System and method for secure remote desktop access

US 20070143837A1
Filed: 12/14/2006
Published: 06/21/2007
Est. Priority Date: 12/15/2005
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a first client computer connected to a first network;

a server connected to the first network, the server including a first communication module;

a second client computer including a second communication module; and

a communication tunnel established between the first communication module and the second communication module to connect the first client computer to the second client computer through the server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure remote access system includes client software installed on a portable computer that establishes a remote session with a counterpart server software installed on a server in a DMZ of the company'"'"'s internal network through a secure tunnel. The DMZ server is connected to a router behind an enterprise second level firewall. The router routes the session to the appropriate desktop computer if the desktop is permitted remote access. A bandwidth limiter may be provided to balance the load through the router.

108 Citations

View as Search Results

39 Claims

1. A system, comprising:
- a first client computer connected to a first network;
  
  a server connected to the first network, the server including a first communication module;
  
  a second client computer including a second communication module; and
  
  a communication tunnel established between the first communication module and the second communication module to connect the first client computer to the second client computer through the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the first network includes a router to route a session from the second client computer to the first client computer.
  - 3. The system of claim 2, wherein the first network further includes a first level firewall between the server and the second client computer, and a second level firewall between the server and the first client computer.
  - 4. The system of claim 1, the first network including a bandwidth limiter to monitor and regulate data flowing between the first client computer and the second client computer.
  - 5. The system of claim 4, wherein the bandwidth limiter includes a timer.
  - 6. The system of claim 1, wherein the second client computer is connected to a second network.
  - 7. The system of claim 6, wherein the second network is the Internet.
  - 8. The system of claim 6, wherein the communication tunnel is established through the first and second networks.
  - 9. The system of claim 1, wherein the first and second communication modules are Java applications.
  - 10. The system of claim 1, wherein the first network includes a secure policy handler to determine if a connection request from the second client computer is to be granted.
  - 11. The system of claim 10, wherein the secure policy handler includes different levels of authentication based on a location of the second client computer.
  - 12. The system of claim 11, wherein a first level of authentication includes a login ID and password if the second client computer is located on the first network.
  - 13. The system of claim 11, wherein a second level of authentication includes a login ID, password, and a security token if the second client computer is located on a second network.
  - 14. The system of claim 10, wherein the secure policy handler includes a variable timeout condition to terminate the communication tunnel.
  - 15. The system of claim 14, wherein the timeout condition includes a first idle period for a trusted client and a second idle period for an untrusted client, the first idle period being longer than the second idle period.
  - 16. The system of claim 10, wherein the secure policy handler includes an asset database.
  - 17. The system of claim 1, wherein the first network includes a permission management module to manage access levels and permissions to the first client computer.

18. A method, comprising the steps of:
- establishing a connection between a first client computer and a first network;
  
  establishing a connection between the first client computer and a server on the first network; and
  
  establishing a connection between the first client computer and a second client computer on the first network through the server.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein the step of establishing the connection between the first client computer and the first network includes obtaining access through a first firewall between the first client computer and the server.
  - 20. The method of claim 19, wherein the step of establishing the connection between the first client computer and the second client computer includes obtaining access through a second firewall between the server and the second client computer.
  - 21. The method of claim 18, further comprising the step of:
    - monitoring data flow between the first client computer and the second client computer;
      
      comparing the data flow with a threshold; and
      
      limiting the data flow if the comparison is above the threshold.
  - 22. The method of claim 18, wherein the connection between the first client computer and the first network is established through a second network.
  - 23. The method of claim 22, wherein the second network is the Internet.

24. A method, comprising the steps of:
- accessing a first client computer to connect to a first network; and
  
  logging onto a server on the first network to open a session, wherein the session is routed to a second client computer to establish a connection thereto, such that data and/or applications on the second client computer are directly accessed through the first client computer.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method of claim 24, wherein the step of accessing the first network includes obtaining access through a first firewall between the first client computer and the server.
  - 26. The method of claim 24, wherein routing the session to the second client computer includes obtaining access through a second firewall between the server and the second client computer.
  - 27. The method of claim 24, wherein data flow between the first client computer and the second client computer is monitored and compared to a threshold, and the data flow is limited if the comparison is above the threshold.
  - 28. The method of claim 24, wherein the first client computer is connected to the first network through a second network.
  - 29. The method of claim 28, wherein the second network is the Internet.

30. A computer program product, comprising:
- a client communication module to be executed on a first client computer; and
  
  a server communication module to be executed on a server connected to a first network, wherein the client communication module and the server communication module, when executed, establish a communication tunnel between the first client computer and a second client computer on the first network through the server.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 31. The computer program product of claim 30, wherein the client communication module includes instructions that, when executed, cause encapsulation of data to be transmitted to the server communication module.
  - 32. The computer program product of claim 30, wherein the client communication module includes instructions that, when executed, cause unwrapping of packets received from the server communication module.
  - 33. The computer program product of claim 30, wherein the server communication module includes a secure policy module to determine if a connection request from the client communication module is to be granted.
  - 34. The computer program product of claim 30, wherein the secure policy module includes a variable timeout condition to terminate the communication tunnel.
  - 35. The computer program product of claim 34, wherein the timeout condition includes a first idle period for a trusted client and a second idle period for an untrusted client, the first idle period being longer than the second idle period.
  - 36. The computer program product of claim 30, wherein the client communication module includes instructions that, when executed, cause access through a first firewall between the first client computer and the server.
  - 37. The computer program product of claim 36, wherein the server communication module includes instructions that, when executed, cause access through a second firewall between the server and the second client computer.
  - 38. The computer program product of claim 30, wherein the client communication module and the server communication module are Java applications.
  - 39. The computer program product of claim 30, further comprising a bandwidth limiting module that, when executed, monitors data flow between the first client computer and the second client computer, compares the data flow with a threshold, and limits the data flow if the comparison is above the threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barclays Capital Incorporated (Barclays PLC)
Original Assignee
Lehman Brothers Incorporated (Barclays PLC)
Inventors
Gopalkrishnan, Hari, Azeez, Rafman

Granted Patent

US 8,272,045 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

System and method for secure remote desktop access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure remote desktop access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links