Methods and apparatus for scalable secure remote desktop access

US 8,719,433 B2
Filed: 11/11/2011
Issued: 05/06/2014
Est. Priority Date: 10/10/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method of enrolling networked resources via an enrollment system communicating with an enrollment administration system permitting enrollment based on enrollment rules stored in an enrollment database, the method comprising:

(a) enrolling a networked resource to later access the networked resource remotely, wherein enrolling the networked resource comprises;

(1) receiving, by an enrollment system executing on a computing machine, an enrollment request from a console that is physically attached to the networked resource and from a user to enroll the networked resource;

(2) authenticating, by the enrollment system, an identity of the user;

(3) sending, by the enrollment system to an enrollment administration system executing on the computer machine, the enrollment request;

(4) determining, by the enrollment administration system, if the user is permitted to enroll the networked resource based upon identifying at least one of a plurality of enrollment rules in an enrollment database;

(5) determining, by the enrollment administration system, if the user sent the enrollment request from the console that is physically attached to the networked resource;

(6) enrolling, by the enrollment administration system, the networked resource responsive to determining (i) if the user is permitted to enroll the networked resource and (ii) if the user sent the enrollment request from the console that is physically attached to the networked resource;

(b) establishing an initial remote connection to access the networked resource, wherein establishing the initial remote connection comprises;

(1) receiving, by a remote access system, an access request from the user to access the networked resource from a remote location, wherein the access request is distinct from the enrollment request;

(2) verifying, by the remote access system, the identity of the user;

(3) determining, by the remote access system, if network resource has been previously enrolled by the user; and

(4) granting, by the remote access system, responsive to the determination, remote access to the network resource.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource.

Citations

20 Claims

1. A method of enrolling networked resources via an enrollment system communicating with an enrollment administration system permitting enrollment based on enrollment rules stored in an enrollment database, the method comprising:
- (a) enrolling a networked resource to later access the networked resource remotely, wherein enrolling the networked resource comprises;
  
  (1) receiving, by an enrollment system executing on a computing machine, an enrollment request from a console that is physically attached to the networked resource and from a user to enroll the networked resource;
  
  (2) authenticating, by the enrollment system, an identity of the user;
  
  (3) sending, by the enrollment system to an enrollment administration system executing on the computer machine, the enrollment request;
  
  (4) determining, by the enrollment administration system, if the user is permitted to enroll the networked resource based upon identifying at least one of a plurality of enrollment rules in an enrollment database;
  
  (5) determining, by the enrollment administration system, if the user sent the enrollment request from the console that is physically attached to the networked resource;
  
  (6) enrolling, by the enrollment administration system, the networked resource responsive to determining (i) if the user is permitted to enroll the networked resource and (ii) if the user sent the enrollment request from the console that is physically attached to the networked resource;
  
  (b) establishing an initial remote connection to access the networked resource, wherein establishing the initial remote connection comprises;
  
  (1) receiving, by a remote access system, an access request from the user to access the networked resource from a remote location, wherein the access request is distinct from the enrollment request;
  
  (2) verifying, by the remote access system, the identity of the user;
  
  (3) determining, by the remote access system, if network resource has been previously enrolled by the user; and
  
  (4) granting, by the remote access system, responsive to the determination, remote access to the network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the-remote access to the networked resource uses a remote display protocol.
  - 3. The method of claim 1, further comprising identifying an enrollment rule by:
    - defining a plurality of groups of users;
      
      defining a plurality of groups of networked resources; and
      
      specifying a group of networked resources that a group of users is permitted to enroll.
  - 4. The method of claim 1 wherein enrolling the networked resource is disallowed from a remote console.
  - 5. The method of claim 1 wherein enrolling the networked resource requires the user to enroll from the console physically attached to the networked resource.
  - 6. The method of claim 1 wherein granting access to the networked resource further comprises granting access to the desktop of the networked resource computing device.
  - 7. The method of claim 1 wherein the enrollment administration system is a network application.
  - 8. The method of claim 1 further comprising denying access to the networked resources upon determining the user had not previously successfully enrolled the networked resource via the enrollment administration system.
  - 9. The method of claim 1 wherein the enrollment request includes an identification of the networked resource the user is requesting to enroll and the identification of the user.
  - 10. The method of claim 1 further comprising adding an enrollment record of the networked resource for the user to the enrollment database.

11. A system for enrolling networked resources via an enrollment system communicating with an enrollment administration system permitting enrollment based on enrollment rules stored in an enrollment database, the system comprising:
- (a) an enrollment system executing on a computing machine, the enrollment system;
  
  (1) receiving an enrollment request from a console that is physically attached to the networked resource and from a user to enroll a networked resource;
  
  (2) authenticating an identity of the user;
  
  (b) an enrollment administration system executing on the computing machine to enroll the networked resource to later access the network resource remotely, the enrollment administration system;
  
  (1) receiving, an enrollment request from the enrollment system;
  
  (2) determining if the user is permitted to enroll the networked resource based upon identifying at least one of a plurality of enrollment rules in an enrollment database;
  
  (3) determining if the user sent the enrollment request from the console that is physically attached to the networked resource;
  
  (4) enrolling the networked resource responsive to determining (i) if the user is permitted to enroll the networked resource and (ii) if the user sent the enrollment request from the console that is physically attached to the networked resource;
  
  (c) a remote access system to establish an initial remote connection to access the networked resource, executing on the computing machine, the remote access system;
  
  (1) receiving an access request from the user to access the networked resource from a remote location, wherein the access request is distinct from the enrollment request;
  
  (2) verifying the identity of the user;
  
  (3) determining, if network resource has been previously enrolled by the user; and
  
  (4) granting, responsive to the determination, remote access to the network resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein remote access to the networked resource uses a remote display protocol.
  - 13. The system of claim 11 wherein the enrollment administration system identifies an enrollment rule by:
    - defining a plurality of groups of users;
      
      defining a plurality of groups of networked resources; and
      
      specifying a group of networked resources that a group of users is permitted to enroll.
  - 14. The system of claim 11 wherein the enrollment administration system does not have permission to enroll the networked resource from a remote console.
  - 15. The system of claim 11 wherein the enrollment administration system requires the user to enroll from the console physically attached to the networked resource.
  - 16. The system of claim 11 wherein the enrollment administration system grants access to the desktop of a networked computing device resource.
  - 17. The system of claim 11 wherein the enrollment system is a network application.
  - 18. The system of claim 11 wherein the enrollment administration system denies access to the networked resources upon determining the user had not previously successfully enrolled the networked resource via the enrollment administration system.
  - 19. The system of claim 11, wherein the enrollment request includes an identification of the networked resource the user is requesting to enroll and the identification of the user.
  - 20. The system of claim 11, wherein the enrollment administration system adds an enrollment record of the networked resource for the user to the enrollment database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Panasyuk, Anatoliy, Sirjani, Abolfazl, Walters, Ben, Burr, Michael, Earl, Min-Chih Lu
Primary Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US13/294,965
Publication Number

US 20120060204A1
Time in Patent Office

907 Days
Field of Search

726/2
US Class Current

709/229
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/604   Tools and structures for ma...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/102   Entity profiles

Methods and apparatus for scalable secure remote desktop access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for scalable secure remote desktop access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links