Platform-neutral system and method for providing secure remote operations over an insecure computer network
First Claim
1. A method of enhancing the security of a message sent by a principal from a client computer through a network server to a destination server, comprising the steps of:
- (a) obtaining by the client computer credentials for authorizing the principal client and the network server;
(b) establishing a first secure connection for exchanging data between the client and the network server;
(c) transmitting from the client computer to the network server over the first secure connection the principal-authenticating credentials and the message;
(d) transmitting the principal-authenticating credentials from the network sever to the validation center;
(e) transmitting permission data for the network server from the validation center to the network sever based on the principal-authenticating credentials;
(f) verifying the authorization of the principal in the network sever to access a digital certificate and issuing the digital certificate to the network server;
(g) establishing a second secure connection for exchanging data between the network server and the destination server based on the digital certificate; and
(h) transmitting the message from the network server to the destination server over the second secure connection.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product are disclosed for enhancing the security of a message sent through a network server from a client computer to a destination server running any computer platform. Credentials for authorizing a principal are obtained by the client computer from a validation center. The principal-authentication information is transmitted to the network server. The network server may use the principal-authenticating information to obtain permission data from the validation center for use in accessing the destination server. Also described is a method of providing a remote interactive login connection using the same method.
-
Citations
36 Claims
-
1. A method of enhancing the security of a message sent by a principal from a client computer through a network server to a destination server, comprising the steps of:
-
(a) obtaining by the client computer credentials for authorizing the principal client and the network server; (b) establishing a first secure connection for exchanging data between the client and the network server; (c) transmitting from the client computer to the network server over the first secure connection the principal-authenticating credentials and the message; (d) transmitting the principal-authenticating credentials from the network sever to the validation center; (e) transmitting permission data for the network server from the validation center to the network sever based on the principal-authenticating credentials; (f) verifying the authorization of the principal in the network sever to access a digital certificate and issuing the digital certificate to the network server; (g) establishing a second secure connection for exchanging data between the network server and the destination server based on the digital certificate; and (h) transmitting the message from the network server to the destination server over the second secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of providing a remote interactive login connection for a principal from a client computer through a network server to a destination server, comprising the steps of:
-
(a) obtaining credentials for authorizing the principal from a validation center; (b) establishing a first secure connection for exchanging data between the client and the network server; (c) transmitting from the client computer to the network server over the first secure connection the principal-authenticating credentials; (d) transmitting the principal-authenticating credentials from the network server to the validation center; (e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials; (f) verifying the authorization of the principal in the network server to access a digital certificate and issuing the digital certificate to the network server; (g) establishing a second secure connection for exchanging data between the network server and the destination server based on the digital certificate; and (h) executing a command interpreter in the destination server wherein the command interpreter may execute commands sent by the client computer via the network server over the second secure connection.
-
-
24. A computer system for enhancing the security of one or more messages sent by a principal comprising:
-
a client computer for transmitting principal-authenticating credentials and the one or more messages; a gateway computer operatively connected to the client computer, the gateway computer receiving principal-authenticating credentials and the one or more messages from the client computer; a validation computer operatively connected to the gateway computer and capable of receiving the principal-authenticating credentials from to gateway computer and of transmitting permission data based on the principal-authenticating credentials to the gateway computer; and one or more host computers operatively connected to the gateway computer and operating on any computer platform, wherein, based on the permission data, the gateway computer establishes a secure connection with at least one of the one or more host computers, and wherein the gateway computer transmits the one or more messages to at least one of the host computers over the secure connection. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer system for providing a remote interactive login connection comprising:
-
a client computer for transmitting principal-authenticating credentials and a message; a gateway computer operatively connected to the client computer, the gateway computer receiving the principal-authenticating credentials and the message from the client computer a validation computer operatively connected to the gateway computer and capable of receiving the principal-authenticating credentials from the gateway computer and of transmitting permission data based on the principal-authenticating credentials to the gateway computer; and one or more host computers operatively connected to the gateway computer and operating on any computer platform, wherein, based on the permission data, the gateway computer establishes a secure connection with the host computer, and transmits the message to the host computer over the secure connection. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
-
36. A computer program product, the computer program product comprising a computer readable storage medium and a computer program stored therein for carrying out a process comprising:
-
(a) obtaining by the client computer credentials for authorizing the principal from a validation center; (b) establishing a first secure connection for exchanging data between a client and a network server; (c) transmitting from the client computer to the network server over the first secure connection the principal-authenticating credentials and the message; (d) transmitting the principal-authenticating credentials from the network server to the validation center; (e) transmitting permission data for the network server from the validation center to the network server based on the principal-authenticating credentials; (f) verifying the authorization of the principal in the network server to access a digital certificate and issuing the digital certificate to the network server; (g) establishing a second secure connection for exchanging data between the network server and a destination server based on the digital certificate; and (h) transmitting the message from the network server to the destination server over the second secure connection.
-
Specification