Remote access to resouces
First Claim
1. A system for securely transmitting data between a roaming computer and a managed network service over a shared public network, the system comprising:
- a roaming computer;
a server computer connected to the roaming computer via the public network, the managed network service being accessible from the server computer;
a client agent installed on the roaming computer for creating a secure connection with the managed service and for transmitting data from the roaming computer to the managed service via the secure connection;
a connection component of the managed network service installed on the server computer for cooperating with the client agent to create said secure connection;
the client agent and the connection components of the managed service being operable, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate based authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.
49 Citations
37 Claims
-
1. A system for securely transmitting data between a roaming computer and a managed network service over a shared public network, the system comprising:
-
a roaming computer;
a server computer connected to the roaming computer via the public network, the managed network service being accessible from the server computer;
a client agent installed on the roaming computer for creating a secure connection with the managed service and for transmitting data from the roaming computer to the managed service via the secure connection;
a connection component of the managed network service installed on the server computer for cooperating with the client agent to create said secure connection;
the client agent and the connection components of the managed service being operable, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate based authentication. - View Dependent Claims (4)
-
-
2. A client system for a roaming computer for securely transmitting data from the roaming computer to a managed network service over a shared public network, the system comprising:
-
a client agent installed on the roaming computer for creating a secure connection with the managed service and for transmitting data from the roaming computer to the managed service via the secure connection;
the client agent being operable, on an initial request from the roaming computer to the managed service, to negotiate the secure connection using certificate based client authentication to the managed service.
-
-
3. A server system for receiving data from a roaming computer through a secure connection over a shared public network, the data being destined for a managed network service, the system comprising:
-
a server computer connected to the roaming computer via the public network, the managed network service being accessible from the server computer;
a connection component of the managed network service installed on the server computer for cooperating with a client agent installed on the roaming computer to create a secure connection between the roaming computer and the managed service and for enabling the transmission of data from the roaming computer to the managed service via the secure connection;
the connection component of the managed service being operable, on an initial request from the roaming computer to the managed service, to negotiate the secure connection using certificate based client authentication.
-
-
5. A method for securely transmitting data between a roaming computer and a managed network service over a shared public network, the roaming computer having installed thereon a client agent and the managed network service comprising a connection component, the method comprising:
-
the client agent and the connection component of the managed service operating, on an initial request from the roaming computer to the managed service, to negotiate a secure connection between the roaming agent and the managed service using certificate based client authentication; and
the client agent transmitting data from the roaming computer to the managed service via the secure connection. - View Dependent Claims (6, 32, 35)
-
-
7. A system for securely transmitting requests between a roaming computer and a server computer over a shared public network, the system comprising:
-
a roaming computer;
a server computer connected to the roaming computer by a shared public network; and
a client agent installed on the roaming computer for creating a secure connection with the server computer over the public network and transmitting requests from the roaming computer to the server computer via the secure connection;
the client agent comprising or being instructed by a resource manager component that can automatically select one from two or more predefined network routes for the transport of a request from the roaming computer to the server computer via the secure connection, the route selection being performed by the routing manager on the basis of predefined rules. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
8. A client system for a roaming computer for securely sending requests from the roaming computer to a server computer over a shared public network, the client system comprising:
-
a client agent installed on the roaming computer for creating a secure connection with the server computer and transmitting requests from the roaming computer to the server computer via the secure connection;
the client agent comprising or being instructed by a resource manager component that can automatically select one from two or more predefined network routes for the transport of a request from the roaming computer to the server computer via the secure connection, the route selection being performed by the routing manager on the basis of predefined rules.
-
-
15. A method for securely sending requests from a roaming computer to a server computer over a shared public network, the roaming computer having installed thereon a client agent comprising or being instructed by a resource manager, the method comprising:
-
the client agent creating a secure connection between the roaming computer and the server computer over the public network;
the resource manager automatically selecting one from two or more predefined network routes for the transport of a request from the roaming computer to the server computer via the secure connection, the route selection being performed based on predefined rules; and
the client agent sending a request from the roaming computer to the server computer via the secure connection using the selected route. - View Dependent Claims (16, 17, 18, 19, 20, 21, 33, 36)
-
-
22. A system for securely transmitting requests between a roaming computer and a server computer over a shared public network, the system comprising:
-
a roaming computer;
a server computer connected to the roaming computer via the public network;
a client agent installed on the roaming computer for creating a secure connection with the server computer and transmitting requests from the roaming computer to the server computer via the secure connection;
a server component installed on the server computer for receiving requests from the client agent sent via the secure connection;
the client agent operating, on initiation of the secure connection, to open a communication channel through the secure connection and designate it as a control channel, the control channel being used by the client agent to open a further one or more communication channels for transmission of requests through the secure connection;
the client agent comprising a multiplexer component for combining data from the control channel and said one or more further communication channels into a single data stream for transmission through the secure connection; and
the server component comprising a de-multiplexer component for receiving the single data stream and de-multiplexing it to recreate the distinct control channel and one or more further communications channels. - View Dependent Claims (25)
-
-
23. A client system for a roaming computer for securely transmitting requests from the roaming computer to a server computer over a shared public network, the system comprising:
-
a client agent installed on the roaming computer for creating a secure connection with the server computer and transmitting requests from the roaming computer to the server computer via the secure connection;
the client agent operating, on initiation of the secure connection, to open a communication channel through the secure connection and designate it as a control channel, the control channel being used by the client agent to open a further one or more communication channels for transmission of requests through the secure connection;
the client agent comprising a multiplexer component for combining data from the control channel and said one or more further communication channels into a single data stream for transmission through the secure connection.
-
-
24. A server system for receiving requests transmitted securely from a roaming computer over secure connection created over a shared public network, the secure connection comprising a communication channel designated as a control channel, the system comprising:
-
a server component installed on the server computer for receiving requests from the client agent sent via the secure connection;
the server component comprising a de-multiplexer component for receiving a multiplexed data stream from the roaming computer sent via the secure connection and separating the de-multiplexing the signal to recreate the distinct control channel and one or more further communications channels carrying the requests from the roaming computer.
-
-
26. A method for securely transmitting requests between a roaming computer and a server computer over a shared public network, the roaming computer having a client agent installed theron and the server computer having a server component installed thereon, the method comprising:
-
the client agent creating a secure connection with the server computer;
the client agent, on initiation of the secure connection, opening a communication channel through the secure connection and designating it as a control channel;
the client agent, using the control channel, opening a further one or more communication channels for transmission of requests through the secure connection;
the client agent multiplexing data from the control channel and said one or more further communication channels into a single data stream for transmission through the secure connection;
the client agent transmitting the single data stream to the server computer via the secure connection;
the server component receiving the single data channel sent via the secure connection; and
the server component de-multiplexing the single data stream to recreate the distinct control channel and the one or more further communications channels. - View Dependent Claims (27, 28, 29, 30, 31, 34, 37)
-
Specification