HTTP authentication and authorization management
First Claim
Patent Images
1. A method, comprising:
- receiving, at a processing node comprising a communication device, a first request for a domain from a client browser, the client browser associated with a first communication address, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain;
identifying a first authorized user data associated with the first request;
identifying at the processing node the first communication address associated with the client browser;
associating at the processing node the first communication address of the client browser with the first authorized user data;
encrypting at the processing node the first authorized user data and the associated first communication address to generate a first associated authorization data comprising an associate token, wherein the first communication address includes a port address used by the client browser to communicate with the processing node, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at the processing node;
providing the first associated authorization data to the client browser at the first communication address; and
processing a data request at the processing node for the domain from the client browser using the first associated authorization data, wherein the client browser is prevented, by the processing node, from accessing the domain without the first associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the first associated authorization data determines eligibility of the client browser to complete an action associated with the domain.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.
-
Citations
17 Claims
-
1. A method, comprising:
-
receiving, at a processing node comprising a communication device, a first request for a domain from a client browser, the client browser associated with a first communication address, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain; identifying a first authorized user data associated with the first request; identifying at the processing node the first communication address associated with the client browser; associating at the processing node the first communication address of the client browser with the first authorized user data; encrypting at the processing node the first authorized user data and the associated first communication address to generate a first associated authorization data comprising an associate token, wherein the first communication address includes a port address used by the client browser to communicate with the processing node, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at the processing node; providing the first associated authorization data to the client browser at the first communication address; and processing a data request at the processing node for the domain from the client browser using the first associated authorization data, wherein the client browser is prevented, by the processing node, from accessing the domain without the first associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the first associated authorization data determines eligibility of the client browser to complete an action associated with the domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A software stored in a non-transitory computer readable storage medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising:
-
receiving a request for a domain from a client browser, the client browser associated with a communication address; identifying authorized user data associated with the request; identifying the communication address associated with the client browser; associating the communication address of the client browser with the authorized user data; encrypting the authorized user data and the communication address to generate associated authorization data comprising an associate token, wherein the communication address includes a port address used by the client browser to communicate with the data processing system, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at a processing node; providing the associated authorization data to the client browser at the communication address; and processing a data request for the domain from the client browser using the associated authorization data, wherein the data request is provided to the processing node and not directly to the domain, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, and wherein the client browser is prevented, by the processing node, from accessing the domain without the associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the associated authorization data determines eligibility of the client browser to complete an action associated with the domain, and wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A software stored in a non-transitory computer readable storage medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising:
-
receiving a request for a domain and associated authorization data from a client browser, the client browser associated with a request communication address, wherein the client browser communicates the request to the data processing system and not directly to the domain, wherein the data processing system is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain; preventing the request if the associated authorization data fails to include an associate token; identifying the request communication address associated with the client browser; decrypting the associated authorization data into authorized user data and a source communication address from the associate token, wherein the client browser received the associated authorization data encrypted with source communication address based on communicating with the data processing system via the source communication address, thereby preventing intercepting of the associated authorization data by an unauthorized client, wherein the decrypting uses a public key that is generated at a processing node; determining whether the request communication address is the same as the source communication address in the associate token; and if the request communication address is the same as the source communication address, allowing the request comprising processing the request to the domain; and if the request communication address is not the same as the source communication address, requesting user authorization from the client browser at the request communication address; wherein the client browser is prevented, by the data processing system, from accessing the domain without the associated authorization data, wherein the associated authorization data determines eligibility of the client browser to complete an action associated with the domain.
-
-
15. A network security system, comprising:
-
a plurality of communication device nodes external to network edges of an external system, each node comprising; a source processor configured to receive at a processing node a first request for a first domain from a first client browser, the first client browser associated with a first communication address; wherein the source processor is configured to; identify a first authorized user data associated with the first request; identify at the processing node the first communication address associated with the first client browser; associate at the processing node a first communication address of the first client browser with the first authorized user data; encrypt at the processing node the first authorized user data and the first communication address to generate a first associated authorization data comprising an associate token, wherein the first communication address includes a port address used by the first client browser to communicate with the processing node, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at the processing node; provide the first associated authorization data to the first client browser at the first communication address; and process the data request at the processing node for the first domain from the first client browser using the first associated authorization data responsive to a presence of the associate token in the data request and a communication address of the data request matching the first communication address associated with the associate token, wherein the data request is provided to the processing node and not directly to the first domain; wherein the processing node is part of the network security system located external from the first client browser and the first domain configured to monitor communications associated with the first client browser in an overlay network, and wherein the client browser is prevented, by the processing node, from accessing the first domain without the first associated authorization data, wherein the first associated authorization data determines eligibility of the client browser to complete an action associated with the first domain, wherein the network security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the first client browser or the first domain. - View Dependent Claims (16, 17)
-
Specification