CPC H04L 63/0884 (2013.01) [H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); H04L 63/0272 (2013.01); H04L 63/062 (2013.01); H04L 63/0823 (2013.01); H04L 63/0846 (2013.01); H04L 63/0876 (2013.01)] | 21 Claims |
1. A system for computer security, the system comprising:
a triage zone and a production zone logically or physically separate from the triage zone, wherein a set of protected resource can be accessed through the production zone but cannot be accessed through the triage zone, and wherein:
the triage zone is adapted to obtain an authentication request associated with a client device, the triage zone including:
an identity manager to, upon successful validation in association with the authentication request, generate an ephemeral token and enable an associated dynamic certificate set to expire at a specific time, and to create or update a stored entry based on the dynamic certificate, wherein the ephemeral token is adapted to be provided to the client device to allow access to the production zone, and not the triage zone, based on the associated dynamic certificate;
the production zone adapted to:
establish a connection with the client device based on the dynamic certificate, ephemeral token, and a username; and
verify, by accessing the stored entry, that the authentication request provided by the client device is valid.
|