Secure server architecture for web based data management

US 8,495,724 B2
Filed: 12/28/2004
Issued: 07/23/2013
Est. Priority Date: 09/26/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A system for supporting secure networking, the system comprising:

a first firewall configured to receive a service request from a client and to control access to a first set of addresses; and

a second firewall configured to receive the service request from a server associated with one of the first set of addresses, the second firewall being further configured to control access to a second set of addresses,wherein the server establishes a communication session with the client, the communication session having an identifier encapsulated in a cookie, the server communicating with a dispatch server associated with one of the second set of addresses, the dispatch server being configured to receive the service request via the second firewall and to dispatch the service request to a proxy service in response to the service request.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user'"'"'s copper wire connection to a legacy system and a user'"'"'s remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems.

Citations

6 Claims

1. A system for supporting secure networking, the system comprising:
- a first firewall configured to receive a service request from a client and to control access to a first set of addresses; and
  
  a second firewall configured to receive the service request from a server associated with one of the first set of addresses, the second firewall being further configured to control access to a second set of addresses,wherein the server establishes a communication session with the client, the communication session having an identifier encapsulated in a cookie, the server communicating with a dispatch server associated with one of the second set of addresses, the dispatch server being configured to receive the service request via the second firewall and to dispatch the service request to a proxy service in response to the service request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system according to claim 1, wherein the server is further configured to selectively wrap and unwrap the cookie to verify the client to the dispatcher server.
  - 3. A system according to claim 1, wherein the server is a web-based server.
  - 4. A system according to claim 1, wherein the server communicates with the client according to a first encryption algorithm, and the server communicates with the dispatch server according to a second encryption algorithm.
  - 5. A system according to claim 1, wherein the dispatch server resides in an intranet, and the communication session between the client and the server is over a public data network.
  - 6. A system according to claim 1, wherein the communication session is established according to HyperText Transfer Protocol (HTTP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
Devine, Carol Y., Shifrin, Gerald A., Shoulberg, Richard W.
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US11/023,953
Publication Number

US 20050114712A1
Time in Patent Office

3,129 Days
Field of Search

726/3
US Class Current

726/11
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0757   by exceeding a time limit, ...

G06F 11/0769   Readable error formats, e.g...

G06F 11/0775   Content or structure detail...

G06F 11/0781   Error filtering or prioriti...

G06F 11/0784   Routing of error reports, e...

G06F 11/202   where processing functional...

G06F 11/32   with visual or acoustical i...

G06F 11/324   Display of status information

G06F 11/327   Alarm or error message display

G06F 11/328   Computer systems status dis...

G06F 11/3495   for systems

G06F 16/972   Access to data in other rep...

G06F 21/00   Security arrangements for p...

G06F 21/41   where a single sign-on prov...

G06F 21/552   involving long-term monitor...

G06F 2201/81   Threshold

G06F 2201/86   Event-based monitoring

G06F 2201/875   Monitoring of systems inclu...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2149 : Restricted operating enviro...

G06Q 10/10 : Office automation; Time man...

G06Q 10/107 : Computer-aided management o...

G06Q 20/102 : Bill distribution or payments

G06Q 20/382 : insuring higher security of...

G06Q 30/02 : Marketing; Price estimation...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 30/0635 : Processing of requisition o...

G06Q 99/00 : Subject matter not provided...

H04L 12/14 : Charging , metering or bill...

H04L 12/1428 : Invoice generation, e.g. cu...

H04L 41/0213 : Standardised network manage...

H04L 41/0233 : Object-oriented techniques,...

H04L 41/024 : using relational databases ...

H04L 41/0253 : using browsers or web-pages...

H04L 41/06 : Management of faults, event...

H04L 41/0681 : Configuration of triggering...

H04L 41/08 : Configuration management of...

H04L 41/0803 : Configuration setting

H04L 41/0879 : Manual configuration throug...

H04L 41/0895 : Configuration of virtualise...

H04L 41/122 : of virtualised topologies, ...

H04L 41/142 : using statistical or mathem...

H04L 41/18 : Delegation of network manag...

H04L 41/22 : comprising specially adapte...

H04L 41/28 : Restricting access to netwo...

H04L 41/5009 : Determining service level p...

H04L 41/5022 : by giving priorities, e.g. ...

H04L 41/5029 : Service quality level-based...

H04L 41/5032 : Generating service level re...

