Securing communication over a network using client integrity verification
First Claim
1. A method for securing communication over a network, comprising:
- at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors;
receiving a request from a client system remote from the trust broker system to connect to network applications and resources hosted by a server system, wherein the client system is a stateless client device that retains no network access information from a prior online session;
in response to the request to connect with the server system;
determining which network applications and resources a user associated with the client system is authorized to access;
in accordance with a determination that the user is authorized to access the requested network applications and resources;
establishing a connection with the client system;
transmitting, to the server system, session information that identifies the client system; and
sending the network access information to the client system, wherein the network access information enables the requesting client system to connect to the requested server system for one session, and enables the client system to download, from the server system, instructions for performing one or more tasks associated with the requested network data and services, wherein the downloaded instructions are not permanently stored on the client system and are only retained for the one session.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.
-
Citations
20 Claims
-
1. A method for securing communication over a network, comprising:
-
at a trust broker system having one or more processors and memory storing one or more programs for execution by the one or more processors; receiving a request from a client system remote from the trust broker system to connect to network applications and resources hosted by a server system, wherein the client system is a stateless client device that retains no network access information from a prior online session; in response to the request to connect with the server system; determining which network applications and resources a user associated with the client system is authorized to access; in accordance with a determination that the user is authorized to access the requested network applications and resources; establishing a connection with the client system; transmitting, to the server system, session information that identifies the client system; and sending the network access information to the client system, wherein the network access information enables the requesting client system to connect to the requested server system for one session, and enables the client system to download, from the server system, instructions for performing one or more tasks associated with the requested network data and services, wherein the downloaded instructions are not permanently stored on the client system and are only retained for the one session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device for securing communication over a network, wherein the electronic device comprises a trust broker system, comprising:
-
one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for; receiving a request from a client system remote from the trust broker system to connect to network applications and resources hosted by a server system, wherein the client system is a stateless client device that retains no network access information from a prior online session; in response to the request to connect with the server system; determining which network applications and resources a user associated with the client system is authorized to access; in accordance with a determination that the user is authorized to access the requested network applications and resources; establishing a connection with the client system; transmitting, to the server system, session information that identifies the client system; and sending the network access information to the client system, wherein the network access information enables the requesting client system to connect to the requested server system for one session, and enables the client system to download, from the server system, instructions for performing one or more tasks associated with the requested network data and services, wherein the downloaded instructions are not permanently stored on the client system and are only retained for the one session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device, wherein the electronic device comprises a trust broker system, the one or more programs comprising instructions for:
-
receiving a request from a client system remote from the trust broker system to connect to network applications and resources hosted by a server system, wherein the client system is a stateless client device that retains no network access information from a prior online session; in response to the request to connect with the server system; determining which network applications and resources a user associated with the client system is authorized to access; in accordance with a determination that the user is authorized to access the requested network applications and resources; establishing a connection with the client system; transmitting, to the server system, session information that identifies the client system; and sending the network access information to the client system, wherein the network access information enables the requesting client system to connect to the requested server system for one session, and enables the client system to download, from the server system, instructions for performing one or more tasks associated with the requested network data and services, wherein the downloaded instructions are not permanently stored on the client system and are only retained for the one session. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification