Apparatuses, methods and systems for a secure resource access and placement platform

US 8,528,059 B1
Filed: 10/06/2009
Issued: 09/03/2013
Est. Priority Date: 10/06/2008
Status: Active Grant

First Claim

Patent Images

1. A multi-layered processor-implemented method for secure access to corporate resources, comprising:

receiving a Payload specific request to access a plurality of corporate resources from at least one user;

initializing via a processor a uniquely identified Shell based on the received request, wherein the Shell comprises a plurality of Payload backups;

receiving a set of user authentication credentials from the user;

sending the set of user authentication credentials to a corporate server controlling the corporate resources;

receiving an authentication decision from the corporate server; and

if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may be authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.

380 Citations

34 Claims

1. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request, wherein the Shell comprises a plurality of Payload backups;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, wherein the uniquely identified Shell comprises at least the Payload and a Bubble.
  - 3. The method of claim 2, wherein the Shell instantiates at least one of:
    - a partition without hypervisors;
      
      hardware virtualization with bare metal hypervisors;
      
      hardware virtualization with hypervisors on top of a host operating system;
      
      operating system virtualization with application containers;
      
      directly hardened special purpose applications; and
      
      user session virtualization.
  - 4. The method of claim 1, wherein the Shell comprises a plurality of Shell interfaces.
  - 5. The method of claim 4, wherein the plurality of Shell interfaces are controlled by the Shell and collectively provide a controlled point of entry into the Payload.
  - 6. The method of claim 5, wherein the plurality of Shell interfaces comprises components for authentication, validation, Payload management, data control, peripherals, corporate connectivity and Shell management.
  - 7. The method of claim 1, wherein the Payload is at least one of an Environment type, an Application type, and a Presentation type.
  - 8. The method of claim 7, wherein the Payload synchronizes data with a Shell interface if the Payload is of the Environment type.
  - 9. The method of claim 1, wherein the Shell further comprises a plurality of cached user authentication credentials.
  - 10. The method of claim 1, wherein the Shell further comprises a plurality of cached control policies.
  - 11. The method of claim 1, wherein the user authentication credentials are multi-factor authentication credentials.
  - 12. The method of claim 1, wherein sending the set of user authentication credentials to a corporate server comprises:
    - sending the set of user authentication credentials to a Transfer Plane entity,wherein the Transfer Plane entity relays the set of user authentication credentials to the corporate server.
  - 13. The method of claim 1 further comprising blocking the request to access the plurality of corporate resources if the user is denied access to corporate resources based on the received authentication decision.
  - 14. The method of claim 1, wherein the established secure connection comprises at least one In-Band channel and at least one Out-of-Band channel.
  - 15. The method of claim 1, wherein the established secure connection to the corporate server has a relay point at a Transfer Plane entity.
  - 16. The method of claim 1, wherein receiving the plurality of control policies from the corporate server comprises:
    - receiving the plurality of control policies forwarded by a Transfer Plane entity from the corporate server.
  - 17. The method of claim 1, wherein the plurality of control policies are received in the form of a plurality of Manifests by the uniquely identified Shell.
  - 18. The method of claim 1, wherein the plurality of control policies are specific to the uniquely identified Shell.
  - 19. The method of claim 1, wherein the plurality of control policies are received via an Out-of-Band channel of the secure connection.
  - 20. The method of claim 1, wherein receiving the plurality of control policies comprises monitoring and downloading updates by the Shell from a Transfer Plane entity via an Out-of-Band channel.
  - 21. The method of claim 20, wherein the updates comprise control policy updates, Shell updates and Payload updates.
  - 22. The method of claim 1, further comprising the Shell validating and enforcing the received control policies.
  - 23. The method of claim 22, wherein the validation and enforcement comprises:
    - prompting the user to restart the Shell if required.
  - 24. The method of claim 1, wherein accessing the plurality of corporate resources in accordance with the Payload based on the received plurality of control policies via the established secure connection further comprises:
    - identifying a user-requested use of the Payload;
      
      making the Payload available via the Shell;
      
      executing the Payload based on the received plurality of control policies; and
      
      receiving user data from the corporate server via an In-Band channel of the secure connection.
  - 25. The method of claim 24, further comprises terminating the Payload if the user-requested use of the Payload is accomplished.
  - 26. The method of claim 24, wherein the received user data is forwarded by a Transfer Plane entity from the corporate server.
  - 27. The method of claim 1, further comprises:
    - receiving a request to close the uniquely identified Shell from the user; and
      
      terminating the uniquely identified Shell.

28. A multi-layered corporate resources secure access system, comprising:
- a memory;
  
  a processor disposed in communication with said memory, and configured to Issue a plurality of processing instructions stored in the memory, wherein the processor issues instructions to;
  
  receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing a uniquely identified Shell based on the received request, wherein the uniquely identified Shell comprises at least the Payload and a Bubble;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.
- View Dependent Claims (29)
- - 29. The method of claim 28, wherein the Shell further comprises a plurality of Payload backups.

30. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server, wherein the established secure connection comprises at least one In-Band channel and at least one Out-of-Band channel,receiving a plurality of control policies from the corporate server via the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

31. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server, wherein the established secure connection to the corporate server has a relay point at a Transfer Plane entity,receiving a plurality of contra policies from the corporate server via the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

32. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via the secure connection, wherein the plurality of control policies are received in the form of a plurality of Manifests by the uniquely identified Shell, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

33. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via an Out-of-Band channel of the secure connection, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

34. A multi-layered processor-implemented method for secure access to corporate resources, comprising:
- receiving a Payload specific request to access a plurality of corporate resources from at least one user;
  
  initializing via a processor a uniquely identified Shell based on the received request;
  
  receiving a set of user authentication credentials from the user;
  
  sending the set of user authentication credentials to a corporate server controlling the corporate resources;
  
  receiving an authentication decision from the corporate server; and
  
  if the authentication decision is affirmative,establishing a secure connection between the Shell and the corporate server,receiving a plurality of control policies from the corporate server via the secure connection, wherein receiving the plurality of control policies comprises monitoring and downloading updates by the Shell from a Transfer Plane entity via an Out-of-Band channel, andaccessing the plurality of corporate resources via the established secure connection in compliance with the received control policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Goldman Sachs & Co. LLC (Goldman Sachs Group Incorporated)
Original Assignee
Goldman Sachs & Company (Goldman Sachs Group Incorporated)
Inventors
Labana, Harpreet Singh, Kronenberg, Yair Israel, Saluzzo, Brian J.
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/574,673
Time in Patent Office

1,428 Days
Field of Search

705/76, 726/1, 726/6
US Class Current

726/5
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

Apparatuses, methods and systems for a secure resource access and placement platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

380 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatuses, methods and systems for a secure resource access and placement platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

380 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links