Securing Communication over a Network Using Dynamically Assigned Proxy Servers

US 20170187723A1
Filed: 03/10/2017
Published: 06/29/2017
Est. Priority Date: 02/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to network resources within a server system having a plurality of domains, comprising:

at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;

receiving, from a client system, a request to access network applications and resources hosted by the server system;

identifying a domain of the plurality of domains, the domain providing the requested network applications and resources;

determining whether the client system is authorized to access the domain;

identifying a particular server of the server system containing the domain;

identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and

in accordance with a determination that the client system is authorized to access the domain;

transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and

after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.

26 Citations

View as Search Results

20 Claims

1. A method for providing secure access to network resources within a server system having a plurality of domains, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
  
  receiving, from a client system, a request to access network applications and resources hosted by the server system;
  
  identifying a domain of the plurality of domains, the domain providing the requested network applications and resources;
  
  determining whether the client system is authorized to access the domain;
  
  identifying a particular server of the server system containing the domain;
  
  identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and
  
  in accordance with a determination that the client system is authorized to access the domain;
  
  transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and
  
  after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising unassigning the proxy server to the particular server and assigning a second proxy server of the plurality of potential proxy servers to the particular server.
  - 3. The method of claim 1, further comprising periodically changing a proxy server assigned to the particular server.
  - 4. The method of claim 1, wherein determining whether the client system is authorized to access the domain comprises:
    - determining the identity of the user associated with the client system;
      
      retrieving stored permissions of the user associated with the client system; and
      
      determining whether the client system is authorized to access the domain based on the retrieved permissions.
  - 5. The method of claim 1, wherein identifying the proxy server assigned to the particular server system includes examining a lookup table for the plurality of domains, the lookup table stored at the trust broker system.
  - 6. The method of claim 1, wherein the determination of whether the client system is authorized to access the first virtual domain is based on a geographical location of the client system.
  - 7. The method of claim 1, wherein the determination of whether the client system is authorized to access the first virtual domain is based on an integrity check of the client system.

8. A trust broker system, comprising:
- one or more processors;
  
  memory storing one or more programs to be executed by the one or more processors;
  
  the one or more programs comprising instructions for;
  
  receiving, from a client system, a request to access network applications and resources hosted by a server system;
  
  identifying a domain of a plurality of domains within the server system, the domain providing the requested network applications and resources;
  
  determining whether the client system is authorized to access the domain;
  
  identifying a particular server of the server system containing the domain;
  
  identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and
  
  in accordance with a determination that the client system is authorized to access the domain;
  
  transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and
  
  after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The trust broker system of claim 8, wherein the one or more programs further comprise instructions for unassigning the proxy server to the particular server and assigning a second proxy server of the plurality of potential proxy servers to the particular server.
  - 10. The trust broker system of claim 8, wherein the one or more programs further comprise instructions for periodically changing a proxy server assigned to the particular server.
  - 11. The trust broker system of claim 8, wherein determining whether the client system is authorized to access the domain comprises:
    - determining the identity of the user associated with the client system;
      
      retrieving stored permissions of the user associated with the client system; and
      
      determining whether the client system is authorized to access the domain based on the retrieved permissions.
  - 12. The trust broker system of claim 8, wherein identifying the proxy server assigned to the particular server system includes examining a lookup table for the plurality of domains, the lookup table stored at the trust broker system.
  - 13. The trust broker system of claim 8, wherein the determination of whether the client system is authorized to access the first virtual domain is based on a geographical location of the client system.
  - 14. The trust broker system of claim 8, wherein the determination of whether the client system is authorized to access the first virtual domain is based on an integrity check of the client system.

15. A non-transitory computer-readable storage medium storing one or more programs configured for execution by a trust broker system, the one or more programs comprising instructions for:
- receiving, from a client system, a request to access network applications and resources hosted by a server system;
  
  identifying a domain of a plurality of domains within the server system, the domain providing the requested network applications and resources;
  
  determining whether the client system is authorized to access the domain;
  
  identifying a particular server of the server system containing the domain;
  
  identifying from a plurality of potential proxy servers a proxy server currently assigned to the particular server; and
  
  in accordance with a determination that the client system is authorized to access the domain;
  
  transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and
  
  after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the one or more programs further comprise instructions for unassigning the proxy server to the particular server and assigning a second proxy server of the plurality of potential proxy servers to the particular server.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the one or more programs further comprise instructions for periodically changing a proxy server assigned to the particular server.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein determining whether the client system is authorized to access the domain comprises:
    - determining the identity of the user associated with the client system;
      
      retrieving stored permissions of the user associated with the client system; and
      
      determining whether the client system is authorized to access the domain based on the retrieved permissions.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein identifying the proxy server assigned to the particular server system includes examining a lookup table for the plurality of domains, the lookup table stored at the trust broker system.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the determination of whether the client system is authorized to access the first virtual domain is based on an integrity check of the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Vidder, Inc. (Verizon Communications Inc.)
Inventors
Islam, Junaid, Bilger, Brent, Schroeder, Ted

Granted Patent

US 10,652,226 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2101/69   using geographic informatio...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/562   Brokering proxy services

Securing Communication over a Network Using Dynamically Assigned Proxy Servers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing Communication over a Network Using Dynamically Assigned Proxy Servers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links