Method and system for providing secure access to private networks
First Claim
Patent Images
1. A method for accessing resources on a private network via an intermediary server, said method comprising:
- receiving a login request from a user for access to the intermediary server, the intermediary server storing an authentication identifier for each of a plurality of users, the authentication identifier identifying an authentication server;
accessing, based on the authentication identifier, an authentication server, where the authentication server is separate and distinct from the intermediary server, to authenticate the user in response to the login request;
receiving a resource request from the authenticated user at the intermediary server, the resource request requesting a particular operation with respect to a resource from the private network;
obtaining access privileges for the authenticated user in response to the resource request;
determining whether the access privileges for the authenticated user permit the authenticated user to perform the particular operation at the private network; and
preventing, by the intermediary server, performance of the particular operation at the private network if the access privileges for the authenticated user do not permit the authenticated user to perform the particular operation at the private network.
15 Assignments
0 Petitions
Accused Products
Abstract
Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point. The solution provided by the invention is not only easily set up and managed, but also able to support many remote users in a cost-effective manner.
82 Citations
40 Claims
-
1. A method for accessing resources on a private network via an intermediary server, said method comprising:
-
receiving a login request from a user for access to the intermediary server, the intermediary server storing an authentication identifier for each of a plurality of users, the authentication identifier identifying an authentication server; accessing, based on the authentication identifier, an authentication server, where the authentication server is separate and distinct from the intermediary server, to authenticate the user in response to the login request; receiving a resource request from the authenticated user at the intermediary server, the resource request requesting a particular operation with respect to a resource from the private network; obtaining access privileges for the authenticated user in response to the resource request; determining whether the access privileges for the authenticated user permit the authenticated user to perform the particular operation at the private network; and preventing, by the intermediary server, performance of the particular operation at the private network if the access privileges for the authenticated user do not permit the authenticated user to perform the particular operation at the private network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for providing remote access to a private network via an intermediary server, said method comprising:
-
receiving a login request from a remote user for access to the intermediary server, the intermediary server storing an authentication identifier for each of a plurality of users, the authentication identifier identifying an authentication server; accessing, based on the authentication identifier, an authentication server, where the authentication server is separate and distinct from the intermediary server, to determine whether the remote user is permitted access to the intermediary server based on the login request; granting the remote user access to the intermediary server if the remote user is permitted access to the intermediary server, the granted access carrying access privileges to a portion of the private network; receiving a resource request from the remote user at the intermediary server if the remote user is granted access to the intermediary server, the resource request requesting a particular resource on the private network; determining whether the resource request from the remote user is permitted by the access privileges; supplying the particular resource to the remote user through the intermediary server if the resource request from the remote user is permitted by the access privileges; and denying the remote user from access to the particular resource by the intermediary server if the resource request from the remote user is not permitted by the access privileges. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer readable memory device including computer-executable program code for enabling access to resources on a private network via an intermediary server, said computer readable memory device comprising:
-
computer program code for receiving a login request from a user for access to the intermediary server, the intermediary server storing an authentication identifier for each of a plurality of users, the authentication identifier identifying an authentication server; computer program code for accessing, based on the authentication identifier, an authentication server, where the authentication server is separate and distinct from the intermediary server, to determine whether the user is permitted access to the intermediary server in response to the login request; computer program code for receiving a resource request from the user at the intermediary server after it has been determined that the user is permitted access to the intermediary server, the resource request requesting a particular operation with respect to a resource from the private network; computer program code for obtaining access privileges for the user in response to the resource request; computer program code for determining whether the access privileges for the user permit the user to perform the particular operation at the private network; and computer program code for preventing performance of the particular operation at the private network if said computer code for determining determines that the access privileges for the user do not permit the user to perform the particular operation at the private network. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer readable memory device including computer-executable program code to facilitate access to a private network via an intermediary server, said computer readable memory device comprising:
-
computer program code for receiving a login request from a user for access to the intermediary server, the intermediary server storing an authentication identifier for each of a plurality of users, the authentication identifier identifying an authentication server; computer program code for accessing, based on the authentication identifier, an authentication server, where the authentication server is separate and distinct from the intermediary server, to determine whether the user is permitted access to the intermediary server in response to the login request; computer program code for granting the user access to the intermediary server when said computer program code for determining whether the user is permitted access to the intermediary server determines that the user is permitted access, the granted access carrying access privileges to a portion of the private network; computer program code for receiving a resource request from the user at the intermediary server when the user is granted access to the intermediary server, the resource request requesting a particular resource; computer program code for determining whether the resource request from the user is permitted by the access privileges; computer program code for supplying the particular resource to the user through the intermediary server when said computer program code for determining whether the resource request from the user is permitted determines that the resource request from the user is permitted; and computer program code for denying the user from access to the particular resource when said computer program code for determining whether the resource request from the user is permitted determines that the resource request from the user is not permitted. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification