Remote Access to Resources
First Claim
1. A system for securely transmitting data between a roaming computer and a managed network service over a shared public network, the system comprising:
- a roaming computer;
a server computer connected to the roaming computer via the public network, the managed network service being accessible from the server computer;
a client agent installed on the roaming computer for creating a secure connection with the managed service and for transmitting data from the roaming computer to the managed service via the secure connection;
a connection component of the managed network service installed on the server computer for cooperating with the client agent to create said secure connection;
the client agent or the connection components of the managed service being operable, on an initial request from the roaming computer to the managed service, to negotiate the secure connection using certificate based authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.
12 Citations
41 Claims
-
1. A system for securely transmitting data between a roaming computer and a managed network service over a shared public network, the system comprising:
-
a roaming computer; a server computer connected to the roaming computer via the public network, the managed network service being accessible from the server computer; a client agent installed on the roaming computer for creating a secure connection with the managed service and for transmitting data from the roaming computer to the managed service via the secure connection; a connection component of the managed network service installed on the server computer for cooperating with the client agent to create said secure connection; the client agent or the connection components of the managed service being operable, on an initial request from the roaming computer to the managed service, to negotiate the secure connection using certificate based authentication. - View Dependent Claims (2, 3, 4)
-
-
5. A method for securely transmitting data between a roaming computer and a managed network service over a shared public network, the roaming computer having installed thereon a client agent and the managed network service comprising a connection component, the method comprising:
-
on an initial request from the roaming computer to the managed service, the client agent and the connection component of the managed service negotiating a secure connection between the roaming agent and the managed service using certificate based client authentication; and the client agent transmitting data from the roaming computer to the managed service via the secure connection. - View Dependent Claims (6, 32)
-
-
7-22. -22. (canceled)
-
23. A system for a roaming computer for securely transmitting requests from the roaming computer to a server computer over a shared public network, the system comprising:
-
a client agent installed on the roaming computer for creating a secure connection with the server computer and transmitting requests from the roaming computer to the server computer via the secure connection; the client agent operating, on initiation of the secure connection, to open a communication channel through the secure connection and designate it as a control channel, the control channel being used by the client agent to open a further one or more communication channels for transmission of requests through the secure connection; the client agent comprising a multiplexer component for combining data from the control channel and said one or more further communication channels into a single data stream for transmission through the secure connection. - View Dependent Claims (24, 25, 38, 39, 40, 41)
-
-
26. A method for securely transmitting requests between a roaming computer and a server computer over a shared public network, the roaming computer having a client agent installed thereon and the server computer having a server component installed thereon, the method comprising:
-
the client agent creating a secure connection with the server computer; the client agent, on initiation of the secure connection, opening a communication channel through the secure connection and designating it as a control channel; the client agent, using the control channel, opening a further one or more communication channels for transmission of requests through the secure connection; the client agent multiplexing data from the control channel and said one or more further communication channels into a single data stream for transmission through the secure connection; the client agent transmitting the single data stream to the server computer via the secure connection; the server component receiving the single data channel sent via the secure connection; and the server component de-multiplexing the single data stream to recreate the distinct control channel and the one or more further communications channels. - View Dependent Claims (27, 28, 29, 30, 31, 34)
-
-
33. (canceled)
-
35-37. -37. (canceled)
Specification