TECHNIQUES FOR MANAGING COMMUNICATION SESSIONS
First Claim
Patent Images
1. A machine-implemented method, comprising:
- detecting an access authorization received from an identity service, wherein the access authorization is generated by the identity service in response to a request issued by a principal for access to a protected resource and the request is initially handled by a first virtual machine that redirected the request to the identity service for authentication; and
broadcasting the access authorization within a secure network, the secure network includes the first virtual machine and second virtual machines, the first virtual machine and each of the second virtual machines capable of servicing the request for access to the protected resource, and wherein the access authorization includes a first virtual machine identifier and a first virtual machine assigned session identifier to uniquely identify a communication session between the principal and the protected resource that is to be initially handled by the first virtual machine.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for managing communication sessions are provided. Secure communication sessions are authenticated via a third-party service and the authenticated responses are broadcasts to multiple virtual machines within a secure network. Each session associated with a principal that is accessing a protected resource of the secure network. The virtual machines assume ownership roles and backup roles for managing the communication session to provide failover support for the communication sessions and in some instances load balancing of the communication sessions.
234 Citations
24 Claims
-
1. A machine-implemented method, comprising:
-
detecting an access authorization received from an identity service, wherein the access authorization is generated by the identity service in response to a request issued by a principal for access to a protected resource and the request is initially handled by a first virtual machine that redirected the request to the identity service for authentication; and broadcasting the access authorization within a secure network, the secure network includes the first virtual machine and second virtual machines, the first virtual machine and each of the second virtual machines capable of servicing the request for access to the protected resource, and wherein the access authorization includes a first virtual machine identifier and a first virtual machine assigned session identifier to uniquely identify a communication session between the principal and the protected resource that is to be initially handled by the first virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method, comprising:
-
receiving a request from a principal to access a protected resource on a first virtual machine of a secure network; producing session authentication information for a communication session between the principal and the protected resource, wherein the session authentication information includes a session identifier for the communication session and a first virtual machine identifier for the first virtual machine that is to handle the communication session once the request is properly authenticated for access to the protected resource; and redirecting the request with the session authentication information to an identity service for authentication. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-implemented method, comprising:
-
receiving an authentication authorization associated with a request for access to a protected resource of a secure network; identifying with the authentication authorization a first virtual machine identifier and a session identifier that a first virtual machine assigned to a communication session between a principal and the protected resource; determining that the first virtual machine identifier and the session identifier are not present in a session table; and creating session metadata for the communication session and associating the session metadata with the communication session in the session table for subsequent use if the first virtual machine experiences processing loads beyond a threshold or if the first virtual machine fails during the communication session. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A machine-implemented system, comprising:
-
a gateway device processing as an intermediary between a secure and insecure network; and an authorization socket listener service implemented in a computer-readable storage medium and to process on the gateway device; wherein authorization socket listener service detects authentication authorizations for principals by listening on a specific port that an identity service uses to send the authentication authorizations, wherein the principals have requested interaction to protected resources of the secure network, which prompts authentication to occur via the identity service and the authentication authorizations to be sent on the specific port, and wherein the authorization socket listener service broadcasts the authentication authorizations over the secure network to a plurality of virtual machines, and wherein the virtual machines cooperate to provide load balancing and failover service for communication sessions between the principals and the protected resources within the secure network. - View Dependent Claims (22, 23, 24)
-
Specification