Securing Communication over a Network Using Dynamically Assigned Proxy Servers
First Claim
1. A method for providing secure access to network resources within a server system having a plurality of domains, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
receiving, from a client system, a request to access network applications and resources hosted by the server system;
identifying a domain of the plurality of domains, the domain providing the requested network applications and resources;
determining whether the client system is authorized to access the domain;
identifying a particular server of the server system containing the domain;
identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and
in accordance with a determination that the client system is authorized to access the domain;
transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and
after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources.
3 Assignments
0 Petitions
Accused Products
Abstract
The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.
26 Citations
20 Claims
-
1. A method for providing secure access to network resources within a server system having a plurality of domains, comprising:
at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors; receiving, from a client system, a request to access network applications and resources hosted by the server system; identifying a domain of the plurality of domains, the domain providing the requested network applications and resources; determining whether the client system is authorized to access the domain; identifying a particular server of the server system containing the domain; identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and in accordance with a determination that the client system is authorized to access the domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A trust broker system, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; receiving, from a client system, a request to access network applications and resources hosted by a server system; identifying a domain of a plurality of domains within the server system, the domain providing the requested network applications and resources; determining whether the client system is authorized to access the domain; identifying a particular server of the server system containing the domain; identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and in accordance with a determination that the client system is authorized to access the domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium storing one or more programs configured for execution by a trust broker system, the one or more programs comprising instructions for:
-
receiving, from a client system, a request to access network applications and resources hosted by a server system; identifying a domain of a plurality of domains within the server system, the domain providing the requested network applications and resources; determining whether the client system is authorized to access the domain; identifying a particular server of the server system containing the domain; identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and in accordance with a determination that the client system is authorized to access the domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification