Abstract: The present disclosure is a method for bridging requests for access to resources between requesters in a distributed network and an authenticator servicing the distributed network. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise.

Abstract: A system for controlling access to computing resources within an enterprise. The system can consist of a web server and a web security agent controlling access to URLs, a security gatekeeper and an access server controlling access to APIs, and a core security framework used by both the web server and web security agent and the security gatekeeper and access server to store security data and policies and make security decisions. The access server can be a SOAP server. The core security framework can consist of a policy store, a data store, and a policy server, where the data store can be a relational database or a directory. A session token can be attached to an approved request for access to an API and can provide access to the API for the duration of a session.

Abstract: The present disclosure is a method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise.

Abstract: The inventive system provides a distributed data processing system for performing data-related task implemented with a scalable hub and spoke architecture. The advantageous hub-and-spoke architecture comprises a central “hub” system site connected, through one or more high speed communication links, to one or more spoke systems, each of which may be located at a remote spoke system (which may be geographically dispersed from one another). While some information technology infrastructure is necessary for both the hub and the spoke systems, the expensive data processing and control systems, for implementing the majority of the system architecture, and where the majority of automated processing occurs, are concentrated at the hub location. Thus, most of the critical data processing activities are centralized at the hub system, while other activities that either must be performed, or are advantageous to be performed at a particular remote location, are executed by one or more spoke systems.