Web resource request processing

US 7,877,440 B2
Filed: 11/01/2006
Issued: 01/25/2011
Est. Priority Date: 11/02/2001
Status: Active Grant

First Claim

Patent Images

1. An intermediary server system, at least partially implemented in hardware, comprising:

a web server that receives, from client devices via a network, requests for resources;

a protocol handler, operatively connected to the web server, to;

receive the requests for resources,modify the requests to be directed to designated remote servers via a private network, andforward the modified requests for resources to the designated remote servers; and

a content transformer, operatively connected to the protocol handler, to;

receive the resources supplied by the designated remote servers in response to the modified requests,modify particular links, contained in the resources, to be directed to the intermediary server system instead of the designated remote servers, andinsert code into at least one of the resources, the code enabling operations provided by the intermediary server system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for providing secure remote access to email resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to email on a mail server within a private network through a common access point. The solution provided by the improved approaches allow not only native access to email resources but also robust authentication approaches.

Citations

31 Claims

1. An intermediary server system, at least partially implemented in hardware, comprising:
- a web server that receives, from client devices via a network, requests for resources;
  
  a protocol handler, operatively connected to the web server, to;
  
  receive the requests for resources,modify the requests to be directed to designated remote servers via a private network, andforward the modified requests for resources to the designated remote servers; and
  
  a content transformer, operatively connected to the protocol handler, to;
  
  receive the resources supplied by the designated remote servers in response to the modified requests,modify particular links, contained in the resources, to be directed to the intermediary server system instead of the designated remote servers, andinsert code into at least one of the resources, the code enabling operations provided by the intermediary server system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The intermediary server system of claim 1, wherein the intermediary server system further comprises:
    - an authentication manager that manages access by the client devices to resources on the private network; and
      
      a data store for storage of session authentication information and access privileges for users of the client devices, wherein access to the resources is not permitted unless a user requesting the access is authenticated and has sufficient access privileges.
  - 3. The intermediary server system of claim 2,wherein the system further comprises an authentication server provided within the private network for authenticating the users to provide authentication results, andwherein the intermediary server system permits or denies access to the private network via the intermediary server system by the users based on the authentication results.
  - 4. The intermediary server system of claim 3, wherein the authentication manager determines whether a stored hashed password, associated with a previous authorization, is stored in the data store and whether the stored hashed password matches a hash of a received password.
  - 5. The intermediary server system of claim 4, wherein when the stored hashed password matches the hash of the received password, the authentication manager determines whether a time since the previous authorization exceeds a maximum session duration.
  - 6. The intermediary server system of claim 5, wherein when the time since the previous authorization does not exceed the maximum session duration, the authentication manager determines whether a time of a most recent use of the hashed password exceeds a maximum idle time.
  - 7. The intermediary server system of claim 6, wherein when the time of the most recent use of the hashed password does not exceed the maximum idle time, the authentication manager authenticates the user and bypasses authentication by the authentication server.
  - 8. The intermediary server system of claim 5, wherein the system administration manager allows an administrator to set the maximum session duration.
  - 9. The intermediary server system of claim 2, wherein the data store further stores session identifiers or cookies associated with the respective client devices.
  - 10. The intermediary server system of claim 1, further comprising:
    - a secure socket layer (SSL) that provides encryption handling for respective connections with the client devices, wherein the requests for resources are received via the respective connections and forwarded to the protocol handler.
  - 11. The intermediary server system of claim 10, wherein the protocol handler comprises a plurality of front-end handlers operatively connected to the SSL to handle different types of protocols associated with the requests for resources, including at least one of HTTP, IMAP, SMTP, POP, or MAPI.
  - 12. The intermediary server system of claim 1, wherein the protocol handler comprises a plurality of back-end handlers to handle different types of protocols associated with communications to the web server, including at least one of HTTP, IMAP, SMTP, POP, 5 MB, NFS, NIS, RADIUS, LDAP, or NT.
  - 13. The intermediary server system of claim 1, wherein the back-end handlers are operatively connected to the web server via a secure connection.
  - 14. The intermediary server system of claim 1, further comprising:
    - an access manager that determines whether the client devices are permitted a type of access associated with the respective requests for resources.
  - 15. The intermediary server system of claim 1, further comprising:
    - a system administration manager that allows an administrator to configure the intermediary server system with respect to access privileges, system configuration, or login features.
  - 16. The intermediary server system of claim 1, wherein the code corresponds to a toolbar that provides controls and content to facilitate features and functionality provided by the intermediary server system.
  - 17. The intermediary server system of claim 1, wherein the content transformer modifies the particular links using URL modification, and inserts the code using script modification.

