METHOD AND SYSTEM FOR AUTHORIZING AND AUTHENTICATING USERS

摘要

A walled garden contains links to one or more servers providing network-based services. A walled garden proxy server (WGPS) controls access to the walled garden. When a user of a client wishes to access a service in the walled garden, the client sends a request to the WGPS including a plot number identifying the service and a ticket granting the client access to the service. The WGPS denies access to clients lacking a ticket or presenting invalid tickets. In response, the client contacts a gateway server (GS) having a database of users and associated access rights. The user presents authentication information to the GS. If the user positively authenticates, the GS generates a ticket containing a Box ID from the client, an expiration date, and set of bits representing the access rights of the user. The GS encrypts the ticket and gives it to the client. When the WGPS receives a request to access a service in the walled garden, it decrypts the ticket and uses the plot number as an index into the set of bits representing the user access rights. The indexed value indicates whether the WGPS allows the client to access the service. Accordingly, services provided by the walled garden can be sold individually or in tiers.