Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

US 20160028694A1
Filed: 06/23/2015
Published: 01/28/2016
Est. Priority Date: 02/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to network resources, comprising:

at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors, wherein the trust broker system enables a client system to connect to a server system through a secure communication session;

receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system;

locating a first virtual domain of a plurality of virtual domains, wherein;

each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and

the first virtual domain provides the requested network applications and resources;

determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;

in response to a determination that the client system is authorized to access the first virtual domain;

determining, from a plurality of potential proxy servers, a proxy server associated with the server system;

transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.

9 Citations

18 Claims

1. A method for providing secure access to network resources, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors, wherein the trust broker system enables a client system to connect to a server system through a secure communication session;
  
  receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system;
  
  locating a first virtual domain of a plurality of virtual domains, wherein;
  
  each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and
  
  the first virtual domain provides the requested network applications and resources;
  
  determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;
  
  in response to a determination that the client system is authorized to access the first virtual domain;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the server system;
  
  transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 3. The method of claim 1, wherein determining whether the client system is authorized to access the first virtual domain comprises:
    - determining the identity of the user associated with the client system; and
      
      retrieving stored permissions of the user associated with the client system.
  - 4. The method of claim 1, wherein determining a proxy server associated with the server system further includes:
    - determining the specific server system associated with the requested network applications and resources by examining a lookup table stored on the trust broker system.
  - 5. The method of claim 4, wherein determining a proxy server associated with the server system further includes:
    - determining a proxy server currently associated with the determined server system.
  - 6. The method of claim 1, further comprising, in response to the determination that the client system is authorized to access the first virtual domain, and prior to transmitting the contact information to the client system:
    - transmitting an identification value for the client system to the determined proxy server, wherein the identification value is an encrypted value identifying the client system; and
      
      transmitting the identification value to the client system.

7. An electronic device for providing secure access to network resources, wherein the electronic device comprises a trust broker system which enables a client system to connect to a server system through a secure communication session, comprising:
- one or more processors;
  
  memory storing one or more programs to be executed by the one or more processors;
  
  the one or more programs comprising instructions for;
  
  receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system;
  
  locating a first virtual domain of a plurality of virtual domains, wherein;
  
  each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and
  
  the first virtual domain provides the requested network applications and resources;
  
  determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;
  
  in response to a determination that the client system is authorized to access the first virtual domain;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the server system;
  
  transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The device of claim 7, further comprising instructions for periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 9. The device of claim 7, wherein determining whether the client system is authorized to access the first virtual domain comprises:
    - determining the identity of the user associated with the client system; and
      
      retrieving stored permissions of the user associated with the client system.
  - 10. The device of claim 7, wherein determining a proxy server associated with the server system further includes:
    - determining the specific server system associated with the requested network applications and resources by examining a lookup table stored on the trust broker system.
  - 11. The device of claim 10, wherein determining a proxy server associated with the server system further includes:
    - determining a proxy server currently associated with the determined server system.
  - 12. The device of claim 7, further comprising instructions for, in response to the determination that the client system is authorized to access the first virtual domain, and prior to transmitting the contact information to the client system:
    - transmitting an identification value for the client system to the determined proxy server, wherein the identification value is an encrypted value identifying the client system; and
      
      transmitting the identification value to the client system.

13. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device, wherein the electronic device comprises a trust broker system which enables a client system to connect to a server system through a secure communication session, the one or more programs comprising instructions for:
- receiving, from the client system, a request to access network applications and resources associated with and hosted by the server system;
  
  locating a first virtual domain of a plurality of virtual domains, wherein;
  
  each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and
  
  the first virtual domain provides the requested network applications and resources;
  
  determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;
  
  in response to a determination that the client system is authorized to access the first virtual domain;
  
  determining, from a plurality of potential proxy servers, a proxy server associated with the server system;
  
  transmitting, to the client system, contact information for connecting to the determined proxy server to access the requested network applications and resources provided by the first virtual domain.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable storage medium of claim 13, further comprising instructions for periodically changing the proxy server associated with each server system associated with the trust broker system.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein determining whether the client system is authorized to access the first virtual domain comprises:
    - determining the identity of the user associated with the client system; and
      
      retrieving stored permissions of the user associated with the client system.
  - 16. The non-transitory computer readable storage medium of claim 13, wherein determining a proxy server associated with the server system further includes:
    - determining the specific server system associated with the requested network applications and resources by examining a lookup table stored on the trust broker system.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein determining a proxy server associated with the server system further includes:
    - determining a proxy server currently associated with the determined server system.
  - 18. The non-transitory computer readable storage medium of claim 13, further comprising instructions for, in response to the determination that the client system is authorized to access the first virtual domain, and prior to transmitting the contact information to the client system:
    - transmitting an identification value for the client system to the determined proxy server, wherein the identification value is an encrypted value identifying the client system; and
      
      transmitting the identification value to the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Vidder, Inc. (Verizon Communications Inc.)
Inventors
Islam, Junaid, Bilger, Brent, Schroeder, Ted

Granted Patent

US 9,648,044 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2101/69   using geographic informatio...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/562   Brokering proxy services

Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Securing Communication over a Network Using Client System Authorization and Dynamically Assigned Proxy Servers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others