Who is the assignee on this patent?

Kailash Kailash, Nanjundaswamy Shashidhara Mysore, Mullick Amarnath, and 2 more

What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

HTTP authentication and authorization management

US9379895B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9379895-B2
Application number	US-17949208-A
Country	US
Kind code	B2
Filing date	Jul 24, 2008
Priority date	Jul 24, 2008
Publication date	Jun 28, 2016
Grant date	Jun 28, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: receiving, at a processing node comprising a communication device, a first request for a domain from a client browser, the client browser associated with a first communication address, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain; identifying a first authorized user data associated with the first request; identifying at the processing node the first communication address associated with the client browser; associating at the processing node the first communication address of the client browser with the first authorized user data; encrypting at the processing node the first authorized user data and the associated first communication address to generate a first associated authorization data comprising an associate token, wherein the first communication address includes a port address used by the client browser to communicate with the processing node, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at the processing node; providing the first associated authorization data to the client browser at the first communication address; and processing a data request at the processing node for the domain from the client browser using the first associated authorization data, wherein the client browser is prevented, by the processing node, from accessing the domain without the first associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the first associated authorization data determines eligibility of the client browser to complete an action associated with the domain. 2. The method of claim 1 , wherein the request is an http request. 3. The method of claim 1 , wherein receiving at a processing node a first request from a client browser comprises receiving at a processing node a first request for a domain from a client browser identifiable by a communication address. 4. The method of claim 1 , wherein the first communication address of the client browser is a port address. 5. The method of claim 1 , wherein the first associated authorization data is an http cookie. 6. The method of claim 1 , wherein the authorized user data is based on authentication data for a user. 7. The method of claim 1 , further comprising: receiving at the processing node a second request for a domain, and a second associated authorization data; decrypting at the processing node the second associated authorization data into a second authorized user data and a second communication address; determining whether the second communication address is the same as the first communication address; and if the second communication address is the same as the first communication address, allowing the request; if the second communication address is not the same as the first communication address, requesting user authorization from the client browser at the second communication address. 8. The method of claim 7 , wherein requesting user authorization comprises: requesting user authentication from the client browser at the second communication address; and generating authorized user data based on the requested user authentication. 9. A software stored in a non-transitory computer readable storage medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising: receiving a request for a domain from a client browser, the client browser associated with a communication address; identifying authorized user data associated with the request; identifying the communication address associated with the client browser; associating the communication address of the client browser with the authorized user data; encrypting the authorized user data and the communication address to generate associated authorization data comprising an associate token, wherein the communication address includes a port address used by the client browser to communicate with the data processing system, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at a processing node; providing the associated authorization data to the client browser at the communication address; and processing a data request for the domain from the client browser using the associated authorization data, wherein the data request is provided to the processing node and not directly to the domain, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, and wherein the client browser is prevented, by the processing node, from accessing the domain without the associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the associated authorization data determines eligibility of the client browser to complete an action associated with the domain, and wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain. 10. The software of claim 9 , wherein the communication address is a port address. 11. The software of claim 9 , wherein the request is an http request. 12. The software of claim 9 , wherein the associated authorization data is received in the form of an http cookie. 13. The software of claim 9 , wherein the authorized user data is based on authentication data. 14. A software stored in a non-transitory computer readable storage medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising: receiving a request for a domain and associated authorization data from a client browser, the client browser associated with a request communication address, wherein the client browser communicates the request to the data processing system and not directly to the domain, wherein the data processing system is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain; preventing the request if the associated authorization data fails to include an associate token; identifying the request communication address associated with the client browser; decrypting the associated authorization data into authorized user data and a source communication address from the associate token, wherein the client browser received the associated author

Assignees

Inventors

Classifications

H04L63/10
for controlling access to devices or network resources · CPC title
H04L63/083
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/0815
providing single-sign-on or federations · CPC title

Patent family

Related publications grouped by family.

View patent family 41569832

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9379895B2 cover?: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate tok…
Who is the assignee on this patent?: Kailash Kailash, Nanjundaswamy Shashidhara Mysore, Mullick Amarnath, and 2 more
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).