| CPC H04L 63/0245 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0435 (2013.01)] | 14 Claims |
|
1. A system comprising:
a processor configured to:
receive a request at a first firewall of a cloud-based security service to access a protected resource;
generate an authentication token with opaque information using a cloud authentication service, wherein the opaque information is embedded in the authentication token, wherein the authentication token is encrypted, and wherein the opaque information includes one or more of the following: a host ID of a client machine, a remote host ID or IP address of a client machine, and/or a fully qualified domain name (FQDN) of a firewall behind a load balancer; and
verify the authentication token using the opaque information, comprising to:
decrypt the authentication token to obtain a decrypted authentication token and embedded opaque information:
compare the embedded opaque information with the opaque information; and
in the event that the embedded opaque information does not match the opaque information, determine that the decrypted authentication token is not verified; and
a memory coupled to the processor and configured to provide the processor with instructions.
|