Method for extranet security
First Claim
1. A computing method, comprising:
- running on a user computer a first operating environment having a first operating system for performing general-purpose operations and a second operating environment having a second operating system, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session;
monitoring the operation of the second operating environment running on the user computer with a central management subsystem, including verifying during the protected communication session that a configuration of the second operating environment matches an expected configuration and generating a monitoring result, the central management subsystem external to the server and to the user computer;
reporting the monitoring result to the server; and
controlling the communication session by the server based on trustworthiness of the second operating environment as indicated by the monitoring result reported by the central management system,wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing method includes running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with a server in a communication session and is isolated from the first operating environment such that the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment. The operation of the second operating environment running on the user computer is monitored by means of a central management subsystem, which is external to the server and to the user computer. The communication session is controlled based on the monitored operation.
-
Citations
32 Claims
-
1. A computing method, comprising:
-
running on a user computer a first operating environment having a first operating system for performing general-purpose operations and a second operating environment having a second operating system, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session; monitoring the operation of the second operating environment running on the user computer with a central management subsystem, including verifying during the protected communication session that a configuration of the second operating environment matches an expected configuration and generating a monitoring result, the central management subsystem external to the server and to the user computer; reporting the monitoring result to the server; and controlling the communication session by the server based on trustworthiness of the second operating environment as indicated by the monitoring result reported by the central management system, wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for communication with a server, comprising;
-
running on a user computer a first operating environment having a first operating system for performing general-purpose operations; running on the user computer a second operating environment having a second operating system, which is configured expressly for interacting with the server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session; and providing information by the second operating environment to a central management subsystem external to the user computer so as to enable the central management subsystem to monitor the operation of the second operating environment including verify during the protected communication session that a configuration of the second operating environment matches an expected configuration, produce a monitoring result based on the monitoring, report the monitoring result to the server and cause the server to control the communication session based on trustworthiness of the second operating environment as indicated by the monitoring result, wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other.
-
Specification