Systems and methods for secure resource access and network communication
First Claim
1. A computer-implemented method comprising:
- receiving on a client device first credentials from a user and authenticating the user with an enterprise network based on the credentials through a first application on the client device, wherein the first application comprises a secure web browser executing on the client device;
creating a secure communication channel between the first application and the enterprise network based on the authentication by;
sending a connection request to a remote server from which the remote server can obtain a first transient network address from the client device,receiving a second transient network address from the remote server in response to the connection request, the second transient network address being an address of a connection point on the enterprise network, andcreating the secure communication channel to the connection point using the second transient network address, wherein the first application is configured to communicate over the secure communication channel;
receiving at the client device an indication that the user has been authenticated by a second, different application external to the enterprise network and configured for access through the first application, wherein second credentials generated based on the authentication of the user with the enterprise network are provided via the enterprise network, in a manner transparent to the user, to the second application for the authentication by the second application;
communicating with the second application by the first application over the secure communication channel;
storing received information from the second application in an encrypted repository on the client device;
receiving by the first application a plurality of policies, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user of the client device;
receiving by the first application a request to open a resource;
determining by the first application that one of the policies prohibits access by the resource to the encrypted repository and, based thereon, selecting a different third application to open the resource that does not have access to the encrypted repository; and
causing the third application to open the resource.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for secure resource access and network communication are provided. A plurality of policies are received on a client device, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user of the client device in regards to the resource. A first application, which is configured to store data in an encrypted repository on the client device, receives a request to open a resource. The first application determines that one of the policies prohibits access by the resource to the encrypted repository and, based thereon, selects a different second application to open the resource that does not have access to the encrypted repository. The second application then opens the resource.
39 Citations
12 Claims
-
1. A computer-implemented method comprising:
-
receiving on a client device first credentials from a user and authenticating the user with an enterprise network based on the credentials through a first application on the client device, wherein the first application comprises a secure web browser executing on the client device; creating a secure communication channel between the first application and the enterprise network based on the authentication by; sending a connection request to a remote server from which the remote server can obtain a first transient network address from the client device, receiving a second transient network address from the remote server in response to the connection request, the second transient network address being an address of a connection point on the enterprise network, and creating the secure communication channel to the connection point using the second transient network address, wherein the first application is configured to communicate over the secure communication channel; receiving at the client device an indication that the user has been authenticated by a second, different application external to the enterprise network and configured for access through the first application, wherein second credentials generated based on the authentication of the user with the enterprise network are provided via the enterprise network, in a manner transparent to the user, to the second application for the authentication by the second application; communicating with the second application by the first application over the secure communication channel; storing received information from the second application in an encrypted repository on the client device; receiving by the first application a plurality of policies, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user of the client device; receiving by the first application a request to open a resource; determining by the first application that one of the policies prohibits access by the resource to the encrypted repository and, based thereon, selecting a different third application to open the resource that does not have access to the encrypted repository; and causing the third application to open the resource. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
one or more computers programmed to perform operations comprising; receiving on a client device first credentials from a user and authenticating the user with an enterprise network based on the credentials through a first application on the client device, wherein the first application comprises a secure web browser executing on the client device; creating a secure communication channel between the first application and the enterprise network based on the authentication by; sending a connection request to a remote server from which the remote server can obtain a first transient network address from the client device, receiving a second transient network address from the remote server in response to the connection request, the second transient network address being an address of a connection point on the enterprise network, and creating the secure communication channel to the connection point using the second transient network address, wherein the first application is configured to communicate over the secure communication channel; receiving at the client device an indication that the user has been authenticated by a second, different application external to the enterprise network and configured for access through the first application, wherein second credentials generated based on the authentication of the user with the enterprise network are provided via the enterprise network, in a manner transparent to the user, to the second application for the authentication by the second application; communicating with the second application by the first application over the secure communication channel; storing received information from the second application in an encrypted repository on the client device; receiving by the first application a plurality of policies, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user of the client device; receiving by the first application a request to open a resource; determining by the first application that one of the policies prohibits access by the resource to the encrypted repository and, based thereon, selecting a different third application to open the resource that does not have access to the encrypted repository; and causing the third application to open the resource. - View Dependent Claims (8, 9, 10, 11, 12)
Specification