Method and data processing system for intercepting communication between a client and a service
First Claim
1. A method of intercepting communication between a user and an application server, said method comprising:
- an authentication component receiving, from a client system, a user request of a user logged into the client system, said user request being directed to the application server, said authentication component being disposed between the client system and a proxy;
after said authentication component receiving the user request, said authentication component authenticating the user through use of a directory service to which both the application server and the authentication component are directly connected, wherein a service provider infrastructure comprises the application server and the directory service;
after said authenticating the user through use of the directory service, said authentication component adding a user-specific token to the user request to generate a tokenized request comprising the user request and the token added thereto, said user-specific token comprising a unique user identifier that identifies the user uniquely;
said authentication component sending the tokenized request to the proxy;
said proxy receiving the tokenized request sent by the authentication component;
said proxy sending the tokenized request received from the authentication component to the application server via a HTTP server disposed between the proxy and the application server, wherein the directory service is configured to be used by the application server for authenticating the user;
after said sending the tokenized request from the proxy, said proxy receiving a response to the user request from the application server;
after said proxy receiving the response from the application server, said proxy forwarding the response to the authentication component;
said authentication component receiving the response sent by the proxy and subsequently sending the response to the client system;
said proxy invoking an interceptor plug-in plugged into the proxy for processing the tokenized request received by the proxy from the authentication component;
storing, in an interceptor manager, an interception control list comprising a plurality of unique user identifiers, said interceptor manager being external to and coupled to the interceptor plugin;
said interceptor manager sending the interception control list to the interceptor plug-in;
said interceptor plug-in receiving the interception control list sent by the interceptor manager;
loading, into the interceptor plug-in, the interception control list received by the interceptor plug-in from the interceptor manager;
after said loading the interception control list, said interceptor plug-in ascertaining that the unique user identifier in the tokenized request is present in the interception control list loaded into and accessible to the interceptor plug-in;
after said ascertaining, said interceptor plug-in sending the tokenized request to an interceptor manager; and
said interceptor manager storing the tokenized request;
said interceptor manager transferring the tokenized request to a network controlled by a law enforcement agency for further analysis by the law enforcement agency, said network being directly connected to the interceptor manager and external to the service provider infrastructure.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and data processing system for intercepting communication between a user and a service. An authentication component receives, from the user, a user request directed to the service. The authentication component adds a user-specific token to the user request to generate a tokenized request. The tokenized request includes the user request and the token. The token includes a unique user identifier that identifies the user. The authentication component sends the tokenized request to a proxy. The proxy sends the tokenized request to the service. The proxy invokes an interceptor plug-in that is plugged into the proxy. The interceptor plug-in ascertains that the unique user identifier in the tokenized request is present in an interception control list of unique user identifiers. The interception control list is accessible to the interceptor plug-in. The interceptor plug-in sends the tokenized request to an interceptor manager who stores the tokenized request.
-
Citations
15 Claims
-
1. A method of intercepting communication between a user and an application server, said method comprising:
-
an authentication component receiving, from a client system, a user request of a user logged into the client system, said user request being directed to the application server, said authentication component being disposed between the client system and a proxy; after said authentication component receiving the user request, said authentication component authenticating the user through use of a directory service to which both the application server and the authentication component are directly connected, wherein a service provider infrastructure comprises the application server and the directory service; after said authenticating the user through use of the directory service, said authentication component adding a user-specific token to the user request to generate a tokenized request comprising the user request and the token added thereto, said user-specific token comprising a unique user identifier that identifies the user uniquely; said authentication component sending the tokenized request to the proxy; said proxy receiving the tokenized request sent by the authentication component; said proxy sending the tokenized request received from the authentication component to the application server via a HTTP server disposed between the proxy and the application server, wherein the directory service is configured to be used by the application server for authenticating the user; after said sending the tokenized request from the proxy, said proxy receiving a response to the user request from the application server; after said proxy receiving the response from the application server, said proxy forwarding the response to the authentication component; said authentication component receiving the response sent by the proxy and subsequently sending the response to the client system; said proxy invoking an interceptor plug-in plugged into the proxy for processing the tokenized request received by the proxy from the authentication component; storing, in an interceptor manager, an interception control list comprising a plurality of unique user identifiers, said interceptor manager being external to and coupled to the interceptor plugin; said interceptor manager sending the interception control list to the interceptor plug-in; said interceptor plug-in receiving the interception control list sent by the interceptor manager; loading, into the interceptor plug-in, the interception control list received by the interceptor plug-in from the interceptor manager; after said loading the interception control list, said interceptor plug-in ascertaining that the unique user identifier in the tokenized request is present in the interception control list loaded into and accessible to the interceptor plug-in; after said ascertaining, said interceptor plug-in sending the tokenized request to an interceptor manager; and said interceptor manager storing the tokenized request; said interceptor manager transferring the tokenized request to a network controlled by a law enforcement agency for further analysis by the law enforcement agency, said network being directly connected to the interceptor manager and external to the service provider infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification