Apparatus and method for providing trusted network security
First Claim
1. A system for performing a request, comprising:
- means for storing key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
means for processing an original URL request and key from a requester to form a network request, said key stored at a client browser using a cookie;
means for transferring the network request to a trusted network;
means for processing the network request to extract the key and original URL request if the request was processed by the means for processing a request and key; and
means for performing the original URL request if the key and key expiration criteria are valid.
3 Assignments
0 Petitions
Accused Products
Abstract
A session key is established for accessing a trusted network from a browser. An authentication process receives identification information from a user at the browser, and authenticates the user by checking the identification information against an authentication database. If the authentication database authenticates the user, a session key is created and stored at the browser. If the user is authenticated, a user profile defining access rights for the user is also retrieved. The user is then presented with access options based on the access rights defined in the user profile. In response to a user selection from the access page, the browser forwards an information request to the trusted network. The request includes a session key. A speaker object processes the information request and session key to form a network request packet. The network request packet is formed in a manner that allows authentication of the speaker object. The session packet is forwarded to a trusted network and processed. The packet is first authenticated to determine if it originated from the speaker object, and then the key is checked for validity at the trusted server. If the key is valid, the information request is processed and the information is returned to the user for display on the browser.
444 Citations
36 Claims
-
1. A system for performing a request, comprising:
-
means for storing key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
means for processing an original URL request and key from a requester to form a network request, said key stored at a client browser using a cookie;
means for transferring the network request to a trusted network;
means for processing the network request to extract the key and original URL request if the request was processed by the means for processing a request and key; and
means for performing the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (2, 3, 4, 5)
means for including in the network request information identifying the means for transferring.
-
-
3. The system according to claim 1, wherein the means for processing comprises:
means for signing information to form the network request.
-
4. The system according to claim 1, further comprising:
-
means for storing key information based on authentication of requester identification information; and
means for determining validity of the key based on the key information.
-
-
5. The system according to claim 1, wherein the means for performing the original URL request comprises:
means for accessing a trusted network resource to perform the original URL request.
-
6. A method for performing a request, comprising:
-
storing key information based on authentication of requester identification information, wherein the key information includes a key and key expiration criteria;
forwarding said key to said requester using a cookie;
processing an original URL request and key from the requester to form a network request;
transferring the network request to a trusted network;
processing the network request to extract the key and original URL request if the request was processed in the step of processing an original URL request and key; and
performing the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (7, 8, 9, 10)
including intermediate transferor information in the network request.
-
-
8. The method according to claim 6, wherein the step of processing an original URL request and key includes the substep of:
signing information to form the network request.
-
9. The method according to claim 6, further including the steps of :
-
storing key information based on authentication of requester identification information; and
determining validity of the key based on the key information.
-
-
10. The method according to claim 6, wherein the step of performing the original URL request comprises:
accessing a trusted network resource to perform the original URL request.
-
11. A computer program product comprising:
-
a computer usable medium having computer readable code embodied therein for performing a request, the computer usable medium comprising;
a key information storage module configured to store key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
a first transferring module configured to transfer a cookie containing said key to a requester;
a processing module configured to process an original URL request and key from the requester to form a network request;
a second transferring module configured to transfer the network request to a trusted network;
a processing module configured to process the network request to extract the key and original URL request if the request was processed by the means for processing a request and key; and
a performing module configured to perform the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (12, 13, 14, 15)
an including module configured to include in the network request information identifying the means for transferring.
-
-
13. The computer program product of claim 11, wherein the processing module configured to process an original URL request and key comprises:
a signing module for signing information to form the network request.
-
14. The computer program product of claim 11, further comprising:
-
a storing module configured to store key information based on authentication of requester identification information; and
a determining module configured to determine validity of the key based on the key information.
-
-
15. The computer program product of claim 11, wherein the performing module comprises:
an accessing module configured to access a trusted network resource to perform the original URL request.
-
16. A system for providing access to a resource, comprising:
-
means for storing key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
a cookie containing the key, said cookie forwarded to a requestor;
means for receiving an original URL request and the key from the requester;
means for processing the original URL request and the key from the requester to form a network request;
means for transferring the network request to a trusted network;
means for processing the network request to extract the key if the network request was processed by the means for processing the original URL request and the key; and
means for performing the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (17, 18, 19, 20, 21, 22)
means for authenticating requester identification information; and
means for creating the key in response to authentication of requester identification information.
-
-
18. The system according to claim 16, further comprising:
-
means for authenticating requester information; and
means for forwarding requester access profile information based on the authentication.
-
-
19. The system according to claim 16, further comprising:
-
means for receiving user access profile information;
means for creating display information having user access options based on the user access profile information; and
means for forwarding the display information to the requester.
-
-
20. The system according the claim 16, further comprising:
means for consulting the means for storing a key to determine validity of the extracted key.
-
21. The system according to claim 16,
wherein the means for processing the original URL request and the key comprises means for including information identifying the means for transferring; - and
wherein the means for processing the network request comprises means for determining if the information identifying the means for transferring matches predetermined criteria.
- and
-
22. The system according to claim 16
wherein the means for processing the original URL request and the key comprises means for signing first information to form the network request; - and
wherein the means for processing the network request comprises means for verifying the network request to derive the first information.
- and
-
23. A method for providing access to a resource, comprising:
-
storing key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
forwarding a cookie to a requester, said cookie containing said key;
receiving an original URL request and the key from the requester;
processing the original URL request and the key from the requester to form a network request;
transferring the network request to a trusted network;
processing the network request to extract the key if the network request was processed by the step of processing the original URL request and the key; and
performing the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (24, 25, 26, 27, 28, 29)
authenticating requester identification information; and
creating the key in response to authentication of requester identification information.
-
-
25. The method according to claim 23, further including the steps of:
-
authenticating requester information; and
forwarding requester access profile information based on the authentication.
-
-
26. The method according to claim 23, further including the steps of:
-
receiving user access profile information;
creating display information having user access options based on the user access profile information; and
forwarding the display information to the requester.
-
-
27. The method according the claim 23, further including the step of:
determining validity of the extracted key.
-
28. The method according to claim 23,
wherein the step of processing the original URL request and the key includes a substep of including information identifying a means for transferring the network request; - and
wherein the step of processing the network request includes a substep of determining if the information identifying a means for transferring matches predetermined criteria.
- and
-
29. The method according to claim 23,
wherein the step of processing the original URL request and the key includes a substep of signing first information to form the network request; - and
wherein the step of processing the network request includes a substep of verifying the network request to derive the first information.
- and
-
30. A computer program product comprising:
-
a computer usable medium having computer readable code embodied therein for providing access to a resource, the computer usable medium comprising;
a storing module configured to store key information based on authentication of requestor identification information, wherein the key information includes a key and key expiration criteria;
a forwarding module configured to forward a cookie to the requester, said cookie containing said key;
a receiving module configured to receive an original URL request and the key from the requester;
a processing module configured to process the original URL request and the key from the requester to form a network request;
a transferring module configured to transfer the network request to a trusted network;
a processing module configured to process the network request to extract the key if the network request was processed by the step of processing the original URL request and the key; and
a performing module configured to perform the original URL request if the key and key expiration criteria are valid. - View Dependent Claims (31, 32, 33, 34, 35, 36)
an authenticating module configured to authenticate requester identification information; and
a creating module configured to create the key in response to authentication of requester identification information.
-
-
32. The computer program product according to claim 30, further comprising:
-
an authenticating module configured to authenticate requester information; and
a forwarding module configured to forward requester access profile information based on the authentication.
-
-
33. The computer program product of claim 30, further comprising:
-
a receiving module configured to receive user access profile information;
a creating module configured to display information having user access options based on the user access profile information; and
a forwarding module configured to forward the display information to the requester.
-
-
34. The computer program product of claim 30, further comprising:
a consulting module configured to consult the storing module configured to store a key to determine validity of the extracted key.
-
35. The computer program product of claim 30,
wherein the processing module configured to process the original URL request and the key comprises an including module configured to include information in the network request identifying the transferring module; - and
wherein the processing module configured to process the network request comprises a determining module configured to determine if the information identifying a means for transferring matches predetermined criteria.
- and
-
36. The computer program product according to claim 30, wherein the processing module configured to process the original URL request and the key comprises an encryption module configured to sign first information to form the network request;
- and
wherein the processing module configured to process the network request comprises a decryption module configured to verify the network request to derive the first information.
- and
Specification