Securing communication over a network using client system authorization and dynamically assigned proxy servers
First Claim
Patent Images
1. A method for providing secure access to network resources, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
receiving, from a client system, a request to access network applications and resources associated with and hosted by a server system;
locating a first virtual domain of a plurality of virtual domains, wherein;
each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and
the first virtual domain provides the requested network applications and resources;
determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system;
identifying a particular server of the server system containing the first virtual domain;
identifying, from a plurality of potential proxy servers, a proxy server currently assigned to the particular server; and
in response to the determination that the client system is authorized to access the first virtual domain;
transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and
after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources provided by the first virtual domain, wherein the contact information includes one or more session keys, a network address of the identified proxy server, and the identification value.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.
-
Citations
14 Claims
-
1. A method for providing secure access to network resources, comprising:
at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors; receiving, from a client system, a request to access network applications and resources associated with and hosted by a server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; identifying a particular server of the server system containing the first virtual domain; identifying, from a plurality of potential proxy servers, a proxy server currently assigned to the particular server; and in response to the determination that the client system is authorized to access the first virtual domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources provided by the first virtual domain, wherein the contact information includes one or more session keys, a network address of the identified proxy server, and the identification value. - View Dependent Claims (2, 3, 4, 5)
-
6. A trust broker system, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; receiving, from a client system, a request to access network applications and resources associated with and hosted by a server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; identifying a particular server of the server system containing the first virtual domain; identifying, from a plurality of potential proxy servers, a proxy server currently assigned to the particular server; and in response to the determination that the client system is authorized to access the first virtual domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources provided by the first virtual domain, wherein the contact information includes one or more session keys, a network address of the identified proxy server, and the identification value. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable storage medium storing one or more programs configured for execution by a trust broker system, the one or more programs comprising instructions for:
-
receiving, from a client system, a request to access network applications and resources associated with and hosted by a server system; locating a first virtual domain of a plurality of virtual domains, wherein; each virtual domain provides a respective logical set of network applications and resources, distinct from other virtual domains, wherein a respective logical set of network applications and information corresponds to a subset of network resources provided by the server system; and the first virtual domain provides the requested network applications and resources; determining whether the client system is authorized to access the first virtual domain based on permissions of a user associated with the client system; identifying a particular server of the server system containing the first virtual domain; identifying, from a plurality of potential proxy servers, a proxy server currently assigned to the particular server; and in response to the determination that the client system is authorized to access the first virtual domain; transmitting an identification value for the client system to the identified proxy server, wherein the identification value is an encrypted value identifying the client system; and after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server to access the requested network applications and resources provided by the first virtual domain, wherein the contact information includes one or more session keys, a network address of the identified proxy server, and the identification value. - View Dependent Claims (12, 13, 14)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeVerizon Patent and Licensing Incorporated (Verizon Communications Inc.)
-
Original AssigneeVidder, Inc. (Verizon Communications Inc.)
-
InventorsIslam, Junaid, Bilger, Brent, Schroeder, Ted
-
Primary Examiner(s)Hirl, Joseph P
-
Assistant Examiner(s)BEHESHTI SHIRAZI, SAYED ARESH
-
Application NumberUS14/748,167Publication NumberTime in Patent Office686 DaysField of Search726 4, 726 5, 726 7, 726 12, 713155, 713156, 713158, 713170US Class CurrentCPC Class CodesG06F 21/31 User authenticationG06F 21/57 Certifying or maintaining t...G06F 21/6218 to a system of files or obj...G06F 2221/2111 Location-sensitive, e.g. ge...G06F 2221/2113 Multi-level security, e.g. ...H04L 2101/69 using geographic informatio...H04L 63/0281 ProxiesH04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/0876 based on the identity of th...H04L 63/10 for controlling access to d...H04L 63/105 Multiple levels of securityH04L 63/107 wherein the security polici...H04L 63/1433 Vulnerability analysisH04L 63/20 for managing network securi...H04L 67/01 ProtocolsH04L 67/10 in which an application is ...H04L 67/562 Brokering proxy services
