Secure proxying using network intermediaries
First Claim
Patent Images
1. A system, comprising:
- one or more servers; and
a hardware device configured to implement a network intermediary;
wherein the network intermediary is configured to;
receive a client request;
generate security metadata associated with the client request, wherein the security metadata comprises an identification of a source of the client request; and
transmit an encoded version of the security metadata and a backend request corresponding to the client request to a server of the one or more servers, wherein the encoded version is based at least in part on at least a portion of the security metadata and a key held by the network intermediary; and
wherein the server is configured to;
determine whether the security metadata is valid;
in response to determining that the security metadata is valid, perform one or more operations in accordance with the backend request and the security metadata; and
in response to determining that the security metadata is not valid, reject the backend request.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for secure proxying using network intermediaries. A system may include one or more servers and a network intermediary. The network intermediary may generate security metadata associated with a client request, comprising an identification of a source of the client request, and transmit an encoded version of the security metadata and a backend request to a server. The server may determine whether the security metadata is valid. If the security metadata is validated, the server may perform one or more operations in accordance with the backend request and the security metadata.
139 Citations
25 Claims
-
1. A system, comprising:
-
one or more servers; and a hardware device configured to implement a network intermediary; wherein the network intermediary is configured to; receive a client request; generate security metadata associated with the client request, wherein the security metadata comprises an identification of a source of the client request; and transmit an encoded version of the security metadata and a backend request corresponding to the client request to a server of the one or more servers, wherein the encoded version is based at least in part on at least a portion of the security metadata and a key held by the network intermediary; and wherein the server is configured to; determine whether the security metadata is valid; in response to determining that the security metadata is valid, perform one or more operations in accordance with the backend request and the security metadata; and in response to determining that the security metadata is not valid, reject the backend request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
generating security metadata associated with a client request received at a network intermediary, wherein the security metadata comprises an identification of a source of the client request; and transmitting an encoded version of the security metadata to a server from the network intermediary, wherein the encoded version is based at least in part on at least a portion of the security metadata and a key held by the network intermediary, determining, at the server, whether the security metadata is valid; in response to determining that the security metadata is valid, performing one or more operations responsive to the client request and the security metadata at the server; and in response to determining that the security metadata is not valid, generating an error response. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-accessible storage medium storing program instructions computer-executable to implement:
-
receiving, at a network intermediary, a client request for a backend service; in response to said receiving the client request the network intermediary; generating security metadata associated with the client request, wherein the security metadata comprises an identification of a source of the client request; creating an encoded version of the security metadata based at least in part on a key and at least a portion of the security metadata; and transmitting the encoded version of the security metadata to a backend server configured to identify the source of the client request to perform one or more operations responsive to the client request. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification