Proxy server security token authorization

US 20050005133A1
Filed: 04/24/2003
Published: 01/06/2005
Est. Priority Date: 04/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing use of a computer resource comprising:

(a) issuing, to a user, an authorization token having data;

(b) examining, with a proxy server, the authorization token for authenticity; and

(c) if the authorization token is authentic, said proxy server using said authorization token data to establish a connection with said computer resource on behalf of the user.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management server manufactures a secure, tamper-resistant token for a particular user specifying the permissions and authorizations that user possesses. The token may be in the form of a digitally-signed message specifying, for example, a particular computer and associated port number that the user is permitted to access. The management server delivers the token to the user, preferably over a secure communications session. When challenged, the user presents the secure token to the security proxy server. The security proxy server examines the token to be sure it is authentic and has not be tampered with, and then extracts information contained in the token to determine the user'"'"'s authorization to access a particular computer, particular port number and/or other resource. The security proxy server then establishes authorized communication with the authorized computing resource based on the information contained in the user'"'"'s token, and thereafter may act in one embodiment as essentially a passthrough or proxy for permitting the user to access and communicate with the resource.

98 Citations

View as Search Results

16 Claims

1. A method of authorizing use of a computer resource comprising:
- (a) issuing, to a user, an authorization token having data;
  
  (b) examining, with a proxy server, the authorization token for authenticity; and
  
  (c) if the authorization token is authentic, said proxy server using said authorization token data to establish a connection with said computer resource on behalf of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein said issuing is performed by a trusted entity different from said proxy server.
  - 3. The method of claim 2 wherein said trusted entity comprises a management server.
  - 4. The method of claim 1 wherein said issuing includes digitally signing said token with a digital signature and said examining includes authenticating said digital signature
  - 5. The method of claim 1 wherein said issuing includes time-stamping said token.
  - 6. The method of claim 1 further including said proxy server challenging said user for said token and said user responding to said challenge by presenting said token to said proxy server.
  - 7. The method of claim 1 wherein said using step is performed conditionally based at least in part on whether said token is unexpired.
  - 8. The method of claim 1 wherein said using step includes extracting a computer name and port number from said token and establishing a connection using said computer name and port number.

9. A proxy server comprising:
- means for receiving an authorization token from a user device;
  
  means for examining said token to determine the authenticity thereof; and
  
  means for establishing a proxy server session conditioned on the authenticity of said token, wherein said proxy server acts as an intermediary between said user device and a computing resource the token specifies.

10. A proxy server comprising:
- a challenge function that challenges a user device to present a token;
  
  a token validator that validates said token; and
  
  a session controller that intermediates a session between said user device and a computing resource conditioned at least in part on token validation by said token validator.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The proxy server of claim 10 wherein said token is digitally signed and said token validator validates said digital signature.
  - 12. The proxy server of claim 10 wherein said session controller establishes a proxy connection with said computing resource based at least in part on information contained in said token.
  - 13. The proxy server of claim 12 wherein said contained information includes at least computer name and port number.
  - 14. The proxy server of claim 10 wherein said token validator determines whether said token has expired and whether said token has been tampered with.
  - 15. The proxy server of claim 10 wherein said token is issued by a trusted entity different from said proxy server.
  - 16. The proxy server of claim 10 wherein said proxy server establishes a first connection behind a firewall with a legacy host computer not equipped with SL/TLS and established a second connection with said user device through said firewall, said proxy server proxying, in said first connection, on behalf of the user device connection 17. A communications protocol including:
    - a token challenge message;
      
      a responsive token response message including a digitally signed token; and
      
      a proxy session with a host computer conditioned on said digitally signed token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Attachmate Corporation (Open Text Corporation)
Original Assignee
Attachmate Corporation (Open Text Corporation)
Inventors
Xia, Sharon Hong, Brombaugh, Dan

Granted Patent

US 7,836,493 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/0807 using tickets, e.g. Kerbero...

Proxy server security token authorization

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy server security token authorization

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links