Method and an apparatus to validate a web session in a proxy server
First Claim
Patent Images
1. A method comprising:
- receiving, by a proxy server computer communicably coupled between an application server and a client, a request to access predetermined content by the client, wherein the predetermined content is offloaded from the application server to the proxy server computer, and wherein the request includes a message previously issued by the application server to the client, the message comprising a unique message identifier, a message authentication code, a timestamp and an access control token that identifies a type of content that the client is allowed to access;
controlling, by the proxy server computer, the access to the predetermined content by the client by validating the message authentication code, and checking the timestamp and the access control token included in the message;
calculating, by the proxy server computer, a new message authentication code and a new timestamp using the access control token previously provided by the application server for the predetermined content; and
issuing a new message to the client by the proxy server computer, the new message comprising a new unique message identifier, the new message authentication code, the new timestamp, and the access control token, the new message to replace the message issued by the application server to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments of a method and an apparatus to validate a web session in a proxy server have been presented. In one embodiment, service of predetermined content is offloaded from an application server to a proxy server communicatively coupled between the application server and a client. Using the proxy server, access to the predetermined content by the client may be controlled.
-
Citations
24 Claims
-
1. A method comprising:
-
receiving, by a proxy server computer communicably coupled between an application server and a client, a request to access predetermined content by the client, wherein the predetermined content is offloaded from the application server to the proxy server computer, and wherein the request includes a message previously issued by the application server to the client, the message comprising a unique message identifier, a message authentication code, a timestamp and an access control token that identifies a type of content that the client is allowed to access; controlling, by the proxy server computer, the access to the predetermined content by the client by validating the message authentication code, and checking the timestamp and the access control token included in the message; calculating, by the proxy server computer, a new message authentication code and a new timestamp using the access control token previously provided by the application server for the predetermined content; and issuing a new message to the client by the proxy server computer, the new message comprising a new unique message identifier, the new message authentication code, the new timestamp, and the access control token, the new message to replace the message issued by the application server to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A proxy server computer comprising:
-
a memory; a processing device communicably coupled to the memory; a first network interface, executable by the processing device from the memory on the proxy server computer, to communicatively couple the proxy server computer to a client in order to receive an access request from the client to access predetermined content, wherein the predetermined content is offloaded from an application server to the proxy server computer, and wherein the access request includes a message previously issued by the application server to the client, the message comprising a unique message identifier, a message authentication code, a timestamp and an access control token; and an authentication module, executable by the processing device from the memory on the proxy server computer, to; authenticate the client based on validating the message authentication code, and checking the timestamp and the access control token included in the message; calculate a new message authentication code and a new timestamp using the access control token previously provided by the application server for the predetermined content; and issue a new message to the client, the new message comprising a new unique message identifier, the new message authentication code, the new timestamp, and the access control token, the new message to replace the message issued by the application server to the client. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory machine-readable medium that includes instructions that, when executed by a processor, will cause the processor to perform operations comprising:
-
receiving an access request at a proxy server running on the processor, the access request being a request from a client to access predetermined content offloaded from an application server to the proxy server, wherein the request includes a message previously issued by the application server to the client, the message comprising a unique message identifier, a message authentication code, a timestamp and an access control token; controlling, by the proxy server, access to the predetermined content by the client by validating the message authentication code, and checking the timestamp, and the access control token included in the message; calculating, by the proxy server, a new message authentication code and a new timestamp using the access control token previously provided by the application server to the proxy server for the predetermined content; and issuing a new message to the client, the new message comprising a new unique message identifier, the new message authentication code, the new timestamp, and the access control token, the new message to replace the message issued by the application server to the client. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification