Secure customer interface for web based data management

US 20040019808A1
Filed: 07/18/2003
Published: 01/29/2004
Est. Priority Date: 09/26/1997
Status: Active Grant

First Claim

Patent Images

1. A security system for communications network management having an integrated customer interface, said security system comprising:

(a) at least one secure web server for managing secure sessions over the internet, said secure web server supporting secure socket layer for encrypted communication, said secure server also providing session management including customer identification, validation and session management to link said session with said customer;

(b) at least one dispatcher server for communicating with said secure web server through a first firewall, and communicating with a plurality of proxy services and a plurality of system resources using an internal network, said dispatcher server providing verification of system access after customer entitlements have been verified; and

(c) said plurality of system resources providing communications network management capabilities for said customer, each of said system resources responsive to a request to generate client data or instructions relating to said communications network.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described.

150 Citations

View as Search Results

16 Claims

1. A security system for communications network management having an integrated customer interface, said security system comprising:
- (a) at least one secure web server for managing secure sessions over the internet, said secure web server supporting secure socket layer for encrypted communication, said secure server also providing session management including customer identification, validation and session management to link said session with said customer;
  
  (b) at least one dispatcher server for communicating with said secure web server through a first firewall, and communicating with a plurality of proxy services and a plurality of system resources using an internal network, said dispatcher server providing verification of system access after customer entitlements have been verified; and
  
  (c) said plurality of system resources providing communications network management capabilities for said customer, each of said system resources responsive to a request to generate client data or instructions relating to said communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The security system for communications network management as claimed in claim 1 further comprising:
    - a plurality of client web browsers that enable interactive secure communications with said secure system and provide an integrated interface for said customer, each of said web browsers supporting client identification, client authentication and secure sockets layer communications protocol, wherein said system includes digital certificates to authenticate said secure server to said client web browser.
  - 3. The security system for communications network management as claimed in claim 1 wherein said session management further includes web cookie generation at each instance of client identification to link a session with said customer through a plurality of discrete client communications in said session to verify said customer to said dispatcher server at each transmission in said session.
  - 4. The security system for communications network management as claimed in claim 3 wherein said cookie is generated by a program on a separate server during an entitlements communications, after identification and authentication of the client.
  - 5. The security system for communications network management as claimed in claim 2 wherein said client web browser secure socket layer encrypts client identification, authentication and said session management cookie during each transmission.
  - 6. The security system for communications network management as claimed in claim 3 wherein said session cookies provide simultaneous session management for a plurality of system resource platforms.
  - 7. The security system for communications network management as claimed in claim 1 wherein said secure web server communicates with said dispatcher server over an encrypted socket connection.
  - 8. The security system for communications network management as claimed in claim 7 wherein said system includes encryption between said secure web server and said dispatcher server.
  - 9. The security system for communications network management as claimed in claim 2 wherein said system includes a first encryption algorithm for transmission of all customer data between said secure web server and said client browser for transmission of all customer data between said secure web server and said dispatcher server and a second encryption algorithm.
  - 10. The security system for communications network management as claimed in claim 2 wherein each client request from said web browser is encrypted with a public key provided by said communications network, and each of said client requests includes an encrypted client cookie for client authentication.

11. A system having an integrated and secure customer interface for communications network management, said system including a web browser for use on a client computer, and a secure web server having a system home page, said system comprising:
- (a) at least one Java applet embedded in said home page to provide interactive sessions with said communications network, said sessions including client authentication, session authentication and transaction requests for said communications network, (b) an encryption layer to provide encryption of each client session with a public key provided by said communications network, each session also including session authentication with a client cookie generated by said system, said session cookie being encrypted with said public key during transmission of each transaction request to said secure server;
  
  (c) at least one security firewall on either side of said secure server to prevent direct public access to said communications network.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system for communications network management as claimed in claim 11, said communications network further including a plurality of application servers for receiving transaction requests from said secure server, said secure server encrypting each of said transaction requests with a public key algorithm before transmission to a selected one of said application servers.
  - 13. The system for communications network management as claimed in claim 12, said system further including a dispatcher server for receiving transaction requests from said secure server, and dispatching said request to said selected one of said application servers.
  - 14. The system for communications network management as claimed in claim 11, wherein said communications network includes a router based firewall between said secure server and said public Internet, and a proxy based firewall between said secure server and any one of said applications servers.
  - 15. The system for communications network management as claimed in claim 11, wherein one of said Java applets is a user object, said object being populated with a first set of entitlement at log on, and a second set of entitlement during a session with a selected application sever.
  - 16. The system for communications network management as claimed in claim 11, said communications network further including an authentication server which determines entitlement for said user object following authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
WorldCom, Inc. (Verizon Communications Inc.)
Inventors
Shifrin, Gerald A., Devine, Carol Y., Shoulberg, Richard W.

Granted Patent

US 6,968,571 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0757   by exceeding a time limit, ...

G06F 11/0769   Readable error formats, e.g...

G06F 11/0775   Content or structure detail...

G06F 11/0781   Error filtering or prioriti...

G06F 11/0784   Routing of error reports, e...

G06F 11/202   where processing functional...

G06F 11/32   with visual or acoustical i...

G06F 11/324   Display of status information

G06F 11/327   Alarm or error message display

G06F 11/328   Computer systems status dis...

G06F 11/3495   for systems

G06F 16/972   Access to data in other rep...

G06F 21/00   Security arrangements for p...

G06F 21/41   where a single sign-on prov...

G06F 21/552   involving long-term monitor...

G06F 2201/81   Threshold

G06F 2201/86   Event-based monitoring

G06F 2201/875   Monitoring of systems inclu...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2149 : Restricted operating enviro...

G06Q 10/10 : Office automation; Time man...

G06Q 10/107 : Computer-aided management o...

G06Q 20/102 : Bill distribution or payments

G06Q 20/382 : insuring higher security of...

G06Q 30/02 : Marketing; Price estimation...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 30/0635 : Processing of requisition o...

G06Q 99/00 : Subject matter not provided...

H04L 12/14 : Charging , metering or bill...

H04L 12/1428 : Invoice generation, e.g. cu...

H04L 41/0213 : Standardised network manage...

H04L 41/0233 : Object-oriented techniques,...

H04L 41/024 : using relational databases ...

H04L 41/0253 : using browsers or web-pages...

H04L 41/06 : Management of faults, event...

H04L 41/0681 : Configuration of triggering...

H04L 41/08 : Configuration management of...

H04L 41/0803 : Configuration setting

H04L 41/0879 : Manual configuration throug...

H04L 41/0895 : Configuration of virtualise...

H04L 41/122 : of virtualised topologies, ...

H04L 41/142 : using statistical or mathem...

H04L 41/18 : Delegation of network manag...

H04L 41/22 : comprising specially adapte...

H04L 41/28 : Restricting access to netwo...

H04L 41/5009 : Determining service level p...

H04L 41/5022 : by giving priorities, e.g. ...

H04L 41/5029 : Service quality level-based...

H04L 41/5032 : Generating service level re...

H04L 41/5061 : characterised by the intera...

H04L 41/5064 : Customer relationship manag...

H04L 41/5067 : Customer-centric QoS measur...

H04L 41/5074 : Handling of user complaints...

H04L 41/5083 : wherein the managed service...

H04L 41/5096 : wherein the managed service...

H04L 43/00 : Arrangements for monitoring...

H04L 43/024 : by adaptive sampling

H04L 43/045 : for graphical visualisation...

H04L 43/06 : Generation of reports

H04L 43/062 : related to network traffic

H04L 43/065 : related to network devices

H04L 43/067 : using time frame reporting

H04L 43/0805 : by checking availability

H04L 43/0811 : by checking connectivity

H04L 43/0817 : by checking functioning

H04L 43/0829 : Packet loss

H04L 43/0847 : Transmission error

H04L 43/0852 : Delays

H04L 43/0876 : Network utilisation, e.g. v...

H04L 43/0888 : Throughput

H04L 43/0894 : Packet rate

H04L 43/091 : Measuring contribution of i...

H04L 43/10 : Active monitoring, e.g. hea...

H04L 43/106 : using time related informat...

H04L 43/16 : Threshold monitoring

H04L 51/00 : User-to-user messaging in p...

H04L 51/04 : Real-time or near real-time...

H04L 51/222 : using geographical location...

H04L 63/02 : for separating internal fro...

H04L 63/0209 : Architectural arrangements,...

H04L 63/0218 : Distributed architectures, ...

H04L 63/0236 : Filtering by address, proto...

H04L 63/0272 : Virtual private networks

H04L 63/0281 : Proxies

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/0464 : using hop-by-hop encryption...

H04L 63/08 : for authentication of entit...

H04L 63/0807 : using tickets, e.g. Kerbero...

H04L 63/0815 : providing single-sign-on or...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/162 : at the data link layer

H04L 63/166 : at the transport layer

H04L 63/168 : above the transport layer

H04L 63/18 : using different networks or...

H04L 65/1101 : Session protocols

H04L 65/401 : wherein the services involv...

H04L 65/80 : Responding to QoS

H04M 15/00 : Arrangements for metering, ...

H04M 15/41 : Billing record details, i.e...

H04M 15/43 : Billing software details

H04M 15/44 : Augmented, consolidated or ...

H04M 15/49 : Connection to several servi...

H04M 15/51 : for resellers, retailers or...

H04M 15/58 : based on statistics of usag...

H04M 15/705 : Account settings, e.g. limi...

H04M 15/721 : using the Internet

H04M 15/745 : Customizing according to wi...

H04M 15/80 : Rating or billing plans; Ta...

H04M 15/8044 : Least cost routing

H04M 15/83 : Notification aspects

H04M 15/8351 : before establishing a commu...

H04M 15/84 : Types of notifications

H04M 2215/0104 : Augmented, consolidated or ...

H04M 2215/0108 : Customization according to ...

H04M 2215/0152 : General billing plans, rate...

H04M 2215/0164 : Billing record, e.g. Call D...

H04M 2215/0168 : On line or real-time flexib...

H04M 2215/0176 : Billing arrangements using ...

H04M 2215/018 : On-line real-time billing, ...

H04M 2215/0188 : Network monitoring; statist...

H04M 2215/42 : Least cost routing, i.e. pr...

H04M 2215/46 : Connection to several servi...

H04M 2215/54 : Resellers-retail or service...

H04M 2215/7009 : Account settings, e.g. user...

H04M 2215/7045 : Using Internet or WAP

H04M 2215/745 : Least cost routing, e.g. Au...

H04M 2215/81 : Notifying aspects, e.g. not...

H04M 2215/8108 : before establishing a commu...

H04M 2215/8129 : Type of notification

H04M 2215/82 : Advice-of-Charge [AOC], i.e...

H04M 3/5175 : Call or contact centers sup...

H04M 3/5191 : interacting with the Internet

Y10S 379/90 : Internet, e.g. Internet pho...

Y10S 707/99931 : Database or file accessing

Y10S 707/99937 : Sorting

Y10S 707/99938 : Concurrency, e.g. lock mana...

Y10S 707/99939 : Privileged access

Y10S 707/99944 : Object-oriented database st...

Y10S 715/969 : Network layout and operatio...

View All

Secure customer interface for web based data management

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Secure customer interface for web based data management

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others