Proxy server security token authorization
First Claim
1. A method of authorizing use of a particular computing resource by a user, comprising:
- (a) a management server issuing, to a user computer, a secure authorization token, said secure authorization token having data including connection permission information that identifies the specific protected computer resource by at least one of name and port number;
(b) examining, with a proxy server, the secure authorization token for authenticity, and extracting, with said proxy server, said connection permission information contained in the token to determine the user'"'"'s authorization to access said specific protected computing resource; and
(c) if the secure authorization token is authentic, said proxy server using said secure authorization token data connection permission information to establish a proxy connection with said specific protected computing resource on behalf of the user and acting as an intermediary to pass information between the user computer and the specific protected computing resource, without said proxy server accessing or communicating with the management server to obtain user authorization information,wherein said management server is separate from said proxy server, said protected computing resource and said user computer.
25 Assignments
0 Petitions
Accused Products
Abstract
A management server manufactures a secure, tamper-resistant token for a particular user specifying the permissions and authorizations that user possesses. The token may be in the form of a digitally-signed message specifying, for example, a particular computer and associated port number that the user is permitted to access. The management server delivers the token to the user, preferably over a secure communications session. When challenged, the user presents the secure token to the security proxy server. The security proxy server examines the token to be sure it is authentic and has not be tampered with, and then extracts information contained in the token to determine the user'"'"'s authorization to access a particular computer, particular port number and/or other resource. The security proxy server then establishes authorized communication with the authorized computing resource based on the information contained in the user'"'"'s token, and thereafter may act in one embodiment as essentially a passthrough or proxy for permitting the user to access and communicate with the resource.
94 Citations
14 Claims
-
1. A method of authorizing use of a particular computing resource by a user, comprising:
-
(a) a management server issuing, to a user computer, a secure authorization token, said secure authorization token having data including connection permission information that identifies the specific protected computer resource by at least one of name and port number; (b) examining, with a proxy server, the secure authorization token for authenticity, and extracting, with said proxy server, said connection permission information contained in the token to determine the user'"'"'s authorization to access said specific protected computing resource; and (c) if the secure authorization token is authentic, said proxy server using said secure authorization token data connection permission information to establish a proxy connection with said specific protected computing resource on behalf of the user and acting as an intermediary to pass information between the user computer and the specific protected computing resource, without said proxy server accessing or communicating with the management server to obtain user authorization information, wherein said management server is separate from said proxy server, said protected computing resource and said user computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A proxy server comprising:
-
means for receiving a secure authorization token from a user device, said secure authorization token having been issued by a management server, said authorization token including connection data comprising computer name and port number means for examining said token to determine the authenticity thereof and to extract at least connection data therefrom; and means for establishing a proxy server session conditioned on the authenticity of said token, wherein said proxy server acts as an intermediary between said user device and a specific protected computing resource the token specifies and said extracted connection data is used to establish said proxy server session without said proxy server accessing or communicating with said management server to obtain user authorization information.
-
-
9. A proxy server comprising:
-
a challenge function that challenges a user device to present a secure authorization token issued by a management server; a token validator that validates said secure authorization token; and a token content extractor that extracts connection information from said validated token including at least one of computer name and port number; and a session controller that establishes a proxy connection with a specific protected computing resource based at least in part on the extracted connection information without need for said session controller to directly access or communicate with said management server to obtain user device authorization information, and intermediates a session between said user device and the specific protected computing resource conditioned at least in part on token validation by said token validator, said proxy server using secure authorization token data connection permission information within said secure authorization token to establish a proxy connection with said specific protected computing resource on behalf of the user and acting as an intermediary to pass information between the user computer and the specific protected computing resource. - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification