Role-Based Access to Shared Resources

US 20170019498A1
Filed: 07/14/2015
Published: 01/19/2017
Est. Priority Date: 07/14/2015
Status: Active Application

First Claim

Patent Images

1. A method comprising:

receiving, at an intermediate network connected device from an edge network device, information identifying a user as having accessed a first network device from an external network connected device, wherein the intermediate network connected device is arranged between the first network device and a second network device, wherein the intermediate network connected device, the first network device and the second network device are within a network and wherein the external network connected device is outside the network;

receiving at the intermediate network connected device a request from the first network device to access the second network device;

determining the user is a source of the request via the first network device based upon the received information; and

evaluating the request from the first network device based upon determining the user to be the source of the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information identifying a user as having accessed a first network device from an external network connected device is received at an intermediate network connected device from an edge network device. The intermediate network connected device is arranged between the first network device and a second network device. The intermediate network connected device, the first network device and the second network device are within the network and the external network connected device is outside the network. A request to access the second network device is received at the intermediate network connected device from the first network device. It is determined that the user is a source of the request via the first network device based upon the received information. The request from the first network device is evaluated based upon determining the user is the source of the request.

14 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at an intermediate network connected device from an edge network device, information identifying a user as having accessed a first network device from an external network connected device, wherein the intermediate network connected device is arranged between the first network device and a second network device, wherein the intermediate network connected device, the first network device and the second network device are within a network and wherein the external network connected device is outside the network;
  
  receiving at the intermediate network connected device a request from the first network device to access the second network device;
  
  determining the user is a source of the request via the first network device based upon the received information; and
  
  evaluating the request from the first network device based upon determining the user to be the source of the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein evaluating the request comprising granting the request.
  - 3. The method of claim 1, wherein evaluating the request comprises denying the request.
  - 4. The method of claim 1, wherein the information identifying the user as having accessed the first network device is contained in a message sent from an access control gateway, wherein the access control gateway is within the network.
  - 5. The method of claim 1, wherein the information identifying the user as having accessed the first network device includes a mapping of the user to the first network device, and a policy defining a level of access to the second network device for the user.
  - 6. The method of claim 5, wherein:
    - determining the user is the source of the request via the first network device comprises determining the user is the source of the request from the mapping of the user to the first network device; and
      
      evaluating the request comprises determining a level of access to the second network device for the user from the policy, and providing the level of access to the first network device.
  - 7. The method of claim 1, wherein the information identifying the user as having accessed the first network device is contained in a message sent from a wireless access point.
  - 8. The method of claim 1, wherein receiving, at the intermediate network connected device from the edge network device, information identifying the user as having accessed the first network device from the external network connected device comprises receiving the information at one of a switch, a router or a firewall.
  - 9. The method of claim 1, wherein the information identifying the user as having accessed the first network device includes information identifying the user as having accessed a virtual desktop virtual machine.
  - 10. The method of claim 1, wherein the first network device comprises a first virtual machine.
  - 11. The method of claim 10, wherein the second network device comprises a second virtual machine.

12. An apparatus comprising:
- a network interface unit configured to enable communication over a network; and
  
  a processor coupled to the network interface unit, wherein the processor is configured to;
  
  receive, via the network interface unit, information identifying a user as having accessed a first network device from an external network connected device, wherein the apparatus is arranged between the first network device and a second network device, wherein the apparatus, the first network device and the second network device are within the network and wherein the external network connected device is outside the network;
  
  receive, via the network interface unit, a request from the first network device to access the second network device;
  
  determine the user is a source of the request via the first network device based upon the received information; and
  
  evaluate the request from the first network device based upon determining user is the source of the request.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus of claim 12, wherein the first network device comprises a first virtual machine.
  - 14. The apparatus of claim 13, wherein the second network device comprises a second virtual machine.
  - 15. The apparatus of claim 12, wherein the processor is configured to receive the information identifying the user as having accessed the first network device by receiving a message sent from an access control gateway.
  - 16. The apparatus of claim 12, wherein the processor is configured to receive the information identifying the user as having accessed the first network device by receiving a mapping of the user to the first network device, and a policy defining a level of access to the second network device for the user.

17. A non-transitory computer readable storage media encoded with instructions, wherein the instructions, when executed by a processor, cause the processor to:
- receive information identifying a user as having accessed a first network device from an external network connected device, wherein the processor is included in an apparatus that is arranged between the first network device and a second network device, wherein the apparatus, the first network device and the second network device are within a network and wherein the external network connected device is outside the network;
  
  receive a request from the first network device to access the second network device;
  
  determine the user is a source of the request via the first network device based upon the received information; and
  
  evaluate the request from the first network device based upon determining the user is the source of the request.
- View Dependent Claims (18, 19, 20)
- - 18. The computer readable storage media of claim 17, wherein the first network device comprises a first virtual machine.
  - 19. The computer readable storage media of claim 17, wherein the instructions that cause the processor to receive the information identifying the user as having accessed the first network device further cause the processor to receive a message sent from an access control gateway.
  - 20. The computer readable storage media of claim 17, wherein the instructions that cause the processor to receive the information identifying the user as having accessed the first network device further cause the processor to receive a mapping of the user to the first network device, and a policy defining a level of access to the second network device for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Freilich, Max, Lam, Tak Cheung, Ng, Mark Ka Yau

Granted Patent

US 10,277,713 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/02 for separating internal fro...

H04L 63/105 Multiple levels of security

Role-Based Access to Shared Resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Role-Based Access to Shared Resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others