| CPC H04L 63/20 (2013.01) [H04L 9/3213 (2013.01); H04L 63/08 (2013.01); H04L 63/10 (2013.01); H04L 63/1433 (2013.01); H04L 63/0815 (2013.01); H04L 63/083 (2013.01); H04L 63/102 (2013.01)] | 15 Claims |
|
1. A distributed security system comprising:
a plurality of content processing nodes communicatively coupled to an authority node, implemented in hardware, that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, wherein an external system is any of the enterprise, the computer device, and the mobile device, and wherein a content processing node is configured to
receive a request from the user for a domain;
identify one or more previously assigned authentication and authorization states of the user;
determine, based on data transmitted by the user and the one or more previously assigned authentication and authorization states, for the requested domain, an authentication and authorization state for the user;
store the determined authentication and authorization state for the user;
utilize the stored authentication and authorization state to process subsequent requests for the user, wherein the authentication and authorization state can include any of an Unauthenticated (UA) state, an Authenticated for a Location (AL) state, an Authenticated User (AU) state, and an Authorized for a Domain (AD) state, and wherein the transmitted data or lack of transmitted data identifies the user as belonging to an authentication and authorization state;
maintain the authentication and authorization states of users that submit requests to the content processing node;
process requests from the one of the computer device and the mobile device to a domain based on a level of authentication or authorization the user has obtained, wherein the content processing node is configured as a proxy for the one of the computer device and the mobile device;
one of: allow the user to transmit requests to the domain, allow a user to obtain content from the domain through the content processing node, allow a user to obtain content directly from the domain, or request credentials from a user in order for the user to become authenticated, wherein the domain is located external from the plurality of content processing nodes, and wherein the authority node is configured to provide policy data for an external system to each of the plurality of content processing nodes and monitor health of each of the plurality of content processing nodes to redirect and balance traffic among the plurality of content processing nodes based thereon, wherein the health relates to operational status including at least one of resource availability and communication link status of the plurality of content processing nodes;
wherein when the request is a new domain, the content processing node is further configured to
determine if the user is in an Authorized User (AU) state, wherein the AU state is determined by identifying if the user is authorized to submit requests to the content processing node;
responsive to determining that the user is in the AU state, examine policy associated with the user;
determine the user is authorized to access the new domain based on the policy; and
maintain an AD state for the user for the new domain.
|