Secure data broker
First Claim
1. In a networked computing environment, a method of securing access to an information resource behind a security barrier, the method comprising:
- predefining a request message specification corresponding to a structured request language including extensible markup language;
formatting an access request in accordance with the structured request language;
supplying the formatted access request to a first intermediary, the intermediary validating the formatted access request in accordance with the request message specification; and
forwarding the validated access request across the security barrier.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure data broker has been developed, which provides a restricted message based data exchange between a client application and a secured information resource by allowing registered or verified messages to be brokered across a security barrier. In some configurations, both requests and responses are validated and brokered across the security barrier. In other configuration, either requests or responses are validated. To support validation, messages are formatted in accordance with a predefined message specification for at least part of a transaction path between a client application and an information resource accessed by the client application.
49 Citations
33 Claims
-
1. In a networked computing environment, a method of securing access to an information resource behind a security barrier, the method comprising:
-
predefining a request message specification corresponding to a structured request language including extensible markup language; formatting an access request in accordance with the structured request language; supplying the formatted access request to a first intermediary, the intermediary validating the formatted access request in accordance with the request message specification; and forwarding the validated access request across the security barrier. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a networked computing environment, a method of securing access to an information resource behind a security barrier, the method comprising:
-
predefining a response message specification corresponding to a structured response language including extensible markup language; formatting a response to an access request targeting the information resource, the formatted response being in accordance with the structured response language; supplying the formatted response to an intermediary, the intermediary validating the formatted response in accordance with the response message specification; and forwarding a validated response across the security barrier. - View Dependent Claims (7)
-
-
8. An information security system comprising:
-
a security barrier; a proxy for an information resource, the proxy and the information resource on opposing first and second sides, respectively, of the security barrier; a data broker on the first side of the security barrier, wherein, in response to an access request targeting the information resource, the data broker validates a request message encoded in a structured request language including extensible markup language against a predefined request message specification therefor and forwards only validated request messages across the security barrier. - View Dependent Claims (9, 10)
-
-
11. A computer program product encoded in computer readable media, the computer program product comprising:
-
data broker code and parser code executable on a first network server separated from an information resource by a security barrier; the data broker code including instructions executable as a first instance thereof to receive access requests in a structured language including extensible markup language corresponding to a predefined request message specification and to forward validated ones of the access requests across the security barrier toward the information resource; and the parser code including instructions executable as a first instance thereof to validate the received access requests against the predefined request message specification. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of securing a data transaction across a security barrier, the method comprising:
-
validating a request message encoded in a structured request language including extensible markup language against a predefined request message specification therefor; transmitting the validated request message across the security barrier; validating a response message encoded in a structured response language including extensible markup language against a predefined response message specification therefor, the response message corresponding to the validated request; and transmitting the validated response message across the security barrier. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. In a networked information environment including a client and an information resource separated by a security barrier, an information security system comprising:
-
means for proxying an access request by the client targeting the information resource and for preparing a request message corresponding to the access request in a structured language including extensible markup language corresponding to a predefined request message specification; means for validating the request message against the predefined request message specification and forwarding only validated request messages across the security barrier. - View Dependent Claims (32, 33)
-
Specification