Resource access system and method
First Claim
1. A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the endpoint is a computing device associated with a user, the system comprising:
- a directory service managing authentication and authorization operations for the internal resource;
a gatekeeper device residing in the external network; and
a gateway device residing in an internal network,the gatekeeper device is configured to;
receive a resource operation request from the endpoint, the resource operation request is associated with the user, the resource operation request including credentials of the user; and
transmit the resource operation request to the gateway device, the gateway device is configured to;
receive the resource operation request from the gatekeeper device;
authenticate with the directory service as the user, using credentials of the user;
receive an internal token associated with the user from the directory service based on authentication by the directory service;
authorize the resource operation request, using the internal token received from the directory service, with the directory service as the user, the gateway device impersonating the user using the internal token; and
initiate the resource operation request with the internal resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.
-
Citations
19 Claims
-
1. A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the endpoint is a computing device associated with a user, the system comprising:
-
a directory service managing authentication and authorization operations for the internal resource; a gatekeeper device residing in the external network; and a gateway device residing in an internal network, the gatekeeper device is configured to; receive a resource operation request from the endpoint, the resource operation request is associated with the user, the resource operation request including credentials of the user; and transmit the resource operation request to the gateway device, the gateway device is configured to; receive the resource operation request from the gatekeeper device; authenticate with the directory service as the user, using credentials of the user; receive an internal token associated with the user from the directory service based on authentication by the directory service; authorize the resource operation request, using the internal token received from the directory service, with the directory service as the user, the gateway device impersonating the user using the internal token; and initiate the resource operation request with the internal resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the endpoint is a computing device associated with a user, the method comprising:
-
receiving, by a gatekeeper device residing in an external network, a resource operation request from the endpoint, the resource operation request is associated with the user, the resource operation request including credentials of the user; transmitting the resource operation request from the gatekeeper device to a gateway device residing in an internal network; receiving, by the gateway device, the resource operation request; authenticating with a directory service as the user, using credentials of the user; receiving an internal token associated with the user from the directory service based on authentication by the directory service; authorizing the resource operation request, using the internal token received from the directory service, with the directory service as the user, the gateway device impersonating the user using the internal token; and initiating the resource operation request with the internal resource. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory machine-readable storage medium storing a set of instructions that, when executed by at least one processor, causes the at least one processor to perform operations comprising:
-
receiving, by a gatekeeper device residing in an external network, a resource operation request from an endpoint residing in an external network, the resource operation request is associated with a user, the endpoint is a computing device associated with the user, the resource operation request including credentials of the user; transmitting the resource operation request from the gatekeeper device to a gateway device residing in an internal network; receiving, by the gateway device, the resource operation request; authenticating with a directory service as the user, using credentials of the user; receiving an internal token associated with the user from the directory service based on authentication by the directory service; authorizing the resource operation request, using the internal token received from the directory service, with the directory service as the user, the gateway device impersonating the user using the internal token; and initiating the resource operation request with the internal resource. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification