Systems and Methods for Providing Levels of Access and Action Control Via an SSL VPN Appliance
First Claim
1. A method of controlling by an appliance an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the method comprising the steps of:
- (a) receiving, by an appliance, a request from a client to access a resource on a network via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network;
(b) receiving, by the appliance, information about the client from a collection agent;
(c) identifying, by a policy engine of the appliance, a level of access to the resource from a plurality of levels of access responsive to applying one or more policies to the received information; and
(d) controlling, by the appliance, an action performed on the resource by the client via the SSL VPN connection based on the identified level of access.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to systems and methods to identify a level of access for a resource being accessed via a secure socket layer virtual private network (SSL VPN) connection to a network, and to control the action on the resource based on the identified level of access. The appliance described herein provides intelligent secure access and action control to resources based on a sense and respond mechanism. When a user requests access to a resource via the SSL VPN connection of the appliance, the appliance obtains information about the client to determine the user access scenario—the location, device, connection and identify of the user or client. Based on the collected information, the appliance responds to the detected user scenario by identifying a level of access to the resource for the user/client, such as rights to view, print, edit or save a document, Based on the identified level of access, the appliance controls the actions performs on the resource by various techniques described herein so that the user can only perform the allowed action n accordance with the level of access. As such, the present invention allows organization to control and provide the appropriate level of access to valuable, confidential or business critical information accessed remotely or via a pubic network while protecting such information by controlling the types of actions performed or allowed to be performed remotely on the information.
633 Citations
34 Claims
-
1. A method of controlling by an appliance an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the method comprising the steps of:
-
(a) receiving, by an appliance, a request from a client to access a resource on a network via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network; (b) receiving, by the appliance, information about the client from a collection agent; (c) identifying, by a policy engine of the appliance, a level of access to the resource from a plurality of levels of access responsive to applying one or more policies to the received information; and (d) controlling, by the appliance, an action performed on the resource by the client via the SSL VPN connection based on the identified level of access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for controlling an action performed by a client on a resource accessed via a virtual private network connection provided by an appliance to a network, the system comprising:
-
an appliance providing one or more clients a secure socket layer virtual private network (SSL VPN) connection to a network; a client requesting access to a resource on a network via the appliance; a collection agent providing the appliance information about the client; a policy engine identifying a level of access to the resource from a plurality of levels of access responsive to applying one or more policies to the received information; and wherein the appliance controls an action performed on the resource by the client via the SSL VPN connection based on the identified level of access. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. An appliance for controlling an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the appliance comprising:
-
means for receiving, by an appliance, a request from a client to access a resource on a network via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network; means for receiving, by the appliance, information about the client from a collection agent; means for identifying, by a policy engine of the appliance, a level of access to the resource from a plurality of levels of access responsive to applying one or more policies to the received information; and
-
-
34. means controlling, by the appliance, an action performed on the resource by the client via the SSL VPN connection based on the identified level of access.
Specification