Integrated security framework and privacy database scheme
First Claim
1. A method for bridging requests for access to resources between requesters in a distributed network and an authenticator servicing the distributed network for a privacy response:
- storing in a secured datastore only security and privacy information;
accessing one of a plurality of application servers within the distributed network;
initiating one or more requests through the application server, wherein the requests are for access to the privacy information on the datastore;
intercepting the request for access to the privacy information on the datastore;
identifying an IP address of the application server initiating the request;
verifying the IP address has access to the privacy information through a naming service;
where the IP address is verified, forwarding some of the requests for privacy information directly to the datastore with the privacy information and further verifying some of the requests for privacy information.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network is provided. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security, and contact information.
94 Citations
29 Claims
-
1. A method for bridging requests for access to resources between requesters in a distributed network and an authenticator servicing the distributed network for a privacy response:
-
storing in a secured datastore only security and privacy information; accessing one of a plurality of application servers within the distributed network; initiating one or more requests through the application server, wherein the requests are for access to the privacy information on the datastore; intercepting the request for access to the privacy information on the datastore; identifying an IP address of the application server initiating the request; verifying the IP address has access to the privacy information through a naming service; where the IP address is verified, forwarding some of the requests for privacy information directly to the datastore with the privacy information and further verifying some of the requests for privacy information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for bridging requests for access to resources between requesters in a distributed network and an authenticator servicing the distributed network:
-
a user accessing one of a plurality of application servers within the distributed network; initiating at least one request through executing an application on the application server in accordance with inputs of the user, wherein the request is for access to privacy information; intercepting the request for access to the privacy information; identifying an IP address of the application server requesting the access the privacy information; verifying the IP address has access to the privacy information; identifying a type of the access in the request for the privacy information as one of a plurality of types of access; identifying the application making the request; verifying the application has permission for the type of the access in the request for the privacy information; identifying identification and authorization information of the user executing the application; verifying the identity of the user based on the identification and authorization information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A security proxy framework that bridges system requests for access to resources in a distributed network, comprising:
-
one or more application servers, each configured to implement one or more applications that make requests for access to resources stored at a datastore in accordance a with inputs from one or more users, wherein the requested resource is privacy information; a security bridge configured to coupled to the one or more application servers and receive all of the requests for access to resources, to IP address of each application server making a request and identify an the application executing to make each request, and to verify using the ip address of each application server that each application server making a request has permission to access the requested resource, and that the application making a request has permission for a type of the request for the requested resource, wherein the type of the request is one of a plurality of types of requests; an authenticator server coupled to the security bridge configured to receive a portion of the requests from the security bridge to provide further verification; and the datastore coupled to the authenticator server and the security bridge and configured to receive the further verified requests from the authentication server and directly receive a remaining portion of the requests from the security bridge. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification