Securing Communication over a Network Using Client Integrity Verification
First Claim
1. A method for securing communication over a network, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
receiving a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker;
in response to the request to connect with the server system;
verifying the integrity of the client system;
verifying the identity of a user of the client system, andin response to verifying the identity of the user and the integrity of the client system;
determining the access level permitted to the identified user;
based on the access level, determining which applications and resources the identified user is authorized to access;
in accordance with a determination that the user is authorized to access the requested applications and resources;
establishing a connection with the user agent;
transmitting session information to the server system that provides the requested applications and resources, wherein the transmitted session information identifies the requesting user agent; and
sending the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.
11 Citations
20 Claims
-
1. A method for securing communication over a network, comprising:
-
at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors; receiving a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker; in response to the request to connect with the server system; verifying the integrity of the client system; verifying the identity of a user of the client system, and in response to verifying the identity of the user and the integrity of the client system; determining the access level permitted to the identified user; based on the access level, determining which applications and resources the identified user is authorized to access; in accordance with a determination that the user is authorized to access the requested applications and resources; establishing a connection with the user agent; transmitting session information to the server system that provides the requested applications and resources, wherein the transmitted session information identifies the requesting user agent; and sending the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device for securing communication over a network, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; receiving a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker; in response to the request to connect with the server system; verifying the integrity of the client system; verifying the identity of a user of the client system, and in response to verifying the identity of the user and the integrity of the client system; determining the access level permitted to the identified user; based on the access level, determining which applications and resources the identified user is authorized to access; in accordance with a determination that the user is authorized to access the requested applications and resources; establishing a connection with the user agent; transmitting session information to the server system that provides the requested applications and resources, wherein the transmitted session information identifies the requesting user agent; and sending the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device with a camera, the one or more programs comprising instructions for:
-
receiving a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker; in response to the request to connect with the server system; verifying the integrity of the client system; verifying the identity of a user of the client system, and in response to verifying the identity of the user and the integrity of the client system; determining the access level permitted to the identified user; based on the access level, determining which applications and resources the identified user is authorized to access; in accordance with a determination that the user is authorized to access the requested applications and resources; establishing a connection with the user agent; transmitting session information to the server system that provides the requested applications and resources, wherein the transmitted session information identifies the requesting user agent; and sending the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification