Systems and methods for accessing a virtual desktop
First Claim
1. An authentication system comprising:
- a plurality of access-protected network resources, each of the access-protected network resources having respective access permissions;
a first computing device comprising a first processor configured to;
receive an access request and access credentials from a first user;
determine that the access credentials are valid; and
in response to determining that the access credentials are valid, authenticate the first user and generate an authentication token for the first user; and
a second computing device comprising a second processor configured to;
receive a request from the first user to access a first access-protected network resource of the plurality of access-protected network resources;
receive one of the authentication token for the first user or a reference to the authentication token;
determine that the first user has permission to access the first access-protected network resource;
generate smartcard credentials for the first user, wherein the smartcard credentials comprise a private key and a digital certificate with a public key for the first user;
store the smartcard credentials in a virtual smartcard;
associate the virtual smartcard with the first access-protected network resource to allow the first user to access the first access-protected network resource using the smartcard credentials without entering additional access credentials;
receive a request from the first user to access a second access-protected network resource of the plurality of access-protected network resources, the second access-protected network resource having different access permissions from the first access-protected network resource;
determine that the first user has permission to access the second access-protected network resource from one of the authentication token or a reference to the authentication token; and
associate the virtual smartcard with the second access-protected network resource to allow the first user to access the second access-protected network resource using the smartcard credentials without entering additional access credentials, wherein;
the plurality of access-protected network resources, the first computing device, and the second computing device are included within a domain.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, computer-readable storage medium, and systems described herein facilitate enabling access to a virtual desktop of a host computing device. An authentication system receives one of an authentication token and a reference to the authentication token, wherein the authentication token is indicative of whether a user successfully logged in to an authentication portal using a client computing device. The authentication system generates a private key, a digital certificate, and a personal identification number (PIN) for the user in response to receiving the one of the authentication token and the reference to the authentication token. The private key, the digital certificate, and the PIN are stored in a virtual smartcard, and the client computing device is authorized to log into a virtual desktop using the virtual smartcard.
17 Citations
19 Claims
-
1. An authentication system comprising:
-
a plurality of access-protected network resources, each of the access-protected network resources having respective access permissions; a first computing device comprising a first processor configured to; receive an access request and access credentials from a first user; determine that the access credentials are valid; and in response to determining that the access credentials are valid, authenticate the first user and generate an authentication token for the first user; and a second computing device comprising a second processor configured to; receive a request from the first user to access a first access-protected network resource of the plurality of access-protected network resources; receive one of the authentication token for the first user or a reference to the authentication token; determine that the first user has permission to access the first access-protected network resource; generate smartcard credentials for the first user, wherein the smartcard credentials comprise a private key and a digital certificate with a public key for the first user; store the smartcard credentials in a virtual smartcard; associate the virtual smartcard with the first access-protected network resource to allow the first user to access the first access-protected network resource using the smartcard credentials without entering additional access credentials; receive a request from the first user to access a second access-protected network resource of the plurality of access-protected network resources, the second access-protected network resource having different access permissions from the first access-protected network resource; determine that the first user has permission to access the second access-protected network resource from one of the authentication token or a reference to the authentication token; and associate the virtual smartcard with the second access-protected network resource to allow the first user to access the second access-protected network resource using the smartcard credentials without entering additional access credentials, wherein; the plurality of access-protected network resources, the first computing device, and the second computing device are included within a domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium having computer-executable instructions stored thereon that, when executed by one or more computing devices, cause the computing devices to perform operations comprising:
-
receiving a request from a first user to access a first access-protected virtual desktop of a plurality of access-protected virtual desktops; receiving one of an authentication token or a reference to the authentication token, wherein the authentication token indicates that the first user successfully logged in to an authentication portal by submitting access credentials to the authentication portal; determining that the first user has permission to access the first access-protected virtual desktop; generating smartcard credentials for the first user, wherein the smartcard credentials comprise a private key, a digital certificate, and a personal identification number (PIN) for the first user; storing the smartcard credentials in a virtual smartcard; authorizing the client computing device to log into the first access-protected virtual desktop using the smartcard credentials stored in the virtual smartcard, without entering additional access credentials; receive a request from the first user to access a second access-protected network resource of the plurality of access-protected network resources, the second access-protected network resource having different access permissions from the first access-protected network resource; determine that the first user has permission to access the second access-protected network resource from one of the authentication token or a reference to the authentication token; and associate the virtual smartcard with the second access-protected network resource to allow the first user to access the second access-protected network resource using the smartcard credentials without entering additional access credentials, wherein; the plurality of access-protected network resources and the one or more devices are included within a domain. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of authorizing a first user to access access-protected virtual desktops, the method comprising:
-
receiving, by a first computing device, a request from the first user to access a first access-protected virtual desktop of a plurality of access-protected virtual desktops; receiving, by the first computing device, one of an authentication token or a reference to the authentication token, wherein the authentication token indicates that the first user successfully logged in to an authentication portal by submitting access credentials to the authentication portal; determining that the first user has permission to access the first access-protected virtual desktop; generating smartcard credentials for the first user, wherein the smartcard credentials comprise a private key, a digital certificate, and a personal identification number (PIN) for the first user; storing the smartcard credentials in a virtual smartcard; and associating the virtual smartcard with the first access-protected virtual desktop to allow the first user to log in to the first access-protected virtual desktop using the smartcard credentials without entering additional access credentials; receiving a request from the first user to access a second access-protected network resource of the plurality of access-protected network resources, the second access-protected network resource having different access permissions from the first access-protected network resource; determining that the first user has permission to access the second access-protected network resource from one of the authentication token or a reference to the authentication token; and associating the virtual smartcard with the second access-protected network resource to allow the first user to access the second access-protected network resource using the smartcard credentials without entering additional access credentials, wherein; the plurality of access-protected network resources and the first computing device are included within a domain. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification