| CPC H04L 63/083 (2013.01) [H04L 63/0281 (2013.01); H04L 63/0815 (2013.01)] | 20 Claims |
|
1. A system for managing access to a network-provided service, the system comprising a client device and at least one remote browser isolation (RBI) host, wherein a data network communicably couples the client device and the RBI hosts to a service provider and an identity provider;
wherein the client device comprises a processor and memory, the client device configured to perform operations comprising:
receive user-input from, and provide user-output to, a client-user;
wherein the service provider comprises a processor and memory, the service provider configured to:
serve a network-provided service for authorized client-users;
wherein the identity provider comprises a processor and memory, the identity provider configured to:
maintain authorization information for the network-provided service; and
generate a permission-object that specifies that the client-user is an authorized user of the network-provided service, wherein the generation of the permission-object comprises creating the permission-object to comprise, at the time of creation, an access-override field that specifies a network address of a remote browser isolation (RBI) host;
wherein the RBI host comprises a processor and memory, the RBI host configured to:
receive the permission-object; and
instantiate an RBI instance configured to:
access the network-provided service;
run the network-provided service in an isolation environment to
generate a graphic user interface (GUI);
provide a visual reproduction of the GUI to the client device;
receive browser-input from the client device; and
apply the browser-input to the running network-provided service.
|