Method and apparatus for providing authorized remote access to application sessions
First Claim
1. A method for providing a user with authorized remote access to one of one or more application sessions disconnected from one or more client nodes previously operated by the user, the method comprising:
- disconnecting a first client node comprising a computing environment operated by a user, by a session server, from a resource provided by an application session provided by an application server providing a plurality of application sessions via a first communication channel;
receiving a request, from a second client node comprising a second computing environment operated by the user, for access to the resource;
receiving, by a first component of the policy engine, characteristics of the second computing environment gathered by a collection agent from the second client node in response to the request to access the resource;
generating, by the first component of the policy engine, a data set from the received characteristics, responsive to applying a first policy to the received characteristics and storing an identifier for each condition satisfied in the data set;
transmitting, by the first component of the policy engine, the data set to a second component of the policy engine;
making, by the second component of the policy engine, an access control decision granting the second computing environment access to the resource based on application of a second policy to the generated data set;
identifying, based on the access control decision, the application session provided by the application server disconnected from the first client node previously operated by the user, from one or more application sessions to which the second client node is permitted to connect;
establishing, by the session server, a connection between the second client node and the identified application session provided by the application server in response to the identification via a second communication channel, wherein the second communication channel is wireless and different from the first communication channel; and
selecting, by the application server responsive to the connection, a format for the presentation of the resource based on application of a second policy to the received characteristics of the second computing environment.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing authorized remote access to one or more application sessions includes a client node, a collection agent, a policy engine, and a session server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information, and makes an access control decision based on the received information. The session server establishes a connection between a client computer operated by the user and the one or more application sessions associated with the user of the client node identified in response to the received information.
291 Citations
41 Claims
-
1. A method for providing a user with authorized remote access to one of one or more application sessions disconnected from one or more client nodes previously operated by the user, the method comprising:
-
disconnecting a first client node comprising a computing environment operated by a user, by a session server, from a resource provided by an application session provided by an application server providing a plurality of application sessions via a first communication channel; receiving a request, from a second client node comprising a second computing environment operated by the user, for access to the resource; receiving, by a first component of the policy engine, characteristics of the second computing environment gathered by a collection agent from the second client node in response to the request to access the resource; generating, by the first component of the policy engine, a data set from the received characteristics, responsive to applying a first policy to the received characteristics and storing an identifier for each condition satisfied in the data set; transmitting, by the first component of the policy engine, the data set to a second component of the policy engine; making, by the second component of the policy engine, an access control decision granting the second computing environment access to the resource based on application of a second policy to the generated data set; identifying, based on the access control decision, the application session provided by the application server disconnected from the first client node previously operated by the user, from one or more application sessions to which the second client node is permitted to connect; establishing, by the session server, a connection between the second client node and the identified application session provided by the application server in response to the identification via a second communication channel, wherein the second communication channel is wireless and different from the first communication channel; and selecting, by the application server responsive to the connection, a format for the presentation of the resource based on application of a second policy to the received characteristics of the second computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 40, 41)
-
-
26. A system for providing a user with authorized remote access to one of one or more application sessions disconnected from one or more client nodes previously operated by the user, the system comprising:
-
a session server disconnecting a first client node comprising a computing environment operated by a user from a resource provided by an application session provided by an application server providing a plurality of application sessions via a first communication session, and receiving a request from a second client node comprising a second computing environment operated by the user; a first component of the policy engine; receiving characteristics of the second computing environment gathered by a collection agent from the second client node in response to the request to access the resource, generating a data set from the received characteristics, responsive to applying a first policy to the received characteristics and storing an identifier for each condition satisfied in the data set, transmitting the data set to a second component of the policy engine; the second component of the policy engine; making an access control decision granting the second computing environment access to the resource based on the application of a second policy to the generated data set; and identifying, based on the access control decision, the application session provided by the application server disconnected from the first client node previously operated by the user, from one or more application sessions to which the second client node is permitted to connect; wherein the session server establishes a connection between the second client node and the identified application session provided by the application server in response to the identification via a second communication channel that is wireless and different from the first communication channel; and an application server, responsive to the connection, selects a format for the presentation of the resource based on application of a second policy to the received characteristics of the second computing environment. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification