Secure server architecture for web based data management
First Claim
1. A system for securing an enterprise communications network, comprising:
- a first firewall for accepting a service request from a client and permitting access to one or more first preselected addresses in compliance with a first set of filtering rules;
a secure web server, located at one of the first preselected addresses, for establishing a session with the client and receiving the service request via the first firewall, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server;
a second firewall in communication with the secure web server for accepting the service request from the secure web server and permitting access to one or more second preselected addresses in compliance with a second set of filtering rules; and
a dispatcher server, located at one of the second preselected addresses, for receiving the secure request via the second firewall and, in response, dispatching the service request to a proxy service for applying system resources of the enterprise communication network responsive to the service request.
7 Assignments
0 Petitions
Accused Products
Abstract
A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems.
314 Citations
4 Claims
-
1. A system for securing an enterprise communications network, comprising:
-
a first firewall for accepting a service request from a client and permitting access to one or more first preselected addresses in compliance with a first set of filtering rules;
a secure web server, located at one of the first preselected addresses, for establishing a session with the client and receiving the service request via the first firewall, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server;
a second firewall in communication with the secure web server for accepting the service request from the secure web server and permitting access to one or more second preselected addresses in compliance with a second set of filtering rules; and
a dispatcher server, located at one of the second preselected addresses, for receiving the secure request via the second firewall and, in response, dispatching the service request to a proxy service for applying system resources of the enterprise communication network responsive to the service request. - View Dependent Claims (2)
-
-
3. A method for securing an enterprise communications network, comprising:
-
establishing a session with a client in response to receiving a service request from the client via a first firewall permitting access in compliance with a first set of filtering rules, wherein said session is associated with a session identifier encapsulated in a cookie that is generated from a separate server; and
dispatching the service request to a proxy service for applying system resources of the enterprise communication network in response to receiving to the service request via a second firewall permitting access in compliance with a second set of filtering rules. - View Dependent Claims (4)
-
Specification