Authentication in a globally distributed infrastructure for secure content management
First Claim
1. A method for providing a Secure Content Management (SCM) service to users of information technology (IT) devices, the method comprising the steps of:
- utilizing, to support the SCM service, a distributed infrastructure that is accessible by the users over an Internet connection, the infrastructure including a plurality of points-of-presence (POPs), each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet and further including one or more policy databases that are non-centralized within the infrastructure for storing security policies, each of the non-centralized policy databases including non-centralized and duplicated security policies;
authenticating the users of the IT devices to the SCM service;
redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience is implementable; and
providing the SCM service to the authenticated users through the co-located POP, the SCM service a) implementing security monitoring of the authenticated user'"'"'s interactions with resources that are accessed over the Internet connection and applying the non-centralized and duplicated security policies to govern the authenticated user'"'"'s interactions with the resources once accessed so that an authenticated user is subject to identical security policy enforcement irrespective of which of the co-located POPs is utilized to provide the SCM service, the security monitoring including content filtering between the users'"'"' IT devices and the resource servers, the content filtering being implemented subsequent to a user being authenticated, and the security monitoring further including anti-virus protection and intrusion detection, and b) content caching based on a profile of a user, the user profile being generated responsively to the monitored interactions.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
89 Citations
20 Claims
-
1. A method for providing a Secure Content Management (SCM) service to users of information technology (IT) devices, the method comprising the steps of:
-
utilizing, to support the SCM service, a distributed infrastructure that is accessible by the users over an Internet connection, the infrastructure including a plurality of points-of-presence (POPs), each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet and further including one or more policy databases that are non-centralized within the infrastructure for storing security policies, each of the non-centralized policy databases including non-centralized and duplicated security policies; authenticating the users of the IT devices to the SCM service; redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience is implementable; and providing the SCM service to the authenticated users through the co-located POP, the SCM service a) implementing security monitoring of the authenticated user'"'"'s interactions with resources that are accessed over the Internet connection and applying the non-centralized and duplicated security policies to govern the authenticated user'"'"'s interactions with the resources once accessed so that an authenticated user is subject to identical security policy enforcement irrespective of which of the co-located POPs is utilized to provide the SCM service, the security monitoring including content filtering between the users'"'"' IT devices and the resource servers, the content filtering being implemented subsequent to a user being authenticated, and the security monitoring further including anti-virus protection and intrusion detection, and b) content caching based on a profile of a user, the user profile being generated responsively to the monitored interactions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of providing identity management in a Secure Content Management (SCM) service, the method comprising the steps of:
-
utilizing a distributed infrastructure to provide the SCM service that is accessible by users over an Internet connection, the SCM service a) in accordance with stored security policies, implementing security monitoring of interactions between service users and Internet-based resources, the security monitoring including content filtering between the users'"'"' information technology (IT) devices and the resource servers, the content filtering being implemented subsequent to a user being authenticated, and the security monitoring further including anti-virus protection and intrusion detection, and b) content caching based on a profile of a user, the user profile being generated responsively to the monitored interactions, the infrastructure including a plurality of points-of-presence (POPs), each POP in the plurality including at least a forward proxy server for forwarding traffic from IT devices to resource servers that are accessible on the Internet and further including one or more policy databases that are non-centralized within the infrastructure for storing the security policies, each of the non-centralized policy databases including non-centralized and duplicated security policies, and the infrastructure further including a hub operatively coupled to one or more POPs, the hub providing i) configuration management for forward proxy servers, and ii) identity management; receiving authentication credentials associated with users of the IT devices; and performing authentication of a user seeking access to the SCM service in accordance with the received authentication credentials by applying the non-centralized and duplicated security policies to govern the authenticated user'"'"'s interactions with the resources once accessed so that the authenticated user is subject to identical security policy enforcement irrespective of which of the co-located POPs is utilized to provide the SCM service. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for authenticating users to a Secure Content Management (SCM) service, the method comprising the steps of:
-
providing the SCM service using a cloud-based distributed infrastructure including a plurality of points-of-presence (POPs), each POP including a forward proxy through which users access and interact with resources available via an Internet connection and further including one or more policy databases that are non-centralized within the infrastructure for storing security policies, each of the non-centralized policy databases including non-centralized and duplicated security policies, the SCM service implementing a) security monitoring of user'"'"'s interactions with resources on a click-by-click basis by applying the non-centralized and duplicated security policies to govern the user'"'"'s interactions with the resources once so that a user is subject to identical security policy enforcement irrespective of which of the POPs is utilized to provide the SCM service, the security monitoring including content filtering between the users'"'"' information technology (IT) devices and the resource servers, the content filtering being implemented subsequent to a user being authenticated, and the security monitoring further including anti-virus protection and intrusion detection, and b) content caching based on a profile of a user, the user profile being generated responsively to the monitored interactions; and authenticating the users to the SCM service using pre-existing credentials supported by an identity metasystem. - View Dependent Claims (18, 19, 20)
-
Specification