Controlling device access to enterprise resources in an orchestration framework for connected devices

US 8,745,755 B2
Filed: 08/09/2013
Issued: 06/03/2014
Est. Priority Date: 10/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

interconnecting a plurality of client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to one or more of the client computing devices;

receiving a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first client computing device and the second client computing device are communicatively connected via the orchestration framework;

identifying a data vault at the first client computing device that stores the content;

determining whether the data vault is encrypted or unencrypted;

instructing the second client computing device to store the content in an encrypted data vault of the second client computing device or in an unencrypted data vault of the second client computing device based on whether the data vault of the first client computing device is encrypted or unencrypted; and

transmitting to the second client computing device an instruction to delete the content wherein receipt of the instruction at the second client computing device causes the second client computing device to delete at least a portion of encrypted content from the encrypted data vault and at least a portion of unencrypted content from the unencrypted data vault.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

Citations

16 Claims

1. A method comprising:
- interconnecting a plurality of client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to one or more of the client computing devices;
  
  receiving a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first client computing device and the second client computing device are communicatively connected via the orchestration framework;
  
  identifying a data vault at the first client computing device that stores the content;
  
  determining whether the data vault is encrypted or unencrypted;
  
  instructing the second client computing device to store the content in an encrypted data vault of the second client computing device or in an unencrypted data vault of the second client computing device based on whether the data vault of the first client computing device is encrypted or unencrypted; and
  
  transmitting to the second client computing device an instruction to delete the content wherein receipt of the instruction at the second client computing device causes the second client computing device to delete at least a portion of encrypted content from the encrypted data vault and at least a portion of unencrypted content from the unencrypted data vault.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising, responsive to a determination that the first data vault is encrypted:
    - encrypting the content at the first client computing device using an encryption key before transferring the content to the second client computing device; and
      
      providing the encryption key to the second client computing device such that the second client computing device is capable of decrypting the content.
  - 3. The method of claim 1 further comprising, responsive to a determination that the data vault is unencrypted, instructing the second client computing device to store the content at a unencrypted data vault.
  - 4. The method of claim 1 wherein the orchestration framework is configured to communicatively connect the first client computing device and the second client computing device via at least one of a client-server communication session, a peer-to-peer communication session, and combinations thereof.

5. An apparatus comprising:
- at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the apparatus tointerconnect a plurality of client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to one or more of the client computing devices,receive a request to transfer content from a first client computing device of the plurality of client computing devices to a second client computing device of the plurality of client computing devices while the first client computing device and the second client computing device are communicatively connected via the orchestration framework,identify a data vault that stores the content at the first client computing device,instruct the second client computing device to store the content in an encrypted data vault of the second client computing device or in an unencrypted data vault of the second client computing device based on whether the data vault of the first client computing device is encrypted or unencrypted, andtransmit to the second client computing device an instruction to delete the content; and
  
  wherein receipt of the instruction at the second client computing device causes the second client computing device to delete at least a portion of encrypted content from the encrypted data vault and at least a portion of unencrypted content from the unencrypted data vault.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The apparatus of claim 5 wherein:
    - the instructions, when executed by the at least one processor, further cause the apparatus toinstruct the second computing device to store the content in the encrypted data vault responsive to a determination that the data vault of the first client device is encrypted, andinstruct the second client computing device to store the content in the unencrypted data vault responsive to a determination that the data vault of the first client computing device is unencrypted.
  - 7. The apparatus of claim 5 wherein:
    - the first client computing device includes a main data store;
      
      the data vault is encrypted;
      
      the main data store and the data vault are separate components; and
      
      the instructions, when executed by the at least one processor, further cause the apparatus todetermine whether the second client computing device includes at least one encrypted data vault, andinitiate transfer of the content to the second client computing device responsive to a determination that the second client computing device includes at least one encrypted data vault.
  - 8. The apparatus of claim 7 wherein the instructions, when executed by the at least one processor, further cause the apparatus to block transfer of the content to the second client computing device responsive to a determination that the second client computing device does not include at least one encrypted data vault.
  - 9. The apparatus of claim 7 wherein the instructions, when executed by the at least one processor, further cause the apparatus to:
    - responsive to a determination that the second client computing device does not include at least one encrypted data vault,locate a third client computing device of the plurality of client computing devices that includes at least one encrypted data vault,initiate transfer of the content to the third client computing device, andinstruct the third client computing device to store the content in one of the at least one encrypted data vaults at the third client computing device.
  - 10. The apparatus of claim 5 wherein:
    - the second client computing device is one of at least two client computing devices of the plurality of client computing devices that store the content; and
      
