Systems and methods for providing levels of access and action control via an SSL VPN appliance
First Claim
1. A method of controlling by an appliance an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the method comprising:
- (a) receiving, by an appliance, a request from a client operated by a user to perform an action on a resource on a network being accessed via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network, the client comprising a computing environment, the action comprising one of printing, editing or saving the resource via the SSL VPN connection;
(b) receiving, by the appliance, characteristics of the computing environment provided by a collection agent;
(c) providing, by a policy engine of the appliance, one or more policies for controlling actions by the computing environment; and
(d) controlling, by the appliance via the SSL VPN connection, whether the computing environment is allowed to perform the requested action on the resource based on application of the one or more policies on the received characteristics and the requested action.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to systems and methods to identify a level of access for a resource being accessed via a secure socket layer virtual private network (SSL VPN) connection to a network, and to control the action on the resource based on the identified level of access. The appliance described herein provides intelligent secure access and action control to resources based on a sense and respond mechanism. When a user requests access to a resource via the SSL VPN connection of the appliance, the appliance obtains information about the client to determine the user access scenario—the location, device, connection and identify of the user or client. Based on the collected information, the appliance responds to the detected user scenario by identifying a level of access to the resource for the user/client, such as rights to view, print, edit or save a document, Based on the identified level of access, the appliance controls the actions performs on the resource by various techniques described herein so that the user can only perform the allowed action n accordance with the level of access. As such, the present invention allows organization to control and provide the appropriate level of access to valuable, confidential or business critical information accessed remotely or via a pubic network while protecting such information by controlling the types of actions performed or allowed to be performed remotely on the information.
-
Citations
28 Claims
-
1. A method of controlling by an appliance an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the method comprising:
-
(a) receiving, by an appliance, a request from a client operated by a user to perform an action on a resource on a network being accessed via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network, the client comprising a computing environment, the action comprising one of printing, editing or saving the resource via the SSL VPN connection; (b) receiving, by the appliance, characteristics of the computing environment provided by a collection agent; (c) providing, by a policy engine of the appliance, one or more policies for controlling actions by the computing environment; and (d) controlling, by the appliance via the SSL VPN connection, whether the computing environment is allowed to perform the requested action on the resource based on application of the one or more policies on the received characteristics and the requested action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for controlling an action performed by a client on a resource accessed via a virtual private network connection provided by an appliance to a network, the system comprising:
-
an appliance providing one or more clients a secure socket layer virtual private network (SSL VPN) connection to a network; a client, operated by a user, requesting to perform an action on a resource on a network via the appliance, the client comprising a computing environment, the action comprising one of printing, editing or saving the resource via the SSL VPN connection; a collection agent providing to the appliance characteristics of the computing environment; a policy engine providing one or more policies for controlling actions by the computing environment; and wherein the appliance controls, via the SSL VPN connection, whether the computing environment is allowed to perform the requested action on the resource based on application of the one or more policies on the received characteristics and the requested action. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An appliance for controlling an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the appliance comprising:
-
means for receiving a request from a client operated by a user to perform an action on a resource on a network via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network, the client comprising a computing environment, the action comprising one of printing, editing or saving the resource via the SSL VPN connection; means for receiving characteristics of the computing environment from a collection agent; means for providing one or more policies controlling actions by the computing environment; and means for controlling, via the SSL VPN connection, whether the computing environment is allowed to perform the requested action on the resource based on application of the one or more policies on the received characteristics and the requested action.
-
-
28. A method of controlling by an appliance an action performed by a client on a resource accessed via a virtual private network connection provided by the appliance to a network, the method comprising the steps of:
-
(a) receiving, by an appliance, a request from a client operated by a user to access a resource on a network via a secure socket layer virtual private network (SSL VPN) connection provided by the appliance to the network, the client comprising a computing environment; (b) receiving, by the appliance characteristics of the computing environment collected by a collection agent from the client; (c) providing, by a policy engine of the appliance, one or more policies for controlling actions by the computing environment based on a type of delivery for the resource from the network; and (d) controlling, by the appliance via the SSL VPN connection, whether the computing environment is allowed to perform the requested action on the resource via the type of delivery based on-application of the one or more policies on the received characteristics and the requested action.
-
Specification