Methods and systems for providing and controlling cryptographic secure communications terminal providing a remote desktop accessible in secured and unsecured environments

US 10,417,428 B2
Filed: 01/18/2016
Issued: 09/17/2019
Est. Priority Date: 03/06/2007
Status: Active Grant

First Claim

Patent Images

1. A method for operating a remote desktop client from a computing system hosting a secure boot device, the method comprising:

initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network;

receiving authentication credentials from the user;

based on verification of the received authentication credentials, booting, from the secure boot device, the operating system;

establishing a secure communication tunnel with a service appliance;

receiving, from the service appliance, via the secure communication tunnel, a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and

establishing a cleartext communication channel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for operating a remote desktop client from a computing system hosting a secure boot device. In some embodiments, a method comprises initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network and based on verification of received authentication credentials, booting an operating system from the secure boot device and establishing a secure communication tunnel with a service appliance. Further, the method comprises receiving, from the service appliance a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and establishing a cleartext communication channel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.

7 Citations

View as Search Results

20 Claims

1. A method for operating a remote desktop client from a computing system hosting a secure boot device, the method comprising:
- initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network;
  
  receiving authentication credentials from the user;
  
  based on verification of the received authentication credentials, booting, from the secure boot device, the operating system;
  
  establishing a secure communication tunnel with a service appliance;
  
  receiving, from the service appliance, via the secure communication tunnel, a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and
  
  establishing a cleartext communication channel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein communication between the remote desktop client and the service appliance over the first secure communication tunnel is encrypted.
  - 3. The method of claim 1, wherein data communicated over the cleartext communication channel is encrypted.
  - 4. The method of claim 1, further comprising:
    - communicating, via a second cleartext communication channel, with one or more trusted endpoints within the secure enterprise network.
  - 5. The method of claim 4, wherein communication with the one or more endpoints is based on a user of the secure boot device being associated with a same community of interest as each of the one or more endpoints.
  - 6. The method of claim 1, wherein the computing system comprises a mobile computing system.
  - 7. The method of claim 1, wherein, based on detecting a disconnection of the computing system from the secure enterprise network, the method further comprises:
    - disconnecting the cleartext communication channel with the secure gateway device; and
      
      establishing a secure communication tunnel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.

8. A computing system configured to communicate with trusted endpoints within a secure enterprise network, the computing system being communicatively connected within the secure enterprise network but untrusted within the secure enterprise network, the computing system comprising:
- a programmable circuit;
  
  a memory communicatively connected to the programmable circuit, the memory storing computer-executable instructions which, when executed by the programmable circuit, cause the computing system to perform a method comprising;
  
  initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network;
  
  receiving authentication credentials from the user;
  
  based on verification of the received authentication credentials, booting, from the secure boot device, the operating system;
  
  establishing a secure communication tunnel with a service appliance;
  
  receiving, from the service appliance, via the secure communication tunnel, a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and
  
  establishing a cleartext communication channel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing system of claim 8, wherein the computing system comprises a mobile computing system.
  - 10. The computing system of claim 8, wherein the memory comprises a secure boot device communicatively connected to the computing system via a wired interface.
  - 11. The computing system of claim 10, wherein the wired interface comprises a USB interface.
  - 12. The computing system of claim 11, wherein, based on detecting a disconnection of the computing system from the secure enterprise network, the memory stores instructions to further perform:
    - disconnecting the cleartext communication channel with the secure gateway device; and
      
      establishing a secure communication tunnel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.
  - 13. The computing system of claim 8, wherein communication between the computing system and the service appliance over the secure communication tunnel is encrypted.
  - 14. The computing system of claim 8, wherein data communicated over the cleartext communication channel is encrypted.

15. A secure system for operating a remote desktop client from a secure boot device positioned within a secure enterprise network, the method comprising:
- a client computer having a secure boot device connected thereto, the client computer communicatively connected within a secure enterprise network, the client computer being untrusted within the secure enterprise network;
  
  a remote server communicatively connected to the client computer via a communications network; and
  
  a trusted set of processing modules stored in the secure boot device that, when executed on the client computer, cause the client computer to;
  
  initiate an operating system from the secure boot device;
  
  receive authentication credentials including a user identification and a password;
  
  based on authentication of the received credentials, boot, from the secure boot device, the operating system;
  
  establish a secure communication tunnel with a service appliance;
  
  receive, from the service appliance, via the secure communication tunnel, a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and
  
  establish a cleartext communication channel with the secure gateway device, thereby allowing communication between the client computer and one or more trusted endpoints within the secure enterprise network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method for operating a remote desktop client from a secure boot device positioned within a secure enterprise network of claim 15, wherein communication between the remote desktop client and the service appliance over the first secure communication tunnel is encrypted.
  - 17. The method for operating a remote desktop client from a secure boot device positioned within a secure enterprise network of claim 15, wherein data communicated over the cleartext communication channel is encrypted.
  - 18. The method for operating a remote desktop client from a secure boot device positioned within a secure enterprise network of claim 15, further comprising:
    - communicating, via a second cleartext communication channel, with one or more endpoints connected to the secure enterprise network.
  - 19. The method for operating a remote desktop client from a secure boot device positioned within a secure enterprise network of claim 18, wherein communication with the one or more endpoints is based on a user of the secure boot device being associated with a same community of interest as each endpoint.
  - 20. The method for operating a remote desktop client from a secure boot device positioned within a secure enterprise network of claim 15, wherein the computing system comprises a mobile computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Rajcan, Steven L., Mohr, Matthew, Trocki, Jim, Vallevand, Mark K.
Primary Examiner(s)
Powers, William S

Application Number

US14/997,787
Publication Number

US 20170169227A1
Time in Patent Office

1,338 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/575   Secure boot

G06F 21/74   operating in dual or compar...

G06F 2221/034   Test or assess a computer o...

G06F 9/4406   Loading of operating system

G06F 9/4408   Boot device selection

G06F 9/441   Multiboot arrangements, i.e...

G06F 9/4416   Network booting; Remote ini...

G06F 9/442   Shutdown

G06F 9/452   Remote windowing, e.g. X-Wi...

G06F 9/454   Multi-language systems; Loc...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 67/025   for remote control or remot...

H04L 67/306   User profiles

H04W 12/06   Authentication

Methods and systems for providing and controlling cryptographic secure communications terminal providing a remote desktop accessible in secured and unsecured environments

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing and controlling cryptographic secure communications terminal providing a remote desktop accessible in secured and unsecured environments

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links