      the instructions, when executed by the at least one processor, cause the apparatus to track each client computing device of the plurality of client computing devices that stores the content.
  - 11. The apparatus of claim 10 wherein the instructions, when executed by the at least one processor, further cause the apparatus to instruct each client computing device of the plurality of client computing devices to delete at least a portion of the content respectively stored at each of the client computing devices.

12. One or more non-transitory computer-readable media having instructions that, when executed, cause a computing device to:
- connect to one or more client computing devices through an orchestration framework such that functionality associated with a computing activity is assignable to one or more of the client computing devices;
  
  receive an indication of selected content to transfer to a selected client computing device of the one or more client computing devices while the computing device and the one or more client computing devices are communicatively connected via the orchestration framework wherein the selected content is stored at a first encrypted data vault of the computing device;
  
  display a list of client computing devices available for selection as the selected client computing device wherein the list of client computing devices includes one or more client computing devices that have an encrypted data vault and excludes any client computing devices that do not have an encrypted data vault;
  
  receive a selection of one of the client computing devices in the list of client computing devices as the selected client computing device;
  
  initiate transfer of the selected content to the selected client computing device via the orchestration framework wherein receipt of the selected content at the selected client computing device causes the selected client computing device to store the selected content at a second encrypted data vault; and
  
  initiate transmission of an instruction to the selected computing device to delete the selected content which causes the selected client computing device to delete a portion of encrypted content stored at the second encrypted data vault and at least a portion of unencrypted content stored at an unencrypted data vault of the selected client computing device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable media of claim 12 wherein the instructions, when executed, cause the computing device to:
    - encrypt the content with an encryption key before transferring the selected content to the selected client computing device; and
      
      providing the selected client computing device with the encryption key such that the selected client computing device is capable of decrypting the selected content.
  - 14. The computer-readable media of claim 12 wherein:
    - the computing device further includes a first unencrypted data vault; and
      
      the instructions, when executed, further cause the computing device toreceive transferred content from a second client computing device of the one or more client computing devices, andstore the transferred content in one of the first encrypted data vault or the first unencrypted data vault.
  - 15. The computer-readable media of claim 14 wherein:
    - the transferred content is encrypted; and
      
      the instructions, when executed, further cause the computing device to receive a transferred encryption key with the transferred content, and decrypt the transferred content using the encryption key.
  - 16. The computer-readable media of claim 14 wherein:
    - the transferred content is stored in the first encrypted data vault; and
      
      the instructions, when executed, cause the computing device to delete at least a portion of the transferred content responsive to receipt of an instruction to delete the transferred content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Borzycki, Andrew, Deva, Mallikharjuna Reddy, Gajendar, Uday Nandigam, Roychoudhry, Anil
Primary Examiner(s)
Schwartz, Darren B
Assistant Examiner(s)
King, John B

Application Number

US13/963,811
Publication Number

US 20140108792A1
Time in Patent Office

298 Days
Field of Search

726 1- 3, 726/16, 726 26- 27, 713/150, 713/153, 713/154, 713/160, 713164-166, 380200-203, 380255-257, 380259-260, 380/269, 380/270, 380277-278, 380/283, 380 28- 30
US Class Current

726/27
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

G06F 9/543   User-generated data transfe...

H04L 1/0025   Transmission of mode-switch...

H04L 12/2856   Access arrangements, e.g. I...

H04L 63/04   for providing a confidentia...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 67/04   specially adapted for termi...

H04L 67/10   in which an application is ...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/34   involving the movement of s...

H04L 67/567   Integrating service provisi...

H04L 67/60   Scheduling or organising th...

H04L 67/63   Routing a service request d...

H04L 9/14   using a plurality of keys o...

Controlling device access to enterprise resources in an orchestration framework for connected devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling device access to enterprise resources in an orchestration framework for connected devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links