CLIENT SIDE REDIRECTION WITH PLUGGABLE AUTHENTICATION AND AUTHORIZATION

US 20160234216A1
Filed: 06/17/2015
Published: 08/11/2016
Est. Priority Date: 02/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by an operating system (OS) of a first computing device;

receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;

qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection; and

if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;

an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; and

one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via a virtual channel of the first RDP connection, and wherein the second RDP connection allows the RDP client device to access the second computing device.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of client side redirection with pluggable authentication and authorization is disclosed. In a particular embodiment, an operating system of a first computing device receives a request to cause remote desktop protocol (RDP) client device to connect to a second computing device. The client is coupled to the first computing device via a first RDP connection. The first computing device may use information associated with the first RDP connection to qualify the client to connect to the second computing device. If qualified, first computing device may send a redirect instruction to the client that redirects the client from the first computing device to the second computing device. The first computing device may send credentials to the client for use in establishing a second RDP connection to the second computing device. The redirect instruction and credentials may be sent via a virtual channel of the first RDP connection.

22 Citations

View as Search Results

20 Claims

1. A method comprising:
- by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via a virtual channel of the first RDP connection, and wherein the second RDP connection allows the RDP client device to access the second computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein qualifying the RDP client device comprises a plurality of connection tests at the first computing device, wherein the connection tests comprise the RDP client device and the second computing device.
  - 3. The method of claim 1, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server.
  - 4. The method of claim 1, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 5. The method of claim 1, wherein each of the first and second RDP connections comprises a gateway.
  - 6. The method of claim 5, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.
  - 7. The method of claim 5, wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.
  - 8. The method of claim 1, wherein the second RDP connection comprises a third computing device.
  - 9. The method of claim 8, wherein the credentials being sent to the RDP client device allow the RDP client device to access the third computing device.

10. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
- by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via a virtual channel of the first RDP connection, and wherein the second RDP connection allows the RDP client device to access the second computing device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The media of claim 10, wherein the virtual channel of the first RDP connection is encrypted.
  - 12. The media of claim 10, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 13. The media of claim 10, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server.
  - 14. The media of claim 13, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.
  - 15. The media of claim 13, wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.

16. An information handling system comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to;
  
  by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via a virtual channel of the first RDP connection, and wherein the second RDP connection allows the RDP client device to access the second computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The information handling system of claim 16, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 18. The information handling system of claim 16, wherein each of the first and second RDP connections comprises a gateway.
  - 19. The information handling system of claim 18, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.
  - 20. The information handling system of claim 18, wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Fausak, Andrew T., Rombakh, Oleg

Granted Patent

US 9,900,182 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4679   Arrangements for the regist...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/025   for remote control or remot...

H04L 67/08   specially adapted for termi...

H04L 67/1001   for accessing one among a p...

H04L 67/131   Protocols for games, networ...

H04L 67/141   Setup of application sessio...

H04L 67/142   Managing session states for...

H04L 67/148   Migration or transfer of se...

H04L 67/563   Data redirection of data ne...

H04L 69/04   Protocols for data compress...

H04L 69/14   Multichannel or multilink p...

H04L 9/3213   using tickets or tokens, e....

Y02D 30/50   in wire-line communication ...

CLIENT SIDE REDIRECTION WITH PLUGGABLE AUTHENTICATION AND AUTHORIZATION

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CLIENT SIDE REDIRECTION WITH PLUGGABLE AUTHENTICATION AND AUTHORIZATION

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links