최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0648679 (2012-10-10) |
등록번호 | US-8935772 (2015-01-13) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 291 |
A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load bala
A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system.
1. A method comprising: receiving a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication s
1. A method comprising: receiving a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; anddispatching the service request, via a back-end server to a proxy service linking to one of a plurality of applications;wherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules. 2. A method according to claim 1, wherein the server is on one side of one of the plurality of firewalls and the back-end server is located on the other side of the one of the plurality of firewalls. 3. A method according to claim 1, wherein the server is a web-based server. 4. A method according to claim 1, wherein the server is located between the firewalls and the back-end server is not located between the firewalls. 5. A method according to claim 1, wherein the session identifier is encapsulated in a cookie. 6. A method according to claim 1, wherein the communication session is established according to HyperText Transfer Protocol (HTTP). 7. A method according to claim 1, wherein the secure network area isolates the private data network from the public data network. 8. A method according to claim 7, wherein the server does not store or compute actual client sensitive data. 9. An apparatus comprising: an interface configured to receive a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; anda processor configured to dispatch the service request, via a back-end server to a proxy service linking to one of a plurality of applications; and further configured to:accept the service request from the client and route the service request from the client to at least one of a plurality of preselected addresses behind a first one of the plurality of firewalls in accordance with a first set of filtering rules; and accept the service request from the server and route the service request from the server to at least one of a plurality of preselected addresses behind a second one of the plurality of firewalls in accordance with a second set of filtering rules. 10. An apparatus according to claim 9, wherein the server is on one side of one of the plurality of firewalls and the back-end server is located on the other side of the one of the plurality of firewalls. 11. An apparatus according to claim 9, wherein the server is a web-based server. 12. An apparatus according to claim 9, wherein the server is located between the firewalls and the back-end server is not located between the firewalls. 13. An apparatus according to claim 9, wherein the session identifier is encapsulated in a cookie. 14. An apparatus according to claim 9, wherein the communication session is established according to HyperText Transfer Protocol (HTTP). 15. An apparatus according to claim 9, wherein the secure network area isolates the private data network from the public data network. 16. An apparatus according to claim 9, wherein the server does not store or compute actual client sensitive data. 17. A system comprising: a server within a secure network area that employs a plurality of firewalls, wherein the server receives a service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; anda back-end server,wherein the service request is provided to an interface configured to receive the service request over a private data network from the server, wherein the service request is dispatched via the back-end server to a proxy service linking to one of a plurality of applications; andwherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules. 18. A system according to claim 17, wherein the server is on one side of one of the plurality of firewalls and the back-end server is located on the other side of the one of the plurality of firewalls. 19. A system according to claim 17, wherein the server is a web-based server. 20. A system according to claim 17, wherein the server is located between the firewalls and the back-end server is not located between the firewalls.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.