System and method for enabling secure access to services in a computer network
First Claim
Patent Images
1. A system on a server computer system, comprising:
- a communications engine configured to establish a communications link with a client;
a security services engine coupled to the communications engine configured to present to the client a plurality of user authentication protocol options, each user authentication protocol option having a particular level of authentication associated with it to authenticate a user according to at least one user authentication protocol and to determine user privileges based on the identity of the user and the level of authentication;
a web server engine configured to present a set of available services based on the user privileges, at least one of the available services requiring additional authentication information to be provided before access to the service is granted to enable the client to select a particular service from the set of available services;
a host engine coupled to the security services engine and to the web server configured to provide to the client executable service communication code that enables communication with the particular service; and
a keysafe configured to store keys, each key for enabling communication between the client and service selected from the set of available services and including all additional authentication information required by the selected service for authenticating the user to the selected service, the executable service communication code functioning to retrieve a key corresponding to the particular service from the keysafe upon execution of the code.
10 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
A global server includes a communications engine for establishing a communications link with a client; security means coupled to the communications engine for determining client privileges; a servlet host engine coupled to the security means for providing to the client, based on the client privileges, an applet which enables I/O with a secured service; and a keysafe for storing a key which enables access to the secured service. The global server may be coupled to multiple sites, wherein each site provides multiple services. Each site may be protected by a firewall. Accordingly, the global server stores the keys for enabling communication via the firewalls with the services.
-
Citations
25 Claims
-
1. A system on a server computer system, comprising:
-
a communications engine configured to establish a communications link with a client; a security services engine coupled to the communications engine configured to present to the client a plurality of user authentication protocol options, each user authentication protocol option having a particular level of authentication associated with it to authenticate a user according to at least one user authentication protocol and to determine user privileges based on the identity of the user and the level of authentication; a web server engine configured to present a set of available services based on the user privileges, at least one of the available services requiring additional authentication information to be provided before access to the service is granted to enable the client to select a particular service from the set of available services; a host engine coupled to the security services engine and to the web server configured to provide to the client executable service communication code that enables communication with the particular service; and a keysafe configured to store keys, each key for enabling communication between the client and service selected from the set of available services and including all additional authentication information required by the selected service for authenticating the user to the selected service, the executable service communication code functioning to retrieve a key corresponding to the particular service from the keysafe upon execution of the code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
establishing a communications link with a client; presenting to the client a plurality of user authentication protocol options, each user authentication protocol option having a particular level of authentication associated with it; authenticating the user according to at least one user authentication protocol option;
determining user privileges based on the identity of a user and the level of authentication;presenting a set of available services based on the user privileges, at least one of the available services requiring additional authentication information to be provided before access to the service is granted; enabling the client to select a particular service from a set of available services; providing to the client executable service communication code that enables communication with the particular service; and retrieving a key from a set of keys, each key corresponding to a respective service from the set of available services, the retrieved key for enabling communication between the client and the particular service selected and including all additional authentication information required by the selected service for authenticating the user to the selected service, the executable service communication code functioning to retrieve a key corresponding to the particular service fromthe keysaft upon execution of the code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system on a server computer system, comprising:
-
means for establishing a communications link with a client; means for presenting the client a plurality of user authentication protocol options, each user authentication protocol option having a particular level of authentication; means for authenticating a user according to at least one user authentication protocol; means for determining user privileges based on the identity of the user and the level of authentication; means for presenting a set of available services based on the user privileges, at least one of the available services requiring additional authentication information to be provided before granting access to the service; means for enabling the client to select a particular service from a set of available services; means for providing to the client executable service communicaiton code that enables communication with the particular service; and means for retrieving a key from a set of keys, each key corresponding to a respective service from the set of available services, the retrieved key for enabling communication between the client and the particular service selected and including all additional authentication information required by the selected service for authenticating the user to the selected service, the executable service communication code functioning to retrieve a key corresponding to the particular service selected from the keysafe upon execution of the code.
-
Specification