Method and device for sending requests
US-2016080529-A1 · Mar 17, 2016 · US
Securing communication over a network using dynamically assigned proxy servers
US10652226B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10652226-B2 |
| Application number | US-201715456442-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 10, 2017 |
| Priority date | Feb 1, 2013 |
| Publication date | May 12, 2020 |
| Grant date | May 12, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applications and resources; (3) determining whether the client system is authorized to access the domain; (4) identifying a particular server containing the domain; (5) identifying a proxy server assigned to the particular server; and (6) in accordance with a determination that the client system is authorized to access the domain: (a) transmitting an identification value for the client system to the identified proxy server; and (b) after transmitting the identification value to the identified proxy server, transmitting, to the client system, contact information for connecting to the identified proxy server.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for providing secure access to network resources within a server system, comprising: changing a proxy for a particular server of the server system over time to prevent an attacker from knowing which proxy server of a plurality of potential proxy servers is acting as the proxy at a given time, including: at a first time: assigning a first proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server of the server system; and unassigning a second proxy server of the plurality of potential proxy servers as the proxy for the particular server system; and at a second time subsequent to the first time: assigning a third proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server; and unassigning the first proxy server as the proxy for the particular server system; at a third time between the first time and the second time, receiving at the first proxy server a request from a client system to access network applications and resources hosted by the server system; determining at the first proxy server whether the request includes an encrypted identifier for the client system; in accordance with a determination that the request includes the encrypted identifier: determining at the first proxy server whether the client system is authorized to access the requested network applications and resources based on the encrypted identifier; in accordance with a determination that the client system is authorized to access the requested network application and resources, communicatively coupling the client system to the particular server via the first proxy server; and in accordance with a determination that the request does not include the encrypted identifier, dropping the request without responding to the client system. 2. The method of claim 1 , wherein changing the proxy for the particular server comprises periodically changing the proxy for the particular server. 3. The method of claim 1 , wherein determining whether the client system is authorized to access the requested network applications and resources comprises: determining the identity of the user associated with the client system; retrieving stored permissions of the user associated with the client system; and determining whether the client system is authorized to access the requested network applications and resources based on the retrieved permissions. 4. The method of claim 1 , further comprising identifying the first proxy server as assigned to the particular server system at the third time, including examining a lookup table stored at a trust broker system. 5. The method of claim 1 , wherein the determination of whether the client system is authorized to access the requested network applications and resources is based on a geographical location of the client system. 6. The method of claim 1 , wherein the determination of whether the client system is authorized to access the requested network applications and resources is based on an integrity check of the client system. 7. A computing system, comprising: one or more processors; memory storing one or more programs to be executed by the one or more processors; the one or more programs comprising instructions for: changing a proxy for a particular server of a server system over time to prevent an attacker from knowing which proxy server of a plurality of potential proxy servers is acting as the proxy at a given time, including: at a first time: assigning a first proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server of the server system; and unassigning a second proxy server of the plurality of potential proxy servers as the proxy for the particular server system; and at a second time subsequent to the first time: assigning a third proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server; and unassigning the first proxy server as the proxy for the particular server system; at a third time between the first time and the second time, receiving at the first proxy server a request from a client system to access network applications and resources hosted by the server system; determining at the first proxy server whether the request includes an encrypted identifier for the client system; in accordance with a determination that the request includes the encrypted identifier; determining at the first proxy server whether the client system is authorized to access the requested network applications and resources based on the encrypted identifier; in accordance with a determination that the client system is authorized to access the requested network application and resources, communicatively coupling the client system to the particular server via the first proxy server; and in accordance with a determination that the request does not include the encrypted identifier, dropping the request without responding to the client system. 8. The computing system of claim 7 , wherein changing the proxy for the particular server comprises periodically changing the proxy for the particular server. 9. The computing system of claim 7 , wherein determining whether the client system is authorized to access the requested network applications and resources comprises: determining the identity of the user associated with the client system; retrieving stored permissions of the user associated with the client system; and determining whether the client system is authorized to access the requested network applications and resources based on the retrieved permissions. 10. The computing system of claim 7 , wherein the one or more programs further comprise instructions for identifying the first proxy server as assigned to the particular server system at the third time, including examining a lookup table stored at a trust broker system. 11. The computing system of claim 7 , wherein the determination of whether the client system is authorized to access the requested network applications and resources is based on a geographical location of the client system. 12. The computing system of claim 7 , wherein the determination of whether the client system is authorized to access the requested network applications and resources is based on an integrity check of the client system. 13. A non-transitory computer-readable storage medium storing one or more programs configured for execution by a computing system, the one or more programs comprising instructions for: changing a proxy for a particular server of a server system over time to prevent an attacker from knowing which proxy server of a plurality of potential proxy servers is acting as the proxy at a given time, including: at a first time: assigning a first proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server of the server system; and unassigning a second proxy server of the plurality of potential proxy servers as the proxy for the particular server system; and at a second time subsequent to the first time: assigning a third proxy server of the plurality of potential proxy servers to temporarily act as the proxy for the particular server; and unassigning the first proxy server as the proxy for the particular server system; at a third time between the first time and the second time, receiving at the first proxy server a request from a client system to access network applications and resources hosted by the server system; determining at the first proxy server whether the request in
Assignees
Inventors
Classifications
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
User authentication · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Proxies · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10652226B2 cover?
- The various embodiments described herein include methods, devices, and systems for providing secure access to network resources. In one aspect, a method is performed at a trust broker system. The method includes: (1) receiving, from a client system, a request to access network applications and resources hosted by a server system; (2) identifying a domain providing the requested network applicat…
- Who is the assignee on this patent?
- Verizon Patent & Licensing Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 12 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).