Method and system for authenticating and authorizing requestors interacting with content servers

US 7,114,180 B1
Filed: 07/16/2002
Issued: 09/26/2006
Est. Priority Date: 07/16/2002
Status: Active Grant

First Claim

Patent Images

1. A method for distributing secure access to a content server over a network, comprising:

(a) receiving at an intermediate device a message from an upstream device, wherein the message includes a request from a sender for access to the content server;

(b) enabling authentication of the upstream device; and

(c) if the intermediate device is authorized to make decisions as to which sender is enabled to access the content server, determining whether the sender has authority to access the content server as requested in the request;

otherwise, forwarding the message towards the content server with an indication that the intermediate device authenticated the upstream device, wherein a downstream device of the upstream device determines whether the intermediate device had authority to authenticate the upstream device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating and authorizing requesters interacting with content servers. A message including a request is forwarded from an upstream device and received by an intermediate device. The intermediate device authenticates the upstream device. Then, if the intermediate device is authorized to make decisions as to which sender may access the content server, the intermediate device determines whether the sender of the message has authority to access the content server as requested in the request. Otherwise, the message is forwarded towards the content server with an indication that the intermediate device authenticated the upstream device.

Citations

26 Claims

1. A method for distributing secure access to a content server over a network, comprising:
- (a) receiving at an intermediate device a message from an upstream device, wherein the message includes a request from a sender for access to the content server;
  
  (b) enabling authentication of the upstream device; and
  
  (c) if the intermediate device is authorized to make decisions as to which sender is enabled to access the content server, determining whether the sender has authority to access the content server as requested in the request;
  
  otherwise, forwarding the message towards the content server with an indication that the intermediate device authenticated the upstream device, wherein a downstream device of the upstream device determines whether the intermediate device had authority to authenticate the upstream device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising:
    - if the intermediate device is unable to authenticate the upstream device for the message directed to the content server, discarding the message.
  - 3. The method of claim 2, further comprising placing information associated with the message into a log file.
  - 4. The method of claim 1, further comprising:
    - (a) receiving the message at the content server; and
      
      (b) determining, by the content server, whether the sender has authority to access the content server.
  - 5. The method of claim 1, further comprising:
    - (a) modifying the message to indicate that the request is to be treated by any downstream devices as if requested by the intermediate device;
      
      (b) forwarding the message towards the content server;
      
      (c) receiving the message at the content server; and
      
      (d) determining whether the intermediate device has authority to access the content server as requested in the request.
  - 6. The method of claim 1, wherein the upstream device is the sender.
  - 7. The method of claim 1, wherein authenticating is performed by employing at least one of a digital signature and a public key/private key encryption algorithm.
  - 8. The system of claim 7, wherein the public key/private key encryption algorithm employs at least one of Rivest-Shamir-Adelman (RSA) and Pretty Good Privacy (PGP).
  - 9. The method of claim 1, wherein the intermediate device has authority to authenticate the upstream device but does not have authority to determine which senders have authority to access the content server as requested in the request.
  - 10. The method of claim 1, wherein the intermediate device has authority to authenticate the upstream device and authority to determine which senders have authority to access the content server as requested in the request.
  - 11. The method of claim 1, wherein a data store is employed to determine whether another device may access the content server.
  - 12. The method of claim 11, wherein the data store is a database distributed across several devices.
  - 13. The method of claim 1, wherein a single data store is employed by multiple devices to perform at least one of authenticating and authorizing at least one sender.
  - 14. The method of claim 1, wherein the content server alone determines which senders have authority to access it.
  - 15. The method of claim 1, wherein a downstream device through which the message passes on its way to the content server determines whether the sender may access the content server as requested in the request.
  - 16. The method of claim 1, wherein the downstream device authenticates the intermediate device.
  - 17. The method of claim 16, wherein if the intermediate device is authentic, the downstream device sends the message to the content server with an indication that the downstream device authenticated the intermediate device.
  - 18. The method of claim 16, wherein if the intermediate device is authentic, the downstream device determines whether the sender has authority to access the content server as requested in the request.

19. An apparatus for distributing secure access to a content server over a network, comprising:
- (a) an interface that receives a message from an upstream device, wherein the message includes a request from a sender for access to the content server; and
  
  (b) circuitry coupled to the interface, the circuitry configured to performs actions, comprising;
  
  (i) enabling authentication of the upstream device, wherein a downstream device of the upstream device determines whether an intermediate device had authority to facilitate authentication of the upstream device; and
  
  (ii) if the apparatus is authorized to make decisions as to which senders may access the content server, determining whether the sender has authority to access the content server as requested in the request;
  
  otherwise, forwarding the message towards the content server and indicating that the apparatus authenticated the upstream device.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The apparatus of claim 19, wherein the circuitry is configured to perform further actions, comprising:
    - if the apparatus is unable to authenticate the upstream device for the message directed to the content server, discarding the message.
  - 21. The apparatus of claim 19, wherein the circuitry is disposed on at least one blade.
  - 22. The apparatus of claim 19, wherein the circuitry includes at least one processor.
  - 23. The apparatus of claim 19, wherein the circuitry is configured to perform further actions, comprising:
    - (a) modifying the message to indicate that the apparatus is making the request;
      
      (b) forwarding the message towards the content server.

24. A system for distributing secure access to a content server over a network, comprising:
- (a) a sender configured to send a message including a request to access a content server; and
  
  (b) an apparatus configured to enable authentication of the sender by determining whether a sender is provided access to the content server based in part on another determination by a downstream device of the upstream device as to whether an intermediate device had the authority to authenticate the sender, and to send another request to the content server if the apparatus determines that the sender is provided access, wherein the other request indicates that the apparatus is requesting access to the content server.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein the sender is a content distributor configured to update content on a plurality of content servers that includes at least the content server.

26. An apparatus for distributing secure access to a content server over a network, comprising:
- (a) means for receiving a message from an upstream device, wherein the message includes a request from a sender for access to the content server;
  
  (b) means for performing actions, the actions comprising;
  
  (i) authenticating the upstream device; and
  
  if the apparatus is authorized to makes decision as to which senders may access the content server, determining whether the sender has authority to access the content server as requested in the request;
  
  otherwise, forwarding the message towards the content server and indicating to a device to which the message is forwarded that the apparatus authenticated the upstream device, wherein a downstream device of the upstream device determines whether the intermediate device had authority to authenticate the upstream device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
DeCaprio, Donald Joseph
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
Sandoval, Kristin D.

Application Number

US10/198,434
Time in Patent Office

1,533 Days
Field of Search

None
US Class Current

726/18
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06F 2221/2151   Time stamp

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 9/321   involving a third party or ...

H04L 9/3249   using RSA or related signat...

Method and system for authenticating and authorizing requestors interacting with content servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating and authorizing requestors interacting with content servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links