Secure remote access for secured enterprise communications
First Claim
1. A computer-implemented method of securing communications with an enterprise, the method comprising:
- initiating a first secured connection between a remote computing device and a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on the remote computing device;
initiating communication with the authentication server within an enterprise via the first secured connection;
providing user credentials from the secure applet to the authentication server;
receiving specific credentials from the authentication server based on the user credentials, the specific credentials providing access to one or more computing devices within the enterprise that are within a community of interest accessible by the user, the community of interest including the one or more computing devices and the remote computing device, and obfuscating to the user and the remote computing device one or more other computing systems within the enterprise excluded from the community of interest;
terminating the first secured connection with the VPN appliance;
after terminating the first secured connection, initiating a second secured connection between the remote computing device and the VPN appliance using the specific credentials from the authentication server, the specific credentials including a one-time password used for establishing the second secured connection;
wherein the second secured connection enables communication between the remote computing device and the one or more computing devices within the community of interest via a virtual data relay (vDR) that manages access to the community of interest on behalf of the remote computing device.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.
3 Citations
22 Claims
-
1. A computer-implemented method of securing communications with an enterprise, the method comprising:
-
initiating a first secured connection between a remote computing device and a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on the remote computing device; initiating communication with the authentication server within an enterprise via the first secured connection; providing user credentials from the secure applet to the authentication server; receiving specific credentials from the authentication server based on the user credentials, the specific credentials providing access to one or more computing devices within the enterprise that are within a community of interest accessible by the user, the community of interest including the one or more computing devices and the remote computing device, and obfuscating to the user and the remote computing device one or more other computing systems within the enterprise excluded from the community of interest; terminating the first secured connection with the VPN appliance; after terminating the first secured connection, initiating a second secured connection between the remote computing device and the VPN appliance using the specific credentials from the authentication server, the specific credentials including a one-time password used for establishing the second secured connection; wherein the second secured connection enables communication between the remote computing device and the one or more computing devices within the community of interest via a virtual data relay (vDR) that manages access to the community of interest on behalf of the remote computing device. - View Dependent Claims (2, 3, 4, 5, 6, 22)
-
-
7. A computer-implemented method of securing communications between a remote computing device and an enterprise, the method comprising:
-
receiving a request for a secured connection from a remote device at a secure remote access gateway device using a set of service credentials maintained at the remote device; starting a service virtual data relay useable by the remote device to communicate with an authentication server within the enterprise; accepting the request for the secured connection at the secure remote access gateway device, thereby establishing a VPN connection between a VPN appliance associated with the secure remote access gateway device and the remote device; receiving user credentials from the remote device; providing user credentials to the authentication server within the enterprise; receiving specific credentials from the authentication server based on the user credentials, the specific credentials providing access to one or more computing devices within the enterprise that are within a community of interest accessible by the user, the community of interest including the one or more computing devices and the remote computing device, and obfuscating to the user and the remote computing device one or more other computing systems within the enterprise excluded from the community of interest; providing the specific credentials to the remote device; receiving a request from the remote device to terminate the secured connection; terminating the service virtual data relay; after terminating the service virtual data relay, receiving a request from the remote device to initiate a second secured connection from the remote device at the secure remote access gateway device using the specific credentials; starting a device-specific virtual data relay useable by the remote computing device to communicate with the one or more computing systems within the enterprise, the device-specific virtual data relay being provided with a community of interest key associated with the community of interest by the authentication server; and accepting the request for the second secured connection, thereby allowing the remote computing device to initiate communications with at least one of the one or more computing devices included in the community of interest without requiring communication of the community of interest key to the remote device. - View Dependent Claims (8, 9, 10)
-
-
11. A system enabling secured communications with an enterprise, the system comprising:
-
a secure remote access gateway device operable as an intermediary between a remote device and one or more computing devices within an enterprise, the secure remote access gateway device configured to execute program instructions to; receive a request for a secured connection from a remote device using a set of service credentials maintained at the remote device; start a service virtual data relay useable by the remote device to communicate with an authentication server within the enterprise; accept the request for the secured connection at the secure remote access gateway device, thereby establishing a VPN connection between a VPN appliance associated with the secure remote access gateway device and the remote device; receive user credentials from the remote device; provide user credentials to the authentication server within the enterprise; receive specific credentials from the authentication server based on the user credentials, the specific credentials providing access to one or more computing devices within the enterprise that are within a community of interest accessible by the user, the community of interest including the one or more computing devices and the remote computing device, and obfuscating to the user and the remote computing device one or more other computing systems within the enterprise excluded from the community of interest; provide the specific credentials to the remote device; receive a request from the remote device to terminate the secured connection; terminate the service virtual data relay; after terminating the service virtual data relay, receive a request from the remote device to initiate a second secured connection from the remote device at the secure remote access gateway device using the specific credentials; start a device-specific virtual data relay useable by the remote computing device to communicate with the one or more computing systems within the enterprise, the device-specific virtual data relay being provided with a community of interest key associated with the community of interest by the authentication server; and accept the request for the second secured connection, thereby allowing the remote computing device to initiate communications with at least one of the one or more computing devices included in the community of interest without requiring communication of the community of interest key to the remote device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification