherein said record further includes a start time designating the time at which access is enabled.
  - 11. The communications network of claim 1, wherein said record further includes an end time designating the time at which access is disabled.
  - 12. The communications network of claim 1, wherein said web enabled resource is a CGI script.
  - 13. The communications network of claim 1, wherein said web enabled resource is contained in a secure container.

14. A method for providing access to a resource on a communications network comprising:
- associating an identification number and a random number with said resource;
  
  encoding said identification number and said random number into a first character string using a coding method;
  
  receiving a request for access to said resource, said request including a uniform resource identifier (URI) having a scheme dependent part , said scheme dependent part further including a second character string with a length identical to the length of said first character string;
  
  decoding said second character string into a first number and a second number using said coding method;
  
  comparing said first number to said identification number;
  
  comparing said second number to said random number; and
  
  , granting access to said resource if said first number matches said identification number and said second number matches said random number.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The method of claim 14, wherein said URI further includes a query.
  - 16. The method of claim 14, wherein said URI is received using hypertext transfer protocol (HTTP).
  - 17. The method of claim 14, wherein said URI is received using hypertext transfer protocol with secure socket layer (HTTPS).
  - 18. The method of claim 14, wherein said record further includes a start time indicating the time at which said access is enabled.
  - 19. The method of claim 14, wherein said record further includes an end time indicating the time at which said access is disabled.
  - 20. The method of claim 14, wherein said record further includes a log for counting the number of accesses granted.
  - 21. The method of claim 20, wherein said record further includes a limit on the number of accesses.

22. A reverse proxy server for controlling access to a web enabled resource on a communications network comprising:
- a database record associating an identification number, a random number and a first character string with said resource, wherein said character string is the product of encoding said identification number and said random number;
  
  a means for receiving a request for access to said resource, wherein said request includes a uniform resource identifier (URI) having a scheme dependent part, said scheme dependent part further including a second character string with a length identical to the length of said first character string;
  
  a processor means for decoding said identification number and said random number into a first character string a processor means for comparing said first number to said identification number; and
  
  a processor means for comparing said second number to said random number.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The reverse proxy server of claim 22, wherein said URI further includes a query.
  - 24. The reverse proxy server of claim 22, wherein said means for receiving a request uses hypertext transfer protocol.
  - 25. The reverse proxy server of claim 22, wherein said means for receiving a request uses hypertext transfer protocol with secure socket layer (HTTPS).
  - 26. The reverse proxy server of claim 22, wherein said record further includes a start time indicating the time at which said access is enabled.
  - 27. The reverse proxy server of claim 22, wherein said record further includes an end time indicating the time at which said access is disabled.
  - 28. The reverse proxy server of claim 22, wherein said record further includes a log for counting the number of accesses granted.
  - 29. The reverse proxy server of claim 28, wherein said record further includes a limit on the number of accesses.
  - 30. The reverse proxy server of claim 22, wherein said web enabled resource is a CGI script.
  - 31. The reverse proxy server of claim 22, wherein said web enabled resource is contained in a secure container.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Kindberg, Timothy, Atkin, Benjamin

Application Number

US09/967,146
Publication Number

US 20030061515A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/1425   Traffic logging, e.g. anoma...

Capability-enabled uniform resource locator for secure web exporting and method of using same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Capability-enabled uniform resource locator for secure web exporting and method of using same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others