METHOD AND APPARATUS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO APPLICATION SESSIONS

US 20060070131A1
Filed: 09/30/2004
Published: 03/30/2006
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing authorized remote access to one or more application sessions, the method comprising:

(a) requesting, by a client node, access to a resource;

(b) gathering, by a collection agent, information about the client node;

(c) receiving, by a policy engine, the gathered information;

(d) making, by a policy engine, an access control decision based on the received information;

(e) identifying one or more application sessions already associated with the user in response to the received information; and

(f) establishing, by a session server, a connection between a client computer operated by the user and the one or more application sessions identified in response to the received information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing authorized remote access to one or more application sessions includes a client node, a collection agent, a policy engine, and a session server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information, and makes an access control decision based on the received information. The session server establishes a connection between a client computer operated by the user and the one or more application sessions associated with the user of the client node identified in response to the received information.

212 Citations

45 Claims

1. A method for providing authorized remote access to one or more application sessions, the method comprising:
- (a) requesting, by a client node, access to a resource;
  
  (b) gathering, by a collection agent, information about the client node;
  
  (c) receiving, by a policy engine, the gathered information;
  
  (d) making, by a policy engine, an access control decision based on the received information;
  
  (e) identifying one or more application sessions already associated with the user in response to the received information; and
  
  (f) establishing, by a session server, a connection between a client computer operated by the user and the one or more application sessions identified in response to the received information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1 wherein step (a) further comprises requesting the resource over a network connection.
  - 3. The method of claim 1 wherein step (b) further comprises gathering the information over a network connection.
  - 4. The method of claim 1 wherein step (b) further comprises gathering information by executing at least one script on the client node.
  - 5. The method of claim 1 wherein step (d) further comprises determining if the received information satisfies a condition.
  - 6. The method of claim 5 further comprising determining if the received information satisfies a condition by comparing the received information to at least one condition.
  - 7. The method of claim 6 wherein step (d) further comprises making an access control decision by applying a policy to the condition.
  - 8. The method of claim 1 wherein a first one of the application sessions is running on a first server and a second one of the application sessions is running on a second server.
  - 9. The method of claim 1 wherein the step of establishing, by the session server, a connection between the client and the one or more application sessions is subject to a rule permitting the client computer operated by the user to connect to the one or more application sessions.
  - 10. The method of claim 1 wherein the connection between the user and the one or more application sessions is triggered by the selection of a single user interface element.
  - 11. The method of claim 1 further comprising the step of receiving, by a session server, a disconnect request to disconnect the first application session associated with the user and the second application session associated with the user;
    - and disconnecting, by the session server, the first and second application sessions.
  - 12. The method of claim 11 further comprising updating, by the session server, at least one data record associated with the first and second application sessions to indicate that the first and second application sessions are disconnected.
  - 13. The method of claim 12 further comprising the step of continuing, by the session server, execution of at least one of the disconnected application sessions.
  - 18. The method of claim 1 wherein the one or more application sessions was connected to a first client computer prior to connection and, after connection, the one or more application sessions is reconnected to the first client computer.
  - 19. The method of claim 1 wherein the one or more application sessions was associated with a first client computer prior to establishing the connection and, after establishing the connection, the one or more application sessions is connected to a second client computer.
  - 20. The method of claim 1 wherein at least one application session is disconnected.
  - 21. The method of claim 1 wherein at least one application session is active.
  - 22. The method of claim 1 wherein the identifying one or more applications sessions is automatic upon receipt of authentication information.
  - 23. The method of claim 1 further comprising the step of providing for receiving application output from a one or more previously disconnected application sessions associated with the user in response to the transmitted information.
  - 24. The method of claim 23 further comprising disconnecting at least one active application session associated with the user in response to the received information.
  - 25. The method of claim 23 wherein the one or more active application sessions is initially connected to a first client computer and, upon requesting access to the resource, the user is operating a second client computer.
  - 26. The method of claim 23, wherein the receipt of application output from the one or more active application sessions is subject to a rule permitting the user to have a client computer operated by the user connect to the one or more active application sessions.
  - 27. The method of claim 23 wherein the receipt of application output from the one or more active application sessions and the receipt of application output from the one or more disconnected application sessions are triggered by the selection of a single user interface element.
  - 28. The method of claim 23 wherein the one or more disconnected application sessions was connected to a first client computer prior to disconnection and, at connection, the one or more disconnected application session is reconnected to the first client computer.
  - 29. The method of claim 23 wherein the one or more disconnected application sessions was connected to a first client computer prior to disconnection and, at connection, the one or more disconnected application session is connected to a second client computer.

14-17. -17. (canceled)

30. A system for providing authorized remote access to an application session, the policy engine comprising:
- a collection agent gathering information about the client node; and
  
  a policy engine receiving the gathered information, making an access control decision based on the received information, and requesting an enumeration of one or more application sessions associated with the client node, the request including the access control decision; and
  
  a session server generating an enumeration of one or more application sessions associated with the client node responsive to the access control decision.
- View Dependent Claims (31, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45)
- - 31. The system of claim 30 wherein the collection agent executes on the client node.
  - 32. The system of claim 30 wherein the policy engine transmits the collection agent to the client node.
  - 33. The system of claim 30 wherein the policy engine transmits instructions to the collection agent determining the type of information the collection agent gathers.
  - 35. The system of claim 30 wherein a first one of the application sessions is running on a first server and a second one of the application sessions is running on a second server.
  - 36. The system of claim 30 wherein the session server connects the client node to the one or more application sessions.
  - 37. The system of claim 36 wherein the connection of the client node to the one or more application sessions, is triggered by selection of a single user interface element.
  - 38. The system of claim 36 wherein the session server is also configured to receive a disconnect request to disconnect the first application session associated with the user and the second application session associated with the user and disconnect the first and second application sessions in response to the request.
  - 39. The system of claim 38 wherein the session server is further configured to update at least one data record associated with each of the first and second application sessions to indicate that the first and second application sessions are disconnected.
  - 41. The system of claim 30 wherein the policy engine further comprises stored data associated with one or more servers executing application sessions.
  - 42. The system of claim 30 wherein the one or more application sessions was connected to a first client computer prior to connection and, after connection, the one or more application sessions is reconnected to the first client computer.
  - 43. The system of claim 30 wherein the one or more application sessions was associated with a first client computer prior to connection and, after connection, the one or more application sessions is connected to a second client computer.
  - 44. The system of claim 30 wherein at least one of the one or more application sessions is disconnected.
  - 45. The system of claim 30 wherein at least one of the one or more application sessions is active.

34. (canceled)

40. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Simmons, Timothy Ernest, Braddy, Ricky Gene, Stone, David Sean

Granted Patent

US 8,613,048 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

METHOD AND APPARATUS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO APPLICATION SESSIONS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

212 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO APPLICATION SESSIONS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

212 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links