Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers
First Claim
1. A method for providing secure access to network resources, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors, wherein the trust broker system enables a client system to connect to a server system through a secure communication session;
receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system;
locating a first virtual domain of a plurality of virtual domains, wherein;
each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and
the first virtual domain provides the requested network applications and resources;
determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;
in response to a determination that the client system is authorized to access the first virtual domain;
determining, from a plurality of potential proxy servers, a proxy server associated with the server system;
transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.
9 Citations
18 Claims
-
1. A method for providing secure access to network resources, comprising:
at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors, wherein the trust broker system enables a client system to connect to a server system through a secure communication session; receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; in response to a determination that the client system is authorized to access the first virtual domain; determining, from a plurality of potential proxy servers, a proxy server associated with the server system; transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. An electronic device for providing secure access to network resources, wherein the electronic device comprises a trust broker system which enables a client system to connect to a server system through a secure communication session, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; in response to a determination that the client system is authorized to access the first virtual domain; determining, from a plurality of potential proxy servers, a proxy server associated with the server system; transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device, wherein the electronic device comprises a trust broker system which enables a client system to connect to a server system through a secure communication session, the one or more programs comprising instructions for:
-
receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; in response to a determination that the client system is authorized to access the first virtual domain; determining, from a plurality of potential proxy servers, a proxy server associated with the server system; transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification