Abstract: A system and method for providing secure access to an organization's internal resources by an application running on an external network. An agent accepts queries from the application which are passed to a relay with a dynamic filter. The relay establishes a secure connection with a connector through the organization's firewall and passes requests from the application to an authentication service running on the internal network to confirm that a user of the application is authorized and issue an authentication ticket which is returned to the application. The application then sends a request to access a specific internal resource based on the authentication ticket, which is passed to a ticket granting service running on the internal network, to verify that said user is authorized to access the specific internal resource, and, if so, issue a service ticket to grant access the application for that resource.

Abstract: A system and method for granting access to network resources through access credentials given to an agent process running on each computer or machine where resource requesters reside. The system extends a traditional token-granting authorization system to the agent processes, where each agent has administrative access to machine information. The agent uses that access to acquire detailed information about resource requesters. Requester qualifications defined by the system limit requester access to resources, and are enforced both by the agent and by the central system on the network resource server. Resource requesters ask for a token for resource use from the agent, not the central system. The agent uses its credentials to get a token from the central system and then return the token to qualified requesters.

Abstract: Techniques to facilitate protection of data resources from unauthorized access are disclosed herein. In at least one implementation, a data shield server instructs a user to replace an address and a port associated with a data resource with an updated address associated with the data shield server and a unique port that is uniquely assigned to the user. A request from the user to access the data resource is received at the updated address associated with the data shield server and on the unique port that is uniquely assigned to the user. In response to the request, the user is authenticated using multi-factor authentication to verify that an identity of the user that submitted the request matches the user assigned to the unique port on which the request was received. Upon successful authentication, the data shield server operates as a proxy to connect the user through to the data resource.

Abstract: A system and method for providing secure access to an organization's internal directory service from external hosted services. The system includes a remote directory service configured to accept directory service queries from an application running on hosted services. The remote directory service passes the queries to a directory service proxy server inside a firewall of the organization via a secure connection service. The directory service proxy server passes the queries to the internal directory service inside said firewall. Request responses from the internal directory service pass through the directory service proxy server to the remote directory service through said firewall via the secure connection service. The remote directory service returns the response to the requesting application.

Abstract: A system and method for granting access to network resources through access credentials given to an agent process running on each computer or machine where resource requesters reside. The system extends a traditional token-granting authorization system to the agent processes, where each agent has administrative access to machine information. The agent uses that access to acquire detailed information about resource requesters. Requester qualifications defined by the system limit requester access to resources, and are enforced both by the agent and by the central system on the network resource server. Resource requesters ask for a token for resource use from the agent, not the central system. The agent uses its credentials to get a token from the central system and then return the token to qualified requesters.