×

Method and data processing system for intercepting communication between a client and a service

  • US 8,024,785 B2
  • Filed: 01/05/2007
  • Issued: 09/20/2011
  • Est. Priority Date: 01/16/2006
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of intercepting communication between a user and an application server, said method comprising:

  • an authentication component receiving, from a client system, a user request of a user logged into the client system, said user request being directed to the application server, said authentication component being disposed between the client system and a proxy;

    after said authentication component receiving the user request, said authentication component authenticating the user through use of a directory service to which both the application server and the authentication component are directly connected, wherein a service provider infrastructure comprises the application server and the directory service;

    after said authenticating the user through use of the directory service, said authentication component adding a user-specific token to the user request to generate a tokenized request comprising the user request and the token added thereto, said user-specific token comprising a unique user identifier that identifies the user uniquely;

    said authentication component sending the tokenized request to the proxy;

    said proxy receiving the tokenized request sent by the authentication component;

    said proxy sending the tokenized request received from the authentication component to the application server via a HTTP server disposed between the proxy and the application server, wherein the directory service is configured to be used by the application server for authenticating the user;

    after said sending the tokenized request from the proxy, said proxy receiving a response to the user request from the application server;

    after said proxy receiving the response from the application server, said proxy forwarding the response to the authentication component;

    said authentication component receiving the response sent by the proxy and subsequently sending the response to the client system;

    said proxy invoking an interceptor plug-in plugged into the proxy for processing the tokenized request received by the proxy from the authentication component;

    storing, in an interceptor manager, an interception control list comprising a plurality of unique user identifiers, said interceptor manager being external to and coupled to the interceptor plugin;

    said interceptor manager sending the interception control list to the interceptor plug-in;

    said interceptor plug-in receiving the interception control list sent by the interceptor manager;

    loading, into the interceptor plug-in, the interception control list received by the interceptor plug-in from the interceptor manager;

    after said loading the interception control list, said interceptor plug-in ascertaining that the unique user identifier in the tokenized request is present in the interception control list loaded into and accessible to the interceptor plug-in;

    after said ascertaining, said interceptor plug-in sending the tokenized request to an interceptor manager; and

    said interceptor manager storing the tokenized request;

    said interceptor manager transferring the tokenized request to a network controlled by a law enforcement agency for further analysis by the law enforcement agency, said network being directly connected to the interceptor manager and external to the service provider infrastructure.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×