Authentication of network nodes
First Claim
1. A computer-readable non-transitory medium storing instructions which, when executed by at least one processor, cause a computer system to perform activities comprising:
- upon receiving an online service request, establish a connection to a server hosting an application configured to provide the requested service, wherein the online service request is routed to the application on the server by establishing the connection with the server from a plurality of servers based on an identification, wherein the identification is based on a current load in response to performing a load balancing on the plurality of servers, when the plurality of servers host the application configured to provide the requested service, and wherein before routing the online service request to the application on the server, authorizing the online service request based on information obtained via a security certificate assigned to the application hosted on the server;
extract a global unique identifier (GUID) of the application hosted on the server from the security certificate associated with the application, wherein the GUID is embedded in the security certificate, and wherein the GUID is uniquely associated with the application;
identify one or more of a network address and a host name corresponding to the GUID of the application, wherein identifying the one or more of the network address and the host name corresponding to the GUID of the application, comprises;
looking up the GUID of the application in a map table, wherein the map table defines correspondence between one or more GUIDs correspondingly associated with one or more applications and one or more of a plurality of network addresses and a plurality of host names; and
when an identified network address or a host name corresponding to the GUID of the application from the map table matches a network address or a host name associated with the server hosting the application, based on a comparison between the identified network address or the host name corresponding to the GUID of the application and the network address or the host name associated with the server hosting the application, allow access to the application for processing the service request or reject the service request.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of systems and methods of network nodes authentication are described herein. In one aspect, a provisioning of an application in a specified computing environment is requested, where the application is operable of providing at least one kind of services to online clients. One or more servers are instantiated to deploy the application, where at least one of the servers may be a virtual machine. A globally unique identifier (GUID) for the application is generated and embedded in a security certificate associated with the deployed application. A correspondence between the GUID and the network address or the host name of the server is stored. In another aspect, a server request is forwarded for processing by the application or canceled based on a comparison between the network address or the host name of the server deploying the application, and the network address or the host name corresponding to the GUID.
-
Citations
14 Claims
-
1. A computer-readable non-transitory medium storing instructions which, when executed by at least one processor, cause a computer system to perform activities comprising:
-
upon receiving an online service request, establish a connection to a server hosting an application configured to provide the requested service, wherein the online service request is routed to the application on the server by establishing the connection with the server from a plurality of servers based on an identification, wherein the identification is based on a current load in response to performing a load balancing on the plurality of servers, when the plurality of servers host the application configured to provide the requested service, and wherein before routing the online service request to the application on the server, authorizing the online service request based on information obtained via a security certificate assigned to the application hosted on the server; extract a global unique identifier (GUID) of the application hosted on the server from the security certificate associated with the application, wherein the GUID is embedded in the security certificate, and wherein the GUID is uniquely associated with the application; identify one or more of a network address and a host name corresponding to the GUID of the application, wherein identifying the one or more of the network address and the host name corresponding to the GUID of the application, comprises;
looking up the GUID of the application in a map table, wherein the map table defines correspondence between one or more GUIDs correspondingly associated with one or more applications and one or more of a plurality of network addresses and a plurality of host names; andwhen an identified network address or a host name corresponding to the GUID of the application from the map table matches a network address or a host name associated with the server hosting the application, based on a comparison between the identified network address or the host name corresponding to the GUID of the application and the network address or the host name associated with the server hosting the application, allow access to the application for processing the service request or reject the service request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer implemented method for authentication of network nodes via a reverse proxy server, the method comprising:
-
upon receiving an online service request, establishing a network connection to a server hosting an application configured to provide the requested service, wherein the online service request is routed to the application on the server by establishing the connection with the server from a plurality of servers based on an identification, wherein the identification is based on a current load in response to performing a load balancing on the plurality of servers, when the plurality of servers host the application configured to provide the requested service, and wherein before routing the online service request to the application on the server, authorizing the online service request based on information obtained via a security certificate assigned to the application hosted on the server; extracting a global unique identifier (GUID) of the application hosted on the server from a security certificate associated with the application, wherein the GUID is embedded in the security certificate, and wherein the GUID is uniquely associated with the application; identifying, by a processor, one or more of a network address and a host name corresponding to the GUID of the application, wherein identifying the one or more of the network address and the host name corresponding to the GUID of the application, comprises;
looking up the GUID of the application in a map table, wherein the map table defines correspondence between one or more GUIDs correspondingly associated with one or more applications and one or more of a plurality of network addresses and a plurality of host names; andwhen an identified network address or a host name corresponding to the GUID of the application from the map table matches a network address or a host name associated with the server hosting the application, based on a comparison between the identified network address or the host name corresponding to the GUID of the application and the network address or the host name associated with the server hosting the application, allowing access to the application for processing the service request or rejecting the service request. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer system to authenticate network nodes via a reverse proxy server, the system comprising:
-
a memory to store instructions; and a processor coupled to the memory to execute the instructions to perform operations comprising; upon receiving an online service request, establish a network connection to a server hosting an application configured to provide the requested service wherein the online service request is routed to the application on the server by establishing the connection with the server from a plurality of servers based on an identification, wherein the identification is based on a current load in response to performing a load balancing on the plurality of servers, when the plurality of servers host the application configured to provide the requested service, and wherein before routing the online service request to the application on the server, authorizing the online service request based on information obtained via a security certificate assigned to the application hosted on the server; extract a global unique identifier (GUID) of the application hosted on the server from a security certificate associated with the application, wherein the GUID is embedded in the security certificate, and wherein the GUID is uniquely associated with the application; identify one or more of a network address and a host name corresponding to the GUID of the application, wherein identifying the one or more of the network address and the host name corresponding to the GUID of the application, comprises;
looking up the GUID of the application in a map table, wherein the map table defines correspondence between one or more GUIDs correspondingly associated with one or more applications and one or more of a plurality of network addresses and a plurality of host names; andwhen an identified network address or a host name corresponding to the GUID of the application from the map table matches a network address or a host name associated with the server hosting the application, based on a comparison between the identified network address or the host name corresponding to the GUID of the application and a network address or a host name associated with the server hosting the application, allow access to the application for processing the service request or rejecting the service request. - View Dependent Claims (12, 13, 14)
-
Specification