Secure server architecture for web based data management
First Claim
1. A system for securing an enterprise communications network, comprising:
- a first firewall for accepting a service request from a client and permitting access to one or more first preselected addresses in compliance with a first set of filtering rules;
a secure web server, located at one of the first preselected addresses, for establishing a session with the client and receiving the service request via the first firewall, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server;
a second firewall in communication with the secure web server for accepting the service request from the secure web server and permitting access to one or more second preselected addresses in compliance with a second set of filtering rules; and
a dispatcher server, located at one of the second preselected addresses, for receiving the secure request via the second firewall and, in response, dispatching the service request to a proxy service for applying system resources of the enterprise communication network responsive to the service request.
7 Assignments
0 Petitions
Accused Products
Abstract
A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems.
314 Citations
4 Claims
-
1. A system for securing an enterprise communications network, comprising:
-
a first firewall for accepting a service request from a client and permitting access to one or more first preselected addresses in compliance with a first set of filtering rules;
a secure web server, located at one of the first preselected addresses, for establishing a session with the client and receiving the service request via the first firewall, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server;
a second firewall in communication with the secure web server for accepting the service request from the secure web server and permitting access to one or more second preselected addresses in compliance with a second set of filtering rules; and
a dispatcher server, located at one of the second preselected addresses, for receiving the secure request via the second firewall and, in response, dispatching the service request to a proxy service for applying system resources of the enterprise communication network responsive to the service request. - View Dependent Claims (2)
-
-
3. A method for securing an enterprise communications network, comprising:
-
establishing a session with a client in response to receiving a service request from the client via a first firewall permitting access in compliance with a first set of filtering rules, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server; and
dispatching the service request to a proxy service for applying system resources of the enterprise communication network in response to receiving to the service request via a second firewall permitting access in compliance with a second set of filtering rules. - View Dependent Claims (4)
-
Specification
-
- Resources
-
Current AssigneeVerizon Patent and Licensing Incorporated (Verizon Communications Inc.)
-
Original AssigneeMCI Incorporated (Verizon Communications Inc.)
-
InventorsShoulberg, Richard W, Shifrin, Gerald A, Devine, Carol Y
-
Primary Examiner(s)Arani, Taghi T.
-
Application NumberUS10/409,375Publication NumberTime in Patent Office1,267 DaysField of Search213/152, 213/201, 213/159, 213/182, 709/223, 709/224, 709/228, 380/49, 707/10US Class Current713/152CPC Class CodesG06F 11/0709 in a distributed system con...G06F 11/0757 by exceeding a time limit, ...G06F 11/0769 Readable error formats, e.g...G06F 11/0775 Content or structure detail...G06F 11/0781 Error filtering or prioriti...G06F 11/0784 Routing of error reports, e...G06F 11/202 where processing functional...G06F 11/32 with visual or acoustical i...G06F 11/324 Display of status informationG06F 11/327 Alarm or error message displayG06F 11/328 Computer systems status dis...G06F 11/3495 for systemsG06F 16/972 Access to data in other rep...G06F 21/00 Security arrangements for p...G06F 21/41 where a single sign-on prov...G06F 21/552 involving long-term monitor...G06F 2201/81 ThresholdG06F 2201/86 Event-based monitoringG06F 2201/875 Monitoring of systems inclu...G06F 2221/2137 Time limited access, e.g. t...View All
