Generating secure roaming user profiles over a network
First Claim
1. A method for providing access to a resource over a network, comprising:
- requesting by a client device, access to a server through a Traffic Management Device (TMD) interposed between the client device and the server;
switching control of the client device from a first desktop to a secure desktop, wherein the secure desktop is configured to restrict applications access to within the secure desktop;
receiving from the TMD an indication of the resource on the server to map;
mapping the indicated resource onto a file system of the client device such that the resource appears local to the client device, wherein the mapped resource is constrained to be accessed through the secure desktop using at least one operation of an operating system controlled by the secure desktop, and wherein mapping the resource further includes adding to an operating system of the client device a kernel module configured to provide access to the resource; and
when the secure desktop is closed, unmapping the indicated resource, and further when the indicated resource is cached on the client device, sending the indicated resource to the server to synchronize the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.
56 Citations
18 Claims
-
1. A method for providing access to a resource over a network, comprising:
-
requesting by a client device, access to a server through a Traffic Management Device (TMD) interposed between the client device and the server; switching control of the client device from a first desktop to a secure desktop, wherein the secure desktop is configured to restrict applications access to within the secure desktop; receiving from the TMD an indication of the resource on the server to map; mapping the indicated resource onto a file system of the client device such that the resource appears local to the client device, wherein the mapped resource is constrained to be accessed through the secure desktop using at least one operation of an operating system controlled by the secure desktop, and wherein mapping the resource further includes adding to an operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the indicated resource, and further when the indicated resource is cached on the client device, sending the indicated resource to the server to synchronize the resource. - View Dependent Claims (2, 3, 4)
-
-
5. A network device for providing access to a resource over a network, comprising:
-
a memory arranged to store data and instructions; an input interface for receiving requests and sending responses; and a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising; receiving from a client device, a request for an application configured to provide access to the resource on a server; sending the application over the network to the client device; sending an indication of the resource to map onto a file system controlled by a secure desktop; enabling a mapping of the resource onto the secure desktop, wherein the secure desktop is launched by the application on the client device and wherein the mapped resource is constrained to be accessed through the secure desktop such that the mapped resource appears local to the client device, and wherein mapping the resource further includes adding to an operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the indicated resource, and further when the indicated resource is cached on the client device, sending the indicated resource to the server to synchronize the resource. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A non-transitory machine-readable storage medium having machine-executable instructions stored thereon, which when executed by at least one processor, causes the at least one processor to perform one or more actions, comprising:
-
establishing a tunnel over the network to a Traffic Management Device (TMD) interposed between a client device and a server configured to provide the resource; launching a secure desktop, wherein an application in the secure desktop is restricted from accessing another application outside the secure desktop; mapping the resource onto the secure desktop such that the resource appears local to the client device, through the TMD, and over the tunnel, wherein the mapped resource is accessible through the secure desktop if the tunnel is active, and wherein mapping the resource further includes adding to an operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the indicated resource, and further when the indicated resource is cached on the client device, sending the indicated resource to the server to synchronize the resource. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for providing access to a resource over a network, comprising:
-
a Traffic Management Device (TMD) interposed between at least one server and a client device, configured to perform actions comprising; determining an authorization of the client device to perform a file system operation on a resource on the at least one server; and if the determined authorization indicates access, providing access to the resource for the client device; the at least one server configured to perform the file system operation on the resource based on a message received through the TMD; and the client device configured to perform actions comprising; receiving an application, wherein the application is configured to enable access to the resource; switching, by the application, control of the client device to a secure desktop configured to control the client device; and enabling a user of the secure desktop to access the resource through a mapping of the resource onto a file system of the client device where the resource is mapped to appear local to the client device, wherein the mapped resource is constrained to be operated on by an operating system operation of the client device accessed through the secure desktop, and wherein mapping the resource further includes adding to an operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the indicated resource, and further when the indicated resource is cached on the client device, sending the indicated resource to the at least one server to synchronize the resource. - View Dependent Claims (17, 18)
-
Specification