Systems and methods for providing a smart group

US 8,839,346 B2
Filed: 07/21/2010
Issued: 09/16/2014
Est. Priority Date: 07/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a policy group to aggregate access configurations to control a user'"'"'s access to an identified resource, the method comprising:

a) establishing, via a policy manager executing on a device intermediary to a plurality of clients and one or more servers, a policy group representing an aggregate of one or more access configurations for a user to access via the device one or more identified resources of the one or more servers, the policy group comprising a login point component representing an entry point to access the one or more identified resources;

b) configuring, via the policy manager, the login point component to specify a uniform resource locator for the entry point;

c) selecting, via the policy manager from a plurality of authentication methods, one or more authentication methods for the login point component, the plurality of authentication methods comprising a first authentication method to which a first set of at least one authorization method is assigned, different from a second set of at least one authorization method assigned to a second authentication method of the plurality of authentication methods; and

d) selecting, via the policy manager from a plurality of authorization methods, one or more authorization methods for the login point component based on the one or more selected authentication methods, each of the selected authentication methods assigned with at least one authorization method.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods for establishing and applying a policy group to control a user'"'"'s access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

20 Citations

View as Search Results

20 Claims

1. A method for establishing a policy group to aggregate access configurations to control a user'"'"'s access to an identified resource, the method comprising:
- a) establishing, via a policy manager executing on a device intermediary to a plurality of clients and one or more servers, a policy group representing an aggregate of one or more access configurations for a user to access via the device one or more identified resources of the one or more servers, the policy group comprising a login point component representing an entry point to access the one or more identified resources;
  
  b) configuring, via the policy manager, the login point component to specify a uniform resource locator for the entry point;
  
  c) selecting, via the policy manager from a plurality of authentication methods, one or more authentication methods for the login point component, the plurality of authentication methods comprising a first authentication method to which a first set of at least one authorization method is assigned, different from a second set of at least one authorization method assigned to a second authentication method of the plurality of authentication methods; and
  
  d) selecting, via the policy manager from a plurality of authorization methods, one or more authorization methods for the login point component based on the one or more selected authentication methods, each of the selected authentication methods assigned with at least one authorization method.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises establishing the policy group to have a device profile component with the login point component, the device profile component identifying end point analysis to perform for access via the entry point of the login point component.
  - 3. The method of claim 1, wherein step (b) further comprises establishing a second login point component for the policy group and configuring a second uniform resource locator as the entry point.
  - 4. The method of claim 1, wherein step (c) further comprises specifying two authentication methods for dual authentication for the login point component.
  - 5. The method of claim 1, wherein step (d) further comprises limiting, by the policy manager, selection of authorization methods based on the selection of the one or more authentication methods.
  - 6. The method of claim 1, further comprising disabling the login point component, the policy group becoming disabled.
  - 7. The method of claim 1, further comprising specifying for the policy group one or more device profiles, each of the one or more device profiles identifying one or more types of end point analysis to perform on a device of the user.
  - 8. The method of claim 1, further comprising specifying for the policy group a type of resource of the one or more identified resources that is allowed access.
  - 9. The method of claim 1, further comprising specifying for the policy group a type of resource of the one or more identified resources that is denied access.
  - 10. The method of claim 1, further comprising specifying for the login point component one or more parameters that override corresponding parameters of the device.

11. A method for applying a policy group to control a user'"'"'s access to an identified resource, the method comprising:
- a) identifying, by a device intermediary to a plurality of clients and one or more servers, a policy group representing an aggregate of one or more access configurations for a user to access via the device one or more identified resources of the one or more servers, the policy group comprising a login point component representing an entry point to access the one or more identified resources;
  
  b) receiving, by the device, a request of the user to access a uniform resource locator corresponding to the entry point specified by the login point component;
  
  c) initiating, by the device from a plurality of authentication methods, one or more authentication methods specified by the login point component with the user, the plurality of authentication methods comprising a first authentication method to which a first set of at least one authorization method is assigned, different from a second set of at least one authorization method assigned to a second authentication method of the plurality of authentication methods; and
  
  d) selecting, by the device from a plurality of authorization methods one or more authorization methods for the login point component based on the selected one or more authentication methods, each of the one or more selected authentication methods assigned with at least one authorization method.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein step (a) further comprises identifying a device profile component of the policy group, the device profile component specifying one or more device profiles for access via the entry point of the login point component.
  - 13. The method of claim 11, wherein step (b) further comprises receiving, by the device, the uniform resource locator identified as the entry point to a second login component of the policy group.
  - 14. The method of claim 11, wherein step (c) further comprises initiating, by the device, two authentication methods specified by the login point component for dual authentication.
  - 15. The method of claim 11, wherein the selection of authorization method is limited to the specification of the one or more authentication methods.
  - 16. The method of claim 11, further comprising performing, by the device on a second device of the user, one or more types of end point analysis specified by one or more device profiles of the device profile component.
  - 17. The method of claim 11, further comprising granting access by the device to a type of resource of the one or more identified resources.
  - 18. The method of claim 11, further comprising denying access by the device to a type of resource of the one or more identified resources.
  - 19. The method of claim 11, further comprising overriding by the device one or more parameters of the device as specified by the policy group.

20. A system for providing a policy group to aggregate access configurations to control a specific user'"'"'s access to a specific resource, the system comprising:
- a device intermediary to a plurality of clients and one or more servers;
  
  a policy manager of the device establishing a policy group representing an aggregate of one or more access configurations for a user to access via the device one or more identified resources of the one or more servers;
  
  a login point component of the policy group representing an entry point to access the one or more identified resources, the login point component specifying a uniform resource locator for the entry point; and
  
  wherein via the policy manager one or more authentication methods are selected for the login point component from a plurality of authentication methods, the plurality of authentication methods comprising a first authentication method to which a first set of at least one authorization method is assigned, different from a second set of at least one authorization method assigned to a second authentication method of the plurality of authentication methods; and
  
  from a plurality of authorization methods, one or more authorization methods are selected for the login point component based on the one or more selected authentication methods, each of the one or more selected authentication methods assigned with at least one authorization method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Murgia, Marco, Tomlin, Larry, Bojer, Ivan, Kann, Jong, Rafiq, Pierre
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US12/840,632
Publication Number

US 20120023554A1
Time in Patent Office

1,518 Days
Field of Search

726/1, 726/2, 726/4
US Class Current

726/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Systems and methods for providing a smart group

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing a smart group

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links