HTTP authentication and authorization management

摘要

Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.

主权项

1. A method, comprising:
receiving, at a processing node comprising a communication device, a first request for a domain from a client browser, the client browser associated with a first communication address, wherein the processing node is part of a distributed security system located external from the client browser and external from the domain configured to monitor communications associated with the client browser in an overlay network, wherein the distributed security system is configured to detect and preclude security threats comprising malware, spyware, and other undesirable content sent from or requested by the client browser or the domain; identifying a first authorized user data associated with the first request; identifying at the processing node the first communication address associated with the client browser; associating at the processing node the first communication address of the client browser with the first authorized user data; encrypting at the processing node the first authorized user data and the associated first communication address to generate a first associated authorization data comprising an associate token, wherein the first communication address includes a port address used by the client browser to communicate with the processing node, thereby preventing intercepting of the first associated authorization data by an unauthorized client, wherein the encrypting uses a private key that is generated at the processing node; providing the first associated authorization data to the client browser at the first communication address; and processing a data request at the processing node for the domain from the client browser using the first associated authorization data, wherein the client browser is prevented, by the processing node, from accessing the domain without the first associated authorization data comprising the associate token and without a communication address associated with the data request matching the communication address associated with the associate token, wherein the first associated authorization data determines eligibility of the client browser to complete an action associated with the domain.