Securing Organizational Computing Assets over a Network Using Virtual Domains
First Claim
1. A method for securing communication over a network, comprising:
- at a server system having one or more processors and memory storing one or more programs for execution by the one or more processors;
storing encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session;
creating a plurality of virtual domains;
each virtual domain representing a set of services and information distinct from the other virtual domains;
storing permissions associated with each respective client system in the plurality of client system;
wherein the stored permissions indicate the virtual domains accessible to the respective client systems;
receiving a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain;
retrieving stored permissions of the first client system based on the encrypted identifying information; and
determining, based on the stored permissions associated with the first client system, whether the first client system is permitted to access the requested first virtual domain.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information. The electronic device determines whether the first client system is permitted to access the requested first virtual domain.
-
Citations
20 Claims
-
1. A method for securing communication over a network, comprising:
at a server system having one or more processors and memory storing one or more programs for execution by the one or more processors; storing encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session; creating a plurality of virtual domains;
each virtual domain representing a set of services and information distinct from the other virtual domains;storing permissions associated with each respective client system in the plurality of client system;
wherein the stored permissions indicate the virtual domains accessible to the respective client systems;receiving a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain; retrieving stored permissions of the first client system based on the encrypted identifying information; and determining, based on the stored permissions associated with the first client system, whether the first client system is permitted to access the requested first virtual domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. An electronic device for securing communication over a network, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; storing encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session; creating a plurality of virtual domains;
each virtual domain representing a set of services and information distinct from the other virtual domains;storing permissions associated with each respective client system in the plurality of client system;
wherein the stored permissions indicate the virtual domains accessible to the respective client systems;receiving a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain; retrieving stored permissions of the first client system based on the encrypted identifying information; and determining, based on the stored permissions associated with the first client system, whether the first client system is permitted to access the requested first virtual domain. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device with a camera, the one or more programs comprising instructions for:
at a server system having one or more processors and memory storing one or more programs for execution by the one or more processors; storing encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session; creating a plurality of virtual domains;
each virtual domain representing a set of services and information distinct from the other virtual domains;storing permissions associated with each respective client system in the plurality of client system;
wherein the stored permissions indicate the virtual domains accessible to the respective client systems;receiving a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain; retrieving stored permissions of the first client system based on the encrypted identifying information; and determining, based on the stored permissions associated with the first client system, whether the first client system is permitted to access the requested first virtual domain. - View Dependent Claims (16, 17, 18, 19, 20)
Specification