Method and system for authenticating and authorizing requestors interacting with content servers

US 7,676,828 B1
Filed: 09/13/2006
Issued: 03/09/2010
Est. Priority Date: 07/16/2002
Status: Active Grant

First Claim

Patent Images

1. A method for distributing secure access to a content server over a network, comprising:

receiving at an intermediate device a message from an upstream device, wherein the message includes a request from a sender for access to the content server;

if the intermediate device authenticates the upstream device, forwarding the message towards the content server;

if a downstream device of the upstream device determines that the intermediate device is authorized to authenticate the upstream device, enabling the sender of the message access to the content server;

enabling the downstream device through which the message passes on its way to the content server to determine if the sender is authorized to access the content server; and

sending, by the downstream device, the message to the content server with an indication that the downstream device authenticated the intermediate device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating and authorizing requesters interacting with content servers. A message including a request is forwarded from an upstream device and received by an intermediate device. The intermediate device authenticates the upstream device. Then, if the intermediate device is authorized to make decisions as to which sender may access the content server, the intermediate device determines whether the sender of the message has authority to access the content server as requested in the request. Otherwise, the message is forwarded towards the content server with an indication that the intermediate device authenticated the upstream device.

20 Citations

View as Search Results

24 Claims

1. A method for distributing secure access to a content server over a network, comprising:
- receiving at an intermediate device a message from an upstream device, wherein the message includes a request from a sender for access to the content server;
  
  if the intermediate device authenticates the upstream device, forwarding the message towards the content server;
  
  if a downstream device of the upstream device determines that the intermediate device is authorized to authenticate the upstream device, enabling the sender of the message access to the content server;
  
  enabling the downstream device through which the message passes on its way to the content server to determine if the sender is authorized to access the content server; and
  
  sending, by the downstream device, the message to the content server with an indication that the downstream device authenticated the intermediate device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising if the intermediate device is unable to authenticate the upstream device, discarding the message.
  - 3. The method of claim 1, further comprising:
    - receiving the message at the content server; and
      
      enabling the content server to determine if the sender of the received message is authorized to access the content server.
  - 4. The method of claim 1, further comprising:
    - modifying the message to indicate that the request is provided to the downstream device as if requested by the intermediate device; and
      
      enabling the content server to determine if the intermediate device is authorized to access the content server as requested in the modified message.
  - 5. The method of claim 1, wherein the authentication by the intermediate device employs at least one of a digital signature and a public key/private key encryption algorithm.
  - 6. The method of claim 1, wherein the intermediate device is arranged to determine if the sender is authorized to access the content server.

7. A computer storage media that includes components for distributing secure access to a content server over a network, comprising:
- a first component that enables an intermediate device to receive a message from an upstream device, wherein the message includes a request from a sender for access to the content server;
  
  a second component that enables the intermediate device to forward the message towards the content server if the intermediate device authenticates the upstream device; and
  
  a third component that enables the sender of the message access to the content server if a downstream device of the upstream device determines that the intermediate device is authorized to authenticate the upstream device, wherein the downstream device through which the message passes on its way to the content server is arranged to determine if the sender is authorized to access the content server, and wherein the downstream device sends the message to the content server with an indication that the downstream device authenticated the intermediate device.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer storage media of claim 7, further comprising another component for discarding the message if the intermediate device is unable to authenticate the upstream device.
  - 9. The computer storage media of claim 7, further comprising another component for enabling the content server to determine if the sender of the received message is authorized to access the content server.
  - 10. The computer storage media of claim 7, further comprising another component that modifies the message to indicate that the request is provided to the downstream device as if requested by the intermediate device.
  - 11. The computer storage media of claim 10, further comprising another component that enables the content server to determine if the intermediate device is authorized to access the content server as requested in the modified message.
  - 12. The computer storage media of claim 7, wherein the authentication by the intermediate device employs at least one of a digital signature and a public key/private key encryption algorithm.
  - 13. The computer storage media of claim 7, wherein the intermediate device is arranged to determine if the sender is authorized to access the content server.

14. An apparatus for distributing secure access to a content server over a network, comprising:
- an interface that receives a message from an upstream device, wherein the message includes a request from a sender for access to the content server; and
  
  circuitry coupled to the interface, the circuitry configured to perform actions, including;
  
  if the apparatus authenticates the upstream device, forwarding the message towards the content server;
  
  if a downstream device of the upstream device determines that the apparatus is authorized to authenticate the upstream device, enabling the sender of the message access to the content server; and
  
  enabling the downstream device to send the message to the content server with an indication that the downstream device authenticated the intermediate device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising discarding the message if the intermediate device is unable to authenticate the upstream device.
  - 16. The apparatus of claim 15, wherein the circuitry is arranged to perform further actions, comprising enabling the content server to determine if the sender of the received message is authorized to access the content server.
  - 17. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising modifying the message to indicate that the request is provided to the downstream device as if requested by the intermediate device.
  - 18. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising enabling the content server to determine if the intermediate device is authorized to access the content server as requested in the modified message.
  - 19. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising enabling authentication with at least one of a digital signature and a public key/private key encryption algorithm.
  - 20. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising determining if the sender is authorized to access the content server.
  - 21. The apparatus of claim 14, wherein the circuitry is arranged to perform further actions, comprising enabling the downstream device through which the message passes on its way to the content server is arranged to determine if the sender is authorized to access the content server.
  - 22. The apparatus of claim 14, wherein the circuitry is disposed on at least one blade.

23. A system for providing secure access to a content server over a network, comprising:
- an upstream device configured to send a message including a request from a sender to access a content server;
  
  an intermediate device configured to forward the message towards the content server if the intermediate device authenticates the upstream device; and
  
  a downstream device of the upstream device and through which the message passes on its way to the content server, the downstream device configured to;
  
  enable the sender of the message access to the content server if the downstream device determines that the intermediate device is authorized to authenticate the upstream device; and
  
  send the message to the content server with an indication that the downstream device authenticated the intermediate device.
- View Dependent Claims (24)
- - 24. The system of claim 23, wherein the sender is a content distributor that is configured to update content on a plurality of content servers that includes at least the content server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
DeCaprio, Donald Joseph
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US11/531,662
Time in Patent Office

1,273 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06F 2221/2151   Time stamp

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 9/321   involving a third party or ...

H04L 9/3249   using RSA or related signat...

Method and system for authenticating and authorizing requestors interacting with content servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating and authorizing requestors interacting with content servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links