Secure customer interface for Web based data management
First Claim
1. A system for providing secure communications, the system comprising:
- means for authenticating a secure server to a browser over a public data network;
means for encrypting communications between the browser and the secure server with a first security protocol;
means for authenticating a user of the browser and a set of entitlements of the user at log on with an authentication server;
means for encrypting communications within a private network with a second security protocol; and
means for creating a session management object at each log on to authenticate the browser at each communication from the browser during a communications session.
8 Assignments
0 Petitions
Accused Products
Abstract
An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described.
-
Citations
45 Claims
-
1. A system for providing secure communications, the system comprising:
-
means for authenticating a secure server to a browser over a public data network; means for encrypting communications between the browser and the secure server with a first security protocol; means for authenticating a user of the browser and a set of entitlements of the user at log on with an authentication server; means for encrypting communications within a private network with a second security protocol; and means for creating a session management object at each log on to authenticate the browser at each communication from the browser during a communications session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for providing security in a communications network, the method comprising:
-
communicating with a secure web server through a firewall, wherein the secure web server manages secure sessions over a public data network, the secure web server supporting secure socket layer (SSL) for encrypted communication, the secure web server further providing session management including user identification, validation and session management to link the session with a user; communicating with a plurality of proxy services and a plurality of system resources using an internal network, wherein the plurality of system resources provides communications network management capabilities for the user, each of the system resources being responsive to a request to generate user data or instructions relating to the communications network; and providing verification of system access after user entitlements have been verified. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus for providing security in a communications network, the apparatus comprising:
-
means for communicating with a secure web server through a firewall, wherein the secure web server manages secure sessions over a public data network, the secure web server supporting secure socket layer (SSL) for encrypted communication, the secure web server further providing session management including user identification, validation and session management to link the session with a user; means for communicating with a plurality of proxy services and a plurality of system resources using an internal network, wherein the plurality of system resources provides communications network management capabilities for the user, each of the system resources being responsive to a request to generate user data or instructions relating to the communications network; and means for providing verification of system access after user entitlements have been verified. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A method for providing an integrated and secure customer interface, the method comprising:
-
supporting interactive sessions, via an applet, with a communications network, the sessions including client authentication, session authentication and transaction requests for the communications network; and encrypting each of the sessions with a public key provided by the communications network, each session also including session authentication with a cookie, the session cookie being encrypted with the public key during transmission of each transaction request to a secure server, wherein a security firewall is provided on either side of the secure server to prevent direct public access to the communications network. - View Dependent Claims (35, 36, 37, 38, 39)
-
-
40. An apparatus for providing an integrated and secure customer interface, the apparatus comprising:
-
means for supporting interactive sessions, via an applet, with a communications network, the sessions including client authentication, session authentication and transaction requests for the communications network; and means for encrypting each of the sessions with a public key provided by the communications network, each session also including session authentication with a cookie, the session cookie being encrypted with the public key during transmission of each transaction request to a secure server, wherein a security firewall is provided on either side of the secure server to prevent direct public access to the communications network. - View Dependent Claims (41, 42, 43, 44, 45)
-
Specification