Remote access to resources over a network

US 8,601,550 B2
Filed: 11/02/2010
Issued: 12/03/2013
Est. Priority Date: 06/24/2004
Status: Active Grant

First Claim

Patent Images

1. A method of determining and updating the computing environment of a client computer, comprising:

a client computer sending a request to an access server requesting access to a remote resource;

the access server establishing a secure communication channel between the client computer and a server system;

installing a pre-authentication interrogator agent onto the client computer using the secure communication channel, the server system receiving a first set of interrogation results produced by the pre-authentication interrogator agent that describe one or more objects of the computing environment of the client computer;

authenticating that the first set of interrogation results correspond to at least one of a known client computer or to a known client computer user;

installing a post-authentication interrogator agent on the client computer using the secure communication channel, the server system receiving a second set of interrogation results that describe one or more other objects of the computing environment of the client computer; and

providing the remote resource to the client computer over the secure communication channel upon determination by a policy server that the first and second sets of interrogation results comply with a policy rule, the policy rule specifying a condition for the user of the client device to access the requested resource, and wherein the remote resource is provided by the server system.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer'"'"'s ability to access a resource is determined based upon the computer'"'"'s operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer'"'"'s access to the requested resource.

Citations

10 Claims

1. A method of determining and updating the computing environment of a client computer, comprising:
- a client computer sending a request to an access server requesting access to a remote resource;
  
  the access server establishing a secure communication channel between the client computer and a server system;
  
  installing a pre-authentication interrogator agent onto the client computer using the secure communication channel, the server system receiving a first set of interrogation results produced by the pre-authentication interrogator agent that describe one or more objects of the computing environment of the client computer;
  
  authenticating that the first set of interrogation results correspond to at least one of a known client computer or to a known client computer user;
  
  installing a post-authentication interrogator agent on the client computer using the secure communication channel, the server system receiving a second set of interrogation results that describe one or more other objects of the computing environment of the client computer; and
  
  providing the remote resource to the client computer over the secure communication channel upon determination by a policy server that the first and second sets of interrogation results comply with a policy rule, the policy rule specifying a condition for the user of the client device to access the requested resource, and wherein the remote resource is provided by the server system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising installing a security process object onto the client device in accordance with the policy rule, the security process object installed by a provisioning server.
  - 3. The method of claim 2, further including installing a firewall agent security process object, the firewall agent security process object installed by the provisioning server.
  - 4. The method of claim 2, further including installing a certification agent security process object, the firewall agent security process object installed by the provisioning server.
  - 5. The method of claim 1, wherein the secure communication channel is a Virtual Private Network established by the access server using the Internet Protocol Secure (IPSec) Protocol.
  - 6. The method of claim 1, wherein the secure communication channel is established by the access server via a browser application executed at the client computer.
  - 7. The method of claim 1, wherein the workplace server is a proxy server.
  - 8. The method of claim 1, further comprising validating authentication credential information submitted by a user associated with the client computer and the request to access the remote resource, the credential information validated by the policy server.
  - 9. The method of claim 8, further including receiving credential and profile information regarding the user and determining that access to the resource should be granted to the user.
  - 10. The method of claim 9, further including maintaining a rule set stored in memory, the rule set including one or rules for determining that access to the remote resource should be granted to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
Hopen, Chris, Tomlinson, Gary, Anandam, Parvez, Young, Brian, Flagg, Alan, O'Reilley, Jude Michael Dylan
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US12/938,330
Publication Number

US 20110167101A1
Time in Patent Office

1,127 Days
Field of Search

726/4, 726/5, 709/224
US Class Current

726/4
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 2221/034   Test or assess a computer o...

H04L 12/2856   Access arrangements, e.g. I...

H04L 47/783   Distributed allocation of r...

H04L 47/805   QOS or priority aware

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

H04L 67/63   Routing a service request d...

Remote access to resources over a network

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Remote access to resources over a network

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links