Secure customer interface for web based data management
First Claim
1. A method comprising:
- establishing a secure session with a web server;
receiving a message over the secure session from a browser application via the web server, wherein the message is encrypted using a first encryption key;
decrypting the received message to determine a user identifier associated with the browser application;
verifying that the user identifier associated with the browser application is entitled to access a communication service;
reencrypting the message using a second encryption key; and
selectively forwarding the reencrypted message to an application proxy corresponding to the communication service based on the verification of the user identifier.
7 Assignments
0 Petitions
Accused Products
Abstract
An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described.
-
Citations
20 Claims
-
1. A method comprising:
-
establishing a secure session with a web server; receiving a message over the secure session from a browser application via the web server, wherein the message is encrypted using a first encryption key; decrypting the received message to determine a user identifier associated with the browser application; verifying that the user identifier associated with the browser application is entitled to access a communication service; reencrypting the message using a second encryption key; and selectively forwarding the reencrypted message to an application proxy corresponding to the communication service based on the verification of the user identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a processor configured to initiate establishment of a secure session with a web server; and a communication interface coupled to the processor and configured to receive a message over the secure session from a browser application via the web server, wherein the message is encrypted using a first encryption key, wherein the processor is further configured to decrypt the received message to determine a user identifier associated with the browser application, to verify that the user identifier associated with the browser application is entitled to access a communication service, to reencrypt the message using a second encryption key, and to selectively forward the reencrypted message to an application proxy corresponding to the communication service based on the verification of the user identifier. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a web server cluster configured to communicate with a browser application; and a dispatcher configured to establish a secure session with the web server cluster, wherein the dispatcher is further configured to receive a message over the secure session from the browser application via the web server cluster, the message being encrypted using a first encryption key, wherein the dispatcher is further configured to decrypt the received message to determine a user identifier associated with the browser application, to verify that the user identifier associated with the browser application is entitled to access a communication service, to reencrypt the message using a second encryption key, and to selectively forward the reencrypted message to an application proxy corresponding to the communication service based on the verification of the user identifier. - View Dependent Claims (18, 19, 20)
-
Specification