Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices

US 20140108792A1
Filed: 08/09/2013
Published: 04/17/2014
Est. Priority Date: 10/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing an orchestration framework configured to communicatively connect a plurality of client computing devices such that functionality associated with a computing activity is assignable to one or more of the client computing devices;

configuring each of the client computing devices with an agent of the orchestration framework, the agent begin configured to receive instructions to perform at least a portion of the computing activity;

informing a presence service of the orchestration framework that one or more of the client computing devices is available to be assigned at least a portion of the functionality associated with the computing activity;

receiving a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first computing device and the second client computing device are communicatively connected via the orchestration framework;

identifying a first data vault at the first client computing device that stores the content;

determining whether the first data vault is encrypted or unencrypted; and

instructing the second client computing device to store the content based on whether the first data vault is a first encrypted data vault or a first unencrypted data vault.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

94 Citations

20 Claims

1. A method comprising:
- providing an orchestration framework configured to communicatively connect a plurality of client computing devices such that functionality associated with a computing activity is assignable to one or more of the client computing devices;
  
  configuring each of the client computing devices with an agent of the orchestration framework, the agent begin configured to receive instructions to perform at least a portion of the computing activity;
  
  informing a presence service of the orchestration framework that one or more of the client computing devices is available to be assigned at least a portion of the functionality associated with the computing activity;
  
  receiving a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first computing device and the second client computing device are communicatively connected via the orchestration framework;
  
  identifying a first data vault at the first client computing device that stores the content;
  
  determining whether the first data vault is encrypted or unencrypted; and
  
  instructing the second client computing device to store the content based on whether the first data vault is a first encrypted data vault or a first unencrypted data vault.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising, responsive to a determination that the first data vault is encrypted:
    - encrypting the content at the first client computing device using an encryption key before transferring the content to the second client computing device; and
      
      providing the encryption key to the second client computing device such that the second client computing device is capable of decrypting the content.
  - 3. The method of claim 1 further comprising, responsive to a determination that the first data vault is not encrypted, instructing the second client computing device to store the content at a third data vault that is not encrypted.
  - 4. The method of claim 1 further comprising:
    - transmitting to the second client computing device an instruction to delete the content; and
      
      wherein receipt of the instruction at the second client computing device causes the second client computing device to delete at least a portion of the content stored at the second data vault of the second client computing device.
  - 5. The method of claim 4 wherein:
    - the second data vault of the second client computing device is an encrypted data vault that stores encrypted content;
      
      the second client computing device includes an unencrypted data vault that stores unencrypted content; and
      
      receipt of the instruction at the second client computing device causes the second client computing device to delete at least a portion of the encrypted content from the encrypted data vault and at least a portion of the unencrypted content from the unencrypted data vault.
  - 6. The method of claim 1 wherein the orchestration framework is configured to communicatively connect the first client computing device and the second client computing device via at least one of a client-server communication session, a peer-to-peer communication session, and combinations thereof.

7. An apparatus comprising:
- at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the apparatus tocommunicatively connect a plurality of client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to one or more of the client computing devices,initiate a presence service of the orchestration framework, the presence service being configured to identify which of the client computing devices are available to be assigned at least a portion of the functionality associated with the computing activity,receive from an agent of the orchestration framework a notification that one of the client computing devices at which the agent resides is available to be assigned at least a portion of the functionality associated with the computing activity, the agent being configured to receive instructions to perform at least a portion of the computing activity,receive a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first client computing device and the second client computing device are communicatively connected via the orchestration framework,identify a first data vault that stores the content at the first client computing device, andinstruct the second client computing device to store the content based on whether the first data vault is a first encrypted data vault or a first unencrypted data vault.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The apparatus of claim 7 wherein:
    - the second client computing device includes a second encrypted data vault and a second unencrypted data vault; and
      
      the instructions, when executed by the at least one processor, further cause the apparatus toinstruct the second client computing device to store the content in the second encrypted data vault responsive to a determination that the first data vault is the first encrypted data vault, andinstruct the second client computing device to store the content in the second unencrypted data vault responsive to a determination that the first data vault is the first unencrypted data vault.
  - 9. The apparatus of claim 7 wherein:
    - the first client computing device includes a main data store;
      
      the first data vault is the first encrypted data vault;
      
      the main data store and the and the first data vault are separate components;
      
