Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

US 20140223537A1
Filed: 03/11/2013
Published: 08/07/2014
Est. Priority Date: 02/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for securing communication over a network, comprising:

at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;

receiving a request to connect to applications and resources from a client system;

determining whether the client system is authorized to connect to the requested applications and resources; and

in response to determining the client system has authorization to connect to the requested applications and resources;

determining, from a plurality of potential proxy servers, a proxy server associated with the requested applications and resources;

transmitting an identification value for the client system to the determined proxy server;

transmitting the identification value to the client system; and

transmitting contact information for the determined proxy server to the client system, wherein all communication between the client system and the trust broker system for the requested applications and resources passes through the proxy server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.

Citations

18 Claims

1. A method for securing communication over a network, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
  
  receiving a request to connect to applications and resources from a client system;
  
  determining whether the client system is authorized to connect to the requested applications and resources; and
  
  in response to determining the client system has authorization to connect to the requested applications and resources;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the requested applications and resources;
  
  transmitting an identification value for the client system to the determined proxy server;
  
  transmitting the identification value to the client system; and
  
  transmitting contact information for the determined proxy server to the client system, wherein all communication between the client system and the trust broker system for the requested applications and resources passes through the proxy server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further including:
    - periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 3. The method of claim 1, wherein determining a proxy server associated with the requested server system further includes:
    - determining a specific server system associated with the requested applications and resources by examining a lookup table stored on the trust broker system.
  - 4. The method of claim 3, wherein determining a proxy server associated with the requested server system further includes:
    - determining the proxy server currently associated with the determined server system.
  - 5. The method of claim 1, wherein determining whether the client system is authorized to connect to the requested applications and resources further includes:
    - determining the identity of a user associated with the client system;
      
      determining whether the user associated with the client system is authorized to access the requested applications and resources.
  - 6. The method of claim 1, wherein the identification value transmitted to a proxy server is an encrypted value associated with the client system.

7. An electronic device for securing communication over a network, comprising:
- one or more processors;
  
  memory storing one or more programs to be executed by the one or more processors;
  
  the one or more programs comprising instructions for;
  
  receiving a request to connect to applications and resources from a client system;
  
  determining whether the client system is authorized to connect to the requested applications and resources; and
  
  in response to determining the client system has authorization to connect to the requested applications and resources;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the requested applications and resources;
  
  transmitting an identification value for the client system to the determined proxy server;
  
  transmitting the identification value to the client system; and
  
  transmitting contact information for the determined proxy server to the client system, wherein all communication between the client system and the trust broker system for the requested applications and resources passes through the proxy server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The device of claim 7, further including instructions for:
    - periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 9. The device of claim 7, wherein the instructions for determining a proxy server associated with the requested server system further include instructions for:
    - determining a specific server system associated with the requested applications and resources by examining a lookup table stored on the trust broker system.
  - 10. The device of claim 9, wherein the instructions for determining a proxy server associated with the requested server system further include instructions for:
    - determining the proxy server currently associated with the determined server system.
  - 11. The device of claim 7, wherein the instructions for determining whether the client system is authorized to connect to the requested applications and resources further include instructions for:
    - determining the identity of a user associated with the client system;
      
      determining whether the user associated with the client system is authorized to access the requested applications and resources.
  - 12. The device of claim 7, wherein the identification value transmitted to a proxy server is an encrypted value associated with the client system.

13. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device with a camera, the one or more programs comprising instructions for:
- receiving a request to connect to applications and resources from a client system;
  
  determining whether the client system is authorized to connect to the requested applications and resources; and
  
  in response to determining the client system has authorization to connect to the requested applications and resources;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the requested applications and resources;
  
  transmitting an identification value for the client system to the determined proxy server;
  
  transmitting the identification value to the client system; and
  
  transmitting contact information for the determined proxy server to the client system, wherein all communication between the client system and the trust broker system for the requested applications and resources passes through the proxy server.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable storage medium of claim 13, further including instructions for:
    - periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the instructions for determining a proxy server associated with the requested server system further include instructions for:
    - determining a specific server system associated with the requested applications and resources by examining a lookup table stored on the trust broker system.
  - 16. The non-transitory computer readable storage medium of claim 15, wherein the instructions for determining a proxy server associated with the requested server system further include instructions for:
    - determining the proxy server currently associated with the determined server system.
  - 17. The non-transitory computer readable storage medium of claim 13, wherein the instructions for determining whether the client system is authorized to connect to the requested applications and resources further include instructions for:
    - determining the identity of a user associated with the client system;
      
      determining whether the user associated with the client system is authorized to access the requested applications and resources.
  - 18. The non-transitory computer readable storage medium of claim 13, wherein the identification value transmitted to a proxy server is an encrypted value associated with the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Vidder, Inc. (Verizon Communications Inc.)
Inventors
Islam, Junaid, Bilger, Brent, Schroeder, Ted

Granted Patent

US 9,065,856 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2101/69   using geographic informatio...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/562   Brokering proxy services

Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links