Web access to secure data
First Claim
1. A method for controlling access to a secure data service within a secure data service environment, said access being requested by a user of a versatile computing device that is not dedicated to communicating with the secure data service environment over a secure private communication network, so that the access is outside of the secure data service environment and is over an insecure public network, wherein the secure data service environment provides online data and services to dedicated devices through the secure private communication network, the method comprising the steps of:
- (a) linking a user-partner identifier with a user-service identifier, wherein;
(i) the user-partner identifier is used to authenticate the user with a partner network service that has been previously certified by the secure data service environment and that is in communication with the versatile computing device, the user-partner identifier being used by the versatile computing device and partner network service to authenticate the user with the secure data service environment through the insecure public network; and
(ii) the user-service identifier is used to authenticate the user with the secure data service environment that provides the online service to the dedicated devices through the secure private communication network without passing through any partner network service, the dedicated devices being distinguished from versatile devices which communicate with the partner network service through the insecure public network in that dedicated devices are dedicated to a primary function;
(b) determining whether a request for access to the secure data service within the secure data service environment is authentic when the request for access is received from the partner network service on behalf of the user of the versatile computing device; and
(c) providing the requested access to the secure data service over the insecure public network to the partner network service, and thus to the versatile computing device over the insecure public network, if the request is authentic.
2 Assignments
0 Petitions
Accused Products
Abstract
Controlling access to secure data and services by versatile computers outside a secure environment, which communicates with limited dedicated devices such as game consoles, over a secure network such as a virtual private network. The versatile computing devices obtain access over an insecure network, such as the Internet, through a trusted partner Web site that authenticates users of the site and relays requests to the secure environment. The Web site uses a certificate for a predefined level of secure access to the secure environment. A link is established between a user'"'"'s Web ID authenticated by the Web site and a gamer tag used within the secure environment. Access is limited as a function of the Web ID, gamer tag, and a Web site partner ID. A Web cache stores and provides some secure data, minimizing disruption to the secure environment'"'"'s primary function to service the dedicated devices.
71 Citations
34 Claims
-
1. A method for controlling access to a secure data service within a secure data service environment, said access being requested by a user of a versatile computing device that is not dedicated to communicating with the secure data service environment over a secure private communication network, so that the access is outside of the secure data service environment and is over an insecure public network, wherein the secure data service environment provides online data and services to dedicated devices through the secure private communication network, the method comprising the steps of:
-
(a) linking a user-partner identifier with a user-service identifier, wherein; (i) the user-partner identifier is used to authenticate the user with a partner network service that has been previously certified by the secure data service environment and that is in communication with the versatile computing device, the user-partner identifier being used by the versatile computing device and partner network service to authenticate the user with the secure data service environment through the insecure public network; and (ii) the user-service identifier is used to authenticate the user with the secure data service environment that provides the online service to the dedicated devices through the secure private communication network without passing through any partner network service, the dedicated devices being distinguished from versatile devices which communicate with the partner network service through the insecure public network in that dedicated devices are dedicated to a primary function; (b) determining whether a request for access to the secure data service within the secure data service environment is authentic when the request for access is received from the partner network service on behalf of the user of the versatile computing device; and (c) providing the requested access to the secure data service over the insecure public network to the partner network service, and thus to the versatile computing device over the insecure public network, if the request is authentic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for controlling access to a secure data service within a secure data service environment, said access being requested by a user of a versatile computing device that is outside the secure data service environment and that communicates with the secure data service environment through an insecure public network, wherein the secure data service environment provides online data and services to dedicated devices that communicate through a secure private communication network, the system comprising:
-
(a) a processor; (b) a network communication interface coupled to the processor for communicating with a partner network service through the insecure public network, said partner network service communicating with the versatile computing device through the insecure public network; (c) a secure communication interface coupled to the processor for communicating with the secure data service environment that provides online data and services to the dedicated devices through the secure private communication network, the dedicated devices being distinguished from the versatile computing devices in that dedicated devices are dedicated to a primary function; and (d) a memory coupled to the processor and storing a plurality of machine instructions that cause the processor to carry out a plurality of functions, including; (i) linking a user-partner identifier with a user-service identifier, wherein; (A) the user-partner identifier is used to authenticate the user with a partner network service that has been previously certified by the secure data service environment and that is in communication with the versatile computing device, the user-partner identifier being used by the versatile computing device and partner network service to authenticate the user with the secure data service environment through the insecure public network; and (B) the user-service identifier is used to authenticate the user with the secure data service environment that provides the online service to the dedicated devices through the secure private communication network and without passing through any partner network service; (ii) determining whether a request for access to the secure data service within the secure data service environment is authentic when the request for access is received from the partner network service on behalf of the user of the versatile computing device; and (iii) providing the requested access to the secure data service over the insecure public network to the partner network service, and thus to the versatile computing device over the insecure public network, if the request is authentic. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. In a secure gaming environment which includes a public gateway and a private gateway, the private gateway for communicating directly with dedicated gaming devices over a secure private communication network, and the public gateway for communicating indirectly with versatile computing devices through a partner Web site, a method for controlling access to secure data within the secure gaming environment, the method comprising:
-
through the public gateway of the secure gaming environment, a secure gaming service providing a partner Web site with a certificate that authenticates the partner Web site with the secure gaming service; establishing a user account with the secure gaming service, wherein the user account includes a first user ID, and wherein the first user ID is used by the secure gaming service when interacting with a dedicated gaming device of the user, the dedicated gaming device being configured to communicate with the secure gaming service only over a secure private communication network and through the private gateway; the secure gaming service receiving a second user ID from the partner Web site and adding it to the user account, the second user ID being received through the public gateway over an insecure public communication network, wherein the second user ID was established by the user interacting with the partner Web site using a versatile computing device which is distinguished from the dedicated gaming device of the user in that a versatile computing device is not dedicated primarily to gaming, the second user ID being configured to allow the partner Web site to authenticate the user when the user communicates with the partner Web site; linking the first user ID to the second user ID in the user account at the secure gaming service; receiving a user request to access secure data of the secure gaming service, wherein the request is received over the insecure public communication network and from the partner Web site which authenticates the user using the second user ID, the partner Web site acting as an intermediary for the user request; determining the user request is authentic; and the secure gaming service providing the requested access to the secure data of the secure gaming service over the insecure public communication network to the partner Web site, and thus to the versatile computing device over the insecure public communication network.
-
Specification