      the instructions, when executed by the at least one processor, further cause the apparatus todetermine whether the second client computing device includes a second encrypted data vault, andinitiate transfer of the content to the second client computing device responsive to a determination that the second client computing device includes the second encrypted data vault.
  - 10. The apparatus of claim 9 wherein the instructions, when executed by the at least one processor, further cause the apparatus to block transfer of the content to the second client computing device responsive to a determination that the second client computing device does not include the second encrypted data vault.
  - 11. The apparatus of claim 9 wherein the instructions, when executed by the at least one processor, further cause the apparatus to:
    - responsive to a determination that the second client computing device does not include the second encrypted data vault,locate a third client computing device of the plurality of computing devices that includes a third encrypted data vault,initiate transfer of the content to the third client computing device, andinstruct the third client computing device to store the content in the third encrypted data vault.
  - 12. The apparatus of claim 7 wherein:
    - the content is stored in a second data vault of the second client computing device; and
      
      the instructions, when executed by the at least one processor, further cause the apparatus to instruct the second client computing device to delete at least a portion of the content stored in the second data vault.
  - 13. The apparatus of claim 12 wherein:
    - the second data vault is a second encrypted data vault; and
      
      the instructions, when executed by the at least one processor, further cause the apparatus to instruct the second client computing device to delete all of the content stored in the second encrypted data vault.
  - 14. The apparatus of claim 12 wherein:
    - the second client computing device is one of at least two client computing devices of the plurality of client computing devices that store the content; and
      
      the instructions, when executed by the at least one processor, cause the apparatus to track each client computing device of the plurality of client computing devices that stores the content.
  - 15. The apparatus of claim 14 wherein the instructions, when executed by the at least one processor, further cause the apparatus to instruct each client computing device of the plurality of client computing devices to delete at least a portion of the content respectively stored at each of the client computing devices.

16. One or more non-transitory computer-readable media having instructions that, when executed, cause a computing device to:
- communicatively connect to one or more client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to the computing device and the one or more client computing devices;
  
  inform a presence service of the orchestration framework that the computing device is available to be assigned at least a portion of the functionality associated with the computing activity;
  
  receive an indication of selected content to transfer to a selected client computing device of the one or more client computing devices while the computing device and the one or more client computing devices are communicatively connected via the orchestration framework wherein the selected content is stored at a first encrypted data vault of the computing device;
  
  display a list of client computing devices available for selection as the selected client computing device wherein the list of client computing devices includes one or more client computing devices that have an encrypted data vault and excludes any client computing devices that do not have an encrypted data vault;
  
  receive a selection of one of the client computing devices in the list of client computing devices as the selected client computing device; and
  
  initiate transfer of the selected content to the selected client computing device via the orchestration framework wherein receipt of the selected content at the selected client computing device causes the selected client computing device to store the selected content at a second encrypted data vault.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable media of claim 16 wherein the instructions, when executed, cause the computing device to:
    - encrypt the content with an encryption key before transferring the selected content to the selected client computing device; and
      
      providing the selected client computing device with the encryption key such that the selected client computing device is capable of decrypting the selected content.
  - 18. The computer-readable media of claim 16 wherein:
    - the computing device includes a first encrypted data vault and a first unencrypted data vault; and
      
      the instructions, when executed, further cause the computing device toreceive transferred content from a second client computing device of the one or more client computing devices, andstore the transferred content in one of the first encrypted data vault or the first unencrypted data vault.
  - 19. The computer-readable media of claim 18 wherein:
    - the transferred content is encrypted; and
      
      the instructions, when executed, further cause the computing device toreceive a transferred encryption key with the transferred content, anddecrypt the transferred content using the encryption key.
  - 20. The computer-readable media of claim 18 wherein:
    - the transferred content is stored in the first encrypted data vault; and
      
      the instructions, when executed, cause the computing device to delete at least a portion of the transferred content responsive to receipt of an instruction to delete the transferred content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Borzycki, Andrew, Deva, Mallikharjuna Reddy, Gajendar, Uday Nandigam, Roychoudhry, Anil

Granted Patent

US 8,745,755 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

G06F 9/543   User-generated data transfe...

H04L 1/0025   Transmission of mode-switch...

H04L 12/2856   Access arrangements, e.g. I...

H04L 63/04   for providing a confidentia...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 67/04   specially adapted for termi...

H04L 67/10   in which an application is ...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/34   involving the movement of s...

H04L 67/567   Integrating service provisi...

H04L 67/60   Scheduling or organising th...

H04L 67/63   Routing a service request d...

H04L 9/14   using a plurality of keys o...

Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links