Apparatus and method for providing trusted network security

(54) APPARATUS AND METHOD FOR PROVIDING TRUSTED NETWORK SECURITY

(75) Inventors: Alfred A. Alegre, Belmont; Rong Q.

Sha, Milpitas; William R. Soley,

Campbell, all of CA (US)

(73) Assignee: Sun Microsystems, Inc., Palo Alto, CA (US)

( * ) Notice: This patent issued on a continued prosecution application filed under 37 CFR 1.53(d), and is subject to the twenty year patent term provisions of 35 U.S.C. 154(a)(2).

Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.

(21) Appl. No.: 09/060,480

(22) Filed: Apr. 15, 1998

(51) Int. C I. G06F 13/00

(52) U.S. CI 709/229; 709/219; 709/223;

709/225; 709/227; 713/201

(58) Field of Search 709/202, 203,

709/217, 218, 219, 223, 224, 225, 227, 229, 249, 250, 313; 713/201, 202; 380/4, 21, 23, 25, 49

(56) References Cited

U.S. PATENT DOCUMENTS

5,202,921 * 4/1993 Herzberg et al 380/23

5,235,642 8/1993 Wobber et al. .

5,345,506 * 9/1994 Tsubakiyama et al 380/23

5,708,780 * 1/1998 Levergood et al 709/229

5,724,425 * 3/1998 Chang et al 380/25

5,754,939 * 5/1998 Herz et al 455/4.2

5,787,173 * 7/1998 Seheidt et al 380/21

5,832,228 * 11/1998 Holden et al 709/225

5,872,847 * 2/1999 Boyle et al 380/25

6,032,184 * 2/2000 Cogger et al 709/223

FOREIGN PATENT DOCUMENTS

0 398 492 A2 11/1990 (EP) . WO 96/42041 12/1996 (WO) . WO 98/07088 2/1998 (WO) .

* cited by examiner

Primary Examiner—-Viet D. Vu

(74) Attorney, Agent, or Firm—Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P.

(57) ABSTRACT

A session key is established for accessing a trusted network from a browser. An authentication process receives identification information from a user at the browser, and authenticates the user by checking the identification information against an authentication database. If the authentication database authenticates the user, a session key is created and stored at the browser. If the user is authenticated, a user profile defining access rights for the user is also retrieved. The user is then presented with access options based on the access rights defined in the user profile. In response to a user selection from the access page, the browser forwards an information request to the trusted network. The request includes a session key. A speaker object processes the information request and session key to form a network request packet. The network request packet is formed in a manner that allows authentication of the speaker object. The session packet is forwarded to a trusted network and processed. The packet is first authenticated to determine if it originated from the speaker object, and then the key is checked for validity at the trusted server. If the key is valid, the information request is processed and the information is returned to the user for display on the browser.

36 Claims, 14 Drawing Sheets