Security framework bridge
First Claim
1. A method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network:
- initiating a request for access to a resource through an application on a requestor in accordance with a request from a user, wherein the requestor has an IP address;
intercepting the request for access to the resource;
identifying the IP address of the requestor;
verifying the requestor is allowed to initiate requests based on the IP address;
identifying a type of the request for access to the resource as one of a plurality of types of requests;
identifying the application initiating the request for access to the resource;
verifying the application is an application that the requestor is allowed to use;
verifying the type of the request is a type of request that the application has permission to initiate; and
forwarding the request for access to the resource to the authenticator based on successfully verifying the requestor, verifying the application, and verifying the type of the request, wherein the authenticator verifies the identity of the user and authorizes the request for access to the resource based on successfully verifying the identity of the user.
6 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure is a method for bridging requests for access to resources between requesters in a distributed network and an authenticator servicing the distributed network. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security information, and contact information.
47 Citations
20 Claims
-
1. A method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network:
-
initiating a request for access to a resource through an application on a requestor in accordance with a request from a user, wherein the requestor has an IP address; intercepting the request for access to the resource; identifying the IP address of the requestor; verifying the requestor is allowed to initiate requests based on the IP address; identifying a type of the request for access to the resource as one of a plurality of types of requests; identifying the application initiating the request for access to the resource; verifying the application is an application that the requestor is allowed to use; verifying the type of the request is a type of request that the application has permission to initiate; and forwarding the request for access to the resource to the authenticator based on successfully verifying the requestor, verifying the application, and verifying the type of the request, wherein the authenticator verifies the identity of the user and authorizes the request for access to the resource based on successfully verifying the identity of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for bridging requests for access to resources, comprising:
-
an application server configured to execute an application that initiates a request for access to a resource in accordance with a user request, wherein the application server has an IP address; a security bridge coupled to the application server that intercepts the request and is configured to identify the IP address of the application server, identify a type of the request as one of a plurality of types of requests; and
identify the application that initiates the request, and further configured to verify the application server is allowed to initiate requests based on the IP address, verify the application is an application that the application server is allowed to execute, and verify the type of the request for the requested resource is a type of request that the application has permission to initiate, wherein the security bridge forwards the request for access to the resource based on successfully verifying the requester, verifying the application, and verifying the type of the request; andan authenticator server coupled to the security bridge and configured to receive the forwarded request for access to the resource from the security bridge, verify the identity of the user, and authorize the request for access to the resource based on successfully verifying the identity of the user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification