| 发明名称 |
RESOURCE ACCESS SYSTEM AND METHOD |
| 摘要 |
A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource. |
| 申请公布号 |
US2017111336(A1) |
申请公布日期 |
2017.04.20 |
| 申请号 |
US201514883032 |
申请日期 |
2015.10.14 |
| 申请人 |
FullArmor Corporation |
发明人 |
Davis Charles A.;Kim Danny;Manlief Michael Hilton;Sousley Matthew Randall |
| 分类号 |
H04L29/06;H04L29/08;H04L29/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the endpoint is a computing device associated with a user, the system comprising:
a directory service managing authentication and authorization operations for the internal resource; a gatekeeper device residing in the external network; and a gateway device residing in an internal network, the gatekeeper device is configured to:
receive a resource operation request from the endpoint, the resource operation request is associated with the user; andtransmit the resource operation request to the gateway device, the gateway device is configured to:
receive the resource operation request from the gatekeeper device;authenticate with the directory service as the user, using credentials of the user;receive an internal token associated with the user based on the authentication;authorize the resource operation request with the directory service as the user, the gateway device impersonating the user using the internal token; andinitiate the resource operation request with the internal resource. |
| 地址 |
Boston MA US |
