| 摘要 |
<p>This invention provides methods and apparatus for enabling access to restricted information contained at a semi-trusted web-server (100) also called a proxy server. The client (101), semi-trusted web-server (104), and origin web-server (103) are connected to a core network (102). Restricted information is information that is only available to a selected group of authorized clients (101). A client (101) desiring access to the restricted information authenticates itself with a trusted web-server (i.e. origin web-server) (103), and obtains a client credential. The client then contacts the semi-trusted web-server (100) with the credential and obtains access to the restricted content. The restricted information may be encrypted at the semi-trusted web-server (100), so that the restricted information is secure even if the semi-trusted web-server (100) is not completely secure. To shorten the length of time that the client (101) must wait for a response to requests and to lighten the load on the origin web-server (103), the semi-trusted web-server (100) may service the requests of the client (101). Generally, a semi-trusted web-server (100) is chosen to service the requests of a client (101) if the semi-trusted web-server (100) is less than the origin web-server (103).</p> |
