Network access using multiple authentication realms
First Claim
1. A security gateway for accessing a network comprising:
- a plurality of realms, each realm being associated with a group of users and having one or more authentication stages for the associated group of users, each authentication stage requiring one or more sets of credentials and/or client integrity validations; and
a policy module having one or more policy servers collectively coupled to at least one of the realms, the policy module specifying one or more subgroups each having a specific access attribute within at least one of the plurality of realms.
1 Assignment
0 Petitions
Accused Products
Abstract
A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform. The client components include a control component operating in a browser window, a server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the fat client. The adapter component operates in kernel space. Data is directed from the fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the fat client. Security is provided through the use of multiple authentication realms, each of which provides a set of authentication stages for authenticating users and providing client integrity validation.
160 Citations
16 Claims
-
1. A security gateway for accessing a network comprising:
-
a plurality of realms, each realm being associated with a group of users and having one or more authentication stages for the associated group of users, each authentication stage requiring one or more sets of credentials and/or client integrity validations; and
a policy module having one or more policy servers collectively coupled to at least one of the realms, the policy module specifying one or more subgroups each having a specific access attribute within at least one of the plurality of realms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product, residing on a computer-readable medium, for use in accessing a network, the computer program product comprising instructions for causing a computer to:
-
establish a plurality of realms, each realm to be associated with a group of users and having one or more authentication stages for the associated group of users, each authentication stage requiring one or more sets of credentials and/or client integrity validations; and
establish one or more policies specifying one or more subgroups each having a specific access attribute within at least one of the plurality of realms.
-
Specification