18. A method, executing on an intermediary server, implemented at least partially in hardware, for accessing resources on a private network via the intermediary server including a web server, a protocol handler, and a content transformer, the method comprising:
- receiving, at the web server, requests for resources, from client devices via a network, and sending the requests for resources to the protocol handler;
  
  modifying, by the protocol handler, the requests for resources to be directed to designated remote servers via a private network and forwarding the modified requests for resources to the designated remote servers; and
  
  receiving, at the content transformer, the requested resources supplied by the designated remote servers in response to the modified requests and modifying the requested resources such that at least certain links contained therein are modified to be directed to the intermediary server instead of the designated remote servers and inserting code into one of the resources, wherein the code enables operations provided by the intermediary server.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 19. The method as recited in claim 18, wherein the intermediary server further includes an authentication manager and a data store, the method further comprising:
    - managing, by the authentication manager, access by the client devices to resources on the private network;
      
      storing, at the data store, session authentication information and access privileges for users of the client devices; and
      
      denying access to the requested resources unless a user requesting the access is authenticated and has sufficient access privileges.
  - 20. The method as recited in claim 19, further comprising:
    - receiving, at the intermediary server, authentication results from an authentication server provided within the private network for authenticating the users; and
      
      permitting or denying, by the intermediary server, access to the private network.
  - 21. The method as recited in claim 20, further comprising:
    - determining, by the authentication manager, whether a stored hashed password associated with a previous authorization is stored in the data store and whether the stored hashed password matches a hash of a received password.
  - 22. The method as recited in claim 21, further comprising:
    - determining, by the authentication manager, whether a time since the previous authorization exceeds a maximum session duration when the stored hashed password matches the hash of the received password.
  - 23. The method as recited in claim 22, further comprising:
    - determining, by the authentication manager, whether a time of a most recent use of the hashed password exceeds a maximum idle time when the time since the previous authorization does not exceed the maximum session duration.
  - 24. The method as recited in claim 23, further comprising:
    - authenticating the user, by the authentication manager, and bypassing authentication by the authentication server, when the time of the most recent use of the hashed password does not exceed the maximum idle time.
  - 25. The method as recited in claim 19, further comprising:
    - storing, at the data store, session identifiers or cookies associated with the respective client devices.
  - 26. The method as recited in claim 18, wherein the intermediary server further includes a secure socket layer (SSL), the method further comprising:
    - providing, by the SSL, encryption handling for respective connections with the client devices, wherein the requests for resources are received via the respective connections and forwarded to the protocol handler.
  - 27. The method as recited in claim 18, wherein the intermediary server further includes an access manager, the method further comprising:
    - determining, by the access manager, whether the client devices are permitted a type of access associated with the respective requests for resources.
  - 28. The method as recited in claim 18, wherein the intermediary server further includes an administration manager, the method further comprising:
    - allowing, via the administration manager, an administrator to configure the intermediary server with respect to access privileges, system configuration, or login features.
  - 29. The method as recited in claim 18,wherein the code includes a toolbar that provides controls and content to facilitate features and functionality provided by the intermediary server.
  - 30. The method as recited in claim 18, wherein modifying the requested resources comprises URL modification, and inserting the code comprises script modification.

31. An intermediary server, at least partially implemented in hardware, comprising:
- a secure socket layer (SSL) to receive a login request from a remote user for access to the intermediary server;
  
  an authorization manager to determine whether the remote user is permitted access to the intermediary server and grant access to the intermediary server based on the determination, wherein the granted access also carries access privileges associated with the remote user to predetermined portions of a private network associated with the intermediary server, wherein after the access is granted, the SSL is to receive a resource request from the remote user, the resource request requesting a particular resource of the private network;
  
  an access manager to determine whether the resource request from the remote user is permitted based on the access privileges; and
  
  a protocol handler to retrieve the requested resource from the private network, when it is determined that the resource request from the user is permitted, modify the retrieved resource by inserting code to provide controls and content to facilitate features and functionality provided by the intermediary server, and provide the modified resource to the user via the SSL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Sang, Yvonne Pui Fung, Srinivas, Sampath, Tock, Theron
Primary Examiner(s)
Harrell; Robert B

Application Number

US11/555,480
Publication Number

US 20070055864A1
Time in Patent Office

1,546 Days
Field of Search

709/203, 713/155
US Class Current

709/203
CPC Class Codes

H04L 51/00 User-to-user messaging in p...

H04L 63/083 using passwords cryptograph...

Web resource request processing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Web resource request processing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links