H04L 41/5061 : characterised by the intera...

H04L 41/5064 : Customer relationship manag...

H04L 41/5067 : Customer-centric QoS measur...

H04L 41/5074 : Handling of user complaints...

H04L 41/5083 : wherein the managed service...

H04L 41/5096 : wherein the managed service...

H04L 43/00 : Arrangements for monitoring...

H04L 43/024 : by adaptive sampling

H04L 43/045 : for graphical visualisation...

H04L 43/06 : Generation of reports

H04L 43/062 : related to network traffic

H04L 43/065 : related to network devices

H04L 43/067 : using time frame reporting

H04L 43/0805 : by checking availability

H04L 43/0811 : by checking connectivity

H04L 43/0817 : by checking functioning

H04L 43/0829 : Packet loss

H04L 43/0847 : Transmission error

H04L 43/0852 : Delays

H04L 43/0876 : Network utilisation, e.g. v...

H04L 43/0888 : Throughput

H04L 43/0894 : Packet rate

H04L 43/091 : Measuring contribution of i...

H04L 43/10 : Active monitoring, e.g. hea...

H04L 43/106 : using time related informat...

H04L 43/16 : Threshold monitoring

H04L 51/00 : User-to-user messaging in p...

H04L 51/04 : Real-time or near real-time...

H04L 51/222 : using geographical location...

H04L 63/02 : for separating internal fro...

H04L 63/0209 : Architectural arrangements,...

H04L 63/0218 : Distributed architectures, ...

H04L 63/0236 : Filtering by address, proto...

H04L 63/0272 : Virtual private networks

H04L 63/0281 : Proxies

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/0464 : using hop-by-hop encryption...

H04L 63/08 : for authentication of entit...

H04L 63/0807 : using tickets, e.g. Kerbero...

H04L 63/0815 : providing single-sign-on or...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/162 : at the data link layer

H04L 63/166 : at the transport layer

H04L 63/168 : above the transport layer

H04L 63/18 : using different networks or...

H04L 65/1101 : Session protocols

H04L 65/401 : wherein the services involv...

H04L 65/80 : Responding to QoS

H04M 15/00 : Arrangements for metering, ...

H04M 15/41 : Billing record details, i.e...

H04M 15/43 : Billing software details

H04M 15/44 : Augmented, consolidated or ...

H04M 15/49 : Connection to several servi...

H04M 15/51 : for resellers, retailers or...

H04M 15/58 : based on statistics of usag...

H04M 15/705 : Account settings, e.g. limi...

H04M 15/721 : using the Internet

H04M 15/745 : Customizing according to wi...

H04M 15/80 : Rating or billing plans; Ta...

H04M 15/8044 : Least cost routing

H04M 15/83 : Notification aspects

H04M 15/8351 : before establishing a commu...

H04M 15/84 : Types of notifications

H04M 2215/0104 : Augmented, consolidated or ...

H04M 2215/0108 : Customization according to ...

H04M 2215/0152 : General billing plans, rate...

H04M 2215/0164 : Billing record, e.g. Call D...

H04M 2215/0168 : On line or real-time flexib...

H04M 2215/0176 : Billing arrangements using ...

H04M 2215/018 : On-line real-time billing, ...

H04M 2215/0188 : Network monitoring; statist...

H04M 2215/42 : Least cost routing, i.e. pr...

H04M 2215/46 : Connection to several servi...

H04M 2215/54 : Resellers-retail or service...

H04M 2215/7009 : Account settings, e.g. user...

H04M 2215/7045 : Using Internet or WAP

H04M 2215/745 : Least cost routing, e.g. Au...

H04M 2215/81 : Notifying aspects, e.g. not...

H04M 2215/8108 : before establishing a commu...

H04M 2215/8129 : Type of notification

H04M 2215/82 : Advice-of-Charge [AOC], i.e...

H04M 3/5175 : Call or contact centers sup...

H04M 3/5191 : interacting with the Internet

Y10S 379/90 : Internet, e.g. Internet pho...

Y10S 707/99931 : Database or file accessing

Y10S 707/99937 : Sorting

Y10S 707/99938 : Concurrency, e.g. lock mana...

Y10S 707/99939 : Privileged access

Y10S 707/99944 : Object-oriented database st...

Y10S 715/969 : Network layout and operatio...

View All

Secure server architecture for web based data management

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Secure server architecture for web based data management

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links