Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2001-07-27
2004-05-04
Mizrahi, Diane D. (Department: 2175)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000
Reexamination Certificate
active
06732105
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of data processing. More specifically, embodiments of the present invention relate to providing a method for a wireless electronic device (e.g., a portable computer system, a palmtop computer system, cell phone, pager or any other hand held electronic device) to connect with authenticated access to Intranet web applications.
2. Related Art
Computer systems have evolved into extremely sophisticated devices that may be found in many different settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago.
Other changes in technology have also profoundly affected how people use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within a company could communicate at the same time with a central software application running on one computer system.
As corporations utilize increasingly distributed and open computing environments, the security requirements of an enterprise typically grow accordingly. The complexity of employee, customer and partner access to critical information, while assuring proper security, has proven to be a major hurdle. For example, many organizations implement applications that allow their external business partners, as well as their own internal employees, to access sensitive information resources within the enterprise. In the absence of adequate security measures, an enterprise may be subject to the risk of decreased security and confidentiality.
As a result, authentication mechanisms are usually implemented to protect information resources from unauthorized users. Examples of network security products include firewalls, digital certificates, virtual private networks, and single sign-on systems. Some of these products provide limited support for resource-level authorization. For example, a firewall can screen access requests to an application or a database, but does not provide object-level authorization within an application or database.
Single Sign-On (SSO) products, for example, maintain a list of resources an authenticated user can access by managing the login process to many different applications. However, firewalls, SSO and other related products are very limited in their ability to implement a sophisticated security policy characteristic of many of today's enterprises. They are limited to attempting to manage access at a login, or “launch level, ” which is an all or nothing approach that can't implement an acceptable level of security that is demanded by businesses supporting Intranets.
FIG. 1A
illustrates a prior art system
100
of a palmtop or “palm sized” computer system
104
connected to other computing systems and an Intranet via a cradle. Specifically, system
100
comprises a palmtop device
104
connected to PC
103
, which can be a serial communication bus, but could be any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. PC
103
is connected to server
101
and database
102
by an authenticated network connection. In the prior art system
100
, two authentication parameters are achieved to provide a secure connection. First, PC
103
is physically connected to the server
101
to establish a network connection. The physical location of PC
103
is usually sufficient for the network connection to be approved. Secondly, when applications on server
101
are used, the user of PC
103
must provide a user name and password to authorize use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification over the network and secondly on the application level by again authenticating the users login name and password.
Similarly,
FIG. 1B
is a prior art system
105
illustrating a palmtop computer connected to other computer systems and the Internet via a modem or dial up device. Specifically, palm device
104
is connected to modem
106
, which can be a serial communication bus, but could be of any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. Modem
106
is connected to server
101
and database
102
by an authenticated dial-up network connection. In the prior art system
105
, two authentication parameters are achieved to provide a secure connection. First, modem
106
must provide a correct user name and password to the server
101
to establish a network connection. Secondly, when applications on server
101
are used, the user of palm device
104
must provide a user name and password to authenticate use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification when the modem makes a connection to the network and secondly on the application level by again authenticating the users login name and password.
In these two configurations, a secure authentication process occurs in which two layers of authentication occur. First a network authentication is processed and secondly, an application authentication occurs. At least one of the authentication processes rely on the user supplying a user name and a password and both require network level authentication.
Unfortunately, most wireless communications do not support double authentication. Due to the differences between ECC encryption associated with wireless protocol and SSL encryption associated with traditional IP protocol, security and authentication mechanisms associated with mobile and wireless need to be modified to provide the same level of security as does the traditional land based communications. For example, mobile and wireless devices often access web servers through Internet gateways that provide no assurance of the identity of a device or user. In other words, they provide no network level of security. Intranet security guidelines for most companies usually require both authentication of a device to the network and of a user to each application before access to internal resource can be permitted.
Therefore, there exists a need for a mechanism which allows wireless devices to establish secure and authenticated connections to applications that reside on Intranet networks.
SUMMARY OF THE INVENTION
In accordance with the present invention, a system and method are disclosed to permit portable wireless devices secure and authenticated access to applications that are on an Intranet server. Embodiments of the present invention provide a flexible, inexpensive way for wireless network users to access Intranet applications while protecting Intranet resources (e.g., enterprise resources) against unauthorized access. In addition, the invention does not impose the authentication burden upon individual applications or require the use of application specific middleware or specific mobile application framework.
Embodiments of the present invention include a method and server system for exchanging data between a hand-held wireless electronic device and another computer system. This system allows a wireless electronic device to securely communicate with an Intranet by verifying two authentication parameters to provide network level
Stantz Mark
Watson, Jr. David M.
Mizrahi Diane D.
Mofiz Apu
palmOne, Inc.
Wagner , Murabito & Hao LLP
LandOfFree
Secure authentication proxy architecture for a web-based... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure authentication proxy architecture for a web-based..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure authentication proxy architecture for a web-based... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3217859