Access control center auto launch

US 9,124,649 B1
Filed: 04/21/2014
Issued: 09/01/2015
Est. Priority Date: 09/10/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for opening remote sessions to devices in a controlled network, the method comprising:

verifying, by a server, a first set of login credentials identifying a support person operating a thin client computing device;

receiving, by the server, from a computing device associated with an administrator an assignment of an incident indicating the support person;

connecting, by the server, a remote desktop client executed by the thin client to a virtual desktop hosted on a workstation computer hosting one or more virtual desktops;

obtaining, by the server, a second set of credentials for accessing a device associated with an incident, wherein the server receives the second set of credentials identified by the computing device associated with the administrator;

directing, by the server, the virtual desktop to download from a database a launch routine configured to execute a remote access application connecting the virtual desktop to the device associated with the incident using the second set of credentials accessing the device; and

opening, by the server, a remote session between the remote access application of the virtual desktop and the device associated with the incident.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems provide indirect and temporary access to a company'"'"'s IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company'"'"'s IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

61 Citations

View as Search Results

33 Claims

1. A computer-implemented method for opening remote sessions to devices in a controlled network, the method comprising:
- verifying, by a server, a first set of login credentials identifying a support person operating a thin client computing device;
  
  receiving, by the server, from a computing device associated with an administrator an assignment of an incident indicating the support person;
  
  connecting, by the server, a remote desktop client executed by the thin client to a virtual desktop hosted on a workstation computer hosting one or more virtual desktops;
  
  obtaining, by the server, a second set of credentials for accessing a device associated with an incident, wherein the server receives the second set of credentials identified by the computing device associated with the administrator;
  
  directing, by the server, the virtual desktop to download from a database a launch routine configured to execute a remote access application connecting the virtual desktop to the device associated with the incident using the second set of credentials accessing the device; and
  
  opening, by the server, a remote session between the remote access application of the virtual desktop and the device associated with the incident.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein opening the remote session further comprises:
    - automatically directing, by the server, the virtual desktop to execute the launch routine upon receiving approval from a manager to access the device associated with the incident.
  - 3. The method of claim 1, wherein the launch routine is initiated manually by the support personnel operating the virtual desktop via the connection with the thin client.
  - 4. The method according to claim 1, wherein obtaining the second set of credentials further comprises:
    - automatically fetching, by the server, from the database storing one or more sets of credentials the second set of credentials identified by the computer associated with the administrator, based on the device associated with the incident.
  - 5. The method according to claim 1, wherein the second set of credentials are provided to the virtual desktop with the launch routine download.
  - 6. The method according to claim 1, wherein opening the remote session further comprises:
    - transmitting, by the server, the second set of credentials to the remote access application of the virtual desktop.
  - 7. The method according to claim 1, wherein opening the remote session further comprises:
    - automatically accessing, by the server, the device associated with the incident on behalf of the remote access application using the second set of credentials.
  - 8. The method according to claim 1, wherein the virtual desktop comprises a plurality of remote access applications, and wherein the virtual desktop automatically determines the remote access application to execute based upon the device associated with the incident.
  