Provisioning remote computers for accessing resources

US 8,255,973 B2
Filed: 12/10/2004
Issued: 08/28/2012
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to requested resources at a remote computer, the method comprising:

authenticating an identity of a user of the remote computer;

providing an interrogator agent for installation onto the remote computer;

receiving interrogation results concerning the operating environment of the remote computer from the interrogator agent;

determining a zone of trust from a plurality of zones of trust based on the authenticated identity of the user and the received interrogation results, each zone of trust being associated with a set of resources; and

authorizing access to a requested resource based on an association with the determined zone of trust.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer'"'"'s ability to access a resource is determined based upon the computer'"'"'s operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer'"'"'s access to the requested resource.

Citations

16 Claims

1. A method of controlling access to requested resources at a remote computer, the method comprising:
- authenticating an identity of a user of the remote computer;
  
  providing an interrogator agent for installation onto the remote computer;
  
  receiving interrogation results concerning the operating environment of the remote computer from the interrogator agent;
  
  determining a zone of trust from a plurality of zones of trust based on the authenticated identity of the user and the received interrogation results, each zone of trust being associated with a set of resources; and
  
  authorizing access to a requested resource based on an association with the determined zone of trust.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the interrogator agent is automatically installed onto the remote computer without the authorization of a user of the remote computer.
  - 3. The method of claim 1, further comprising assigning a zone of trust to the remote computer based upon the interrogation results from the interrogator agent.
  - 4. The method of claim 3, further comprising determining a portfolio of one or more process objects required to access the set of resources associated with the zone of trust assigned to the remote computer and providing the determined portfolio of one or more process objects for installation onto the remote computer.

5. A method of controlling an end point computer'"'"'s access to a resource, the method comprising:
- receiving a request for a resource from a remote computer;
  
  providing a first interrogator agent for installation onto the remote computer based on the received request;
  
  receiving first interrogation results produced by the first interrogator agent;
  
  identifying one or more security process objects corresponding to the received interrogation results;
  
  providing for installation of the identified security process object onto the remote computer;
  
  authenticating an identity of a user of the remote computer;
  
  providing for installation of a second interrogator agent onto the remote computer based on the authenticated identity of the user;
  
  receiving second interrogation results produced by the second interrogator agent;
  
  assigning the remote computer to a zone of trust from a plurality of zones of trust based upon the first interrogation results and the second interrogation results, each zone of trust being associated with a set of resources; and
  
  authorizing the remote computer with access to the requested resource based upon the assigned zone of trust.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprising identifying one or more security process objects required to access the set of resources associated with the assigned zone of trust and providing the identified one or more security process objects for installation onto the remote computer.
  - 7. The method of claim 6, further comprising:
    - determining if the identified one or more security process objects are properly operating on the remote computer;
      
      allowing the remote computer to obtain the requested resource based on a determination that the identified security process objects are properly operating on the remote computer; and
      
      refusing to allow the remote computer to obtain the requested resource based on a determination that the one or more of the identified security process objects is not properly operating on the remote computer.
  - 8. The method of claim 5, further comprising assigning the zone of trust based further upon the authenticated identity of the user.

9. A method of provisioning a remote computer, comprising:
- receiving a communication from a remote computer, the communication including an authenticated identity of a user of the remote computer;
  
  providing at least one interrogator agent for installation onto the remote computer, the at least one interrogator agent being based on the identity of the user of the remote computer;
  
  receiving interrogation results concerning the remote computer from the at least one interrogator agent;
  
  identifying a portfolio of one or more process objects that may be supported by an operating environment of the remote computer based upon the interrogation results; and
  
  providing the identified portfolio of one or more process objects for use in provisioning the remote computer to access a requested resource.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the process objects are communication process objects.
  - 11. The method of claim 10, wherein the communication from the remote computer employs a first communication technique and at least one of the communication process objects implements a second communication technique different from the first communication technique.
  - 12. The method of claim 9, further comprising providing for installation an end point installer to facilitate subsequent installation of the process objects.

13. A method of performing an activity based upon an operating environment of a remote computer, comprising:
- providing an interrogator agent for installation onto the remote computer;
  
  receiving interrogation results concerning the remote computer from the interrogator agent;
  
  assigning a zone of trust from a plurality of zones of trust to the remote computer based upon an authenticated identity of a user of the remote computer and the received interrogation results, each zone of trust being associated with an action; and
  
  performing the action associated with the determined zone of trust.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein the action is to log the remote computer off of a secure communication session.

15. A server system for provisioning a client computer, the system comprising:
- an access server configured to receive communications from a client computer, the communications including an authenticated identity of a user of the client computer;
  
  a provisioning server configured to provide at least one interrogator agent for installation onto a client computer communicating with the access server; and
  
  an end point control server configured to assign a zone of trust from a plurality of zones of trust to the client computer based upon the authenticated user identity and the interrogation results provided by the at least one interrogator agent, each zone of trust being associated with a set of resources.
- View Dependent Claims (16)
- - 16. The server system of claim 15, further comprising a policy server configured to implement rules for associating an assigned zone of trust with an operating environment of a client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
Hopen, Chris, Tomlinson, Gary, Anandam, Parvez, Young, Brian, Flagg, Alan
Primary Examiner(s)
LaForgia, Christian

Application Number

US11/009,692
Publication Number

US 20050144481A1
Time in Patent Office

2,818 Days
Field of Search

709/217, 709/225, 709/226, 713182-185, 726/2
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Provisioning remote computers for accessing resources

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning remote computers for accessing resources

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links