Accessing enterprise resources while providing denial-of-service attack protection
First Claim
Patent Images
1. A method comprising:
- receiving, at a gateway from a client device, a first request for a resource, the first request comprising a location identifier of the resource;
transmitting, to the client device, a redirection message that redirects the client device to an authenticator for authentication of credentials, wherein the redirection message comprises a resource-identification cookie, wherein the resource-identification cookie is configured to provide a level of protection against denial-of-service attacks to the gateway and comprises the location identifier of the resource;
authenticating credentials received from the client device conditioned upon the location identifier of the resource being extracted from the resource-identification cookie;
expiring, after authenticating the credentials, the resource-identification cookie;
transmitting, after authenticating the credentials, a session cookie to the client device;
receiving, from the client device, after authenticating the credentials, one or more second requests for the resource, wherein the one or more second requests comprise the session cookie and the location identifier of the resource; and
providing, based on the one or more second requests, access to the resource.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for accessing enterprise resources while providing denial-of-service attack protection may include receiving, at a gateway from a client device, a request for a resource, the request including a location identifier associated with the resource. Techniques may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message including the location identifier. Techniques may also include retrieving, after authentication of the credentials, the location identifier from the client device. Techniques may additionally include providing access to the resource based on the location identifier.
29 Citations
18 Claims
-
1. A method comprising:
-
receiving, at a gateway from a client device, a first request for a resource, the first request comprising a location identifier of the resource; transmitting, to the client device, a redirection message that redirects the client device to an authenticator for authentication of credentials, wherein the redirection message comprises a resource-identification cookie, wherein the resource-identification cookie is configured to provide a level of protection against denial-of-service attacks to the gateway and comprises the location identifier of the resource; authenticating credentials received from the client device conditioned upon the location identifier of the resource being extracted from the resource-identification cookie; expiring, after authenticating the credentials, the resource-identification cookie; transmitting, after authenticating the credentials, a session cookie to the client device; receiving, from the client device, after authenticating the credentials, one or more second requests for the resource, wherein the one or more second requests comprise the session cookie and the location identifier of the resource; and providing, based on the one or more second requests, access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, at a gateway from a client device, a request for a resource, the client device being unauthenticated to the gateway, the request comprising a location identifier of the resource; transmitting, to the client device, in response to the request, a first redirection message comprising data indicating a redirection to an authentication device, and a resource-identification cookie that comprises the location identifier of the resource, wherein the resource-identification cookie is configured to provide a level of protection against denial-of-service attacks to the gateway; receiving, at the authentication device from the client device, user credentials and the resource-identification cookie; extracting the location identifier of the resource from the resource-identification cookie received from the client device, resulting in an extracted location identifier of the resource; authenticating, by the authentication device, the user credentials; expiring, after authenticating the credentials, the resource-identification cookie; generating a session cookie in response to authenticating the user credentials; transmitting, to the client device, after authenticating the credentials, a second redirection message comprising data indicating a redirection to the extracted location identifier of the resource, the second redirection message comprising the session cookie; receiving an additional request from the client device, the additional request comprising the session cookie; and providing access to the resource in response to the additional request. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
one or more computing devices; and one or more non-transitory computer-readable media storing executable instructions that, when executed by the one or more computing devices, cause the one or more computing devices to; receive, from a client device, a first request for a resource, the first request comprising a location identifier of the resource; transmit, to the client device, a redirection message that redirects to an authenticator for authentication of credentials, wherein the redirection message comprises a resource-identification cookie, wherein the resource-identification cookie is configured to provide a level of protection against denial-of-service attacks to the one or more computing devices and comprises the location identifier of the resource; authenticate credentials received from the client device, conditioned upon the location identifier of the resource being extracted from the resource-identification cookie; expire, after authenticating the credentials, the resource-identification cookie; transmit, after authenticating the credentials, a session cookie to the client device; receive, after authenticating the credentials, one or more second requests for the resource, wherein the one or more second requests comprise the session cookie and the location identifier of the resource; and provide, based on the one or more second requests, access to the resource. - View Dependent Claims (17, 18)
-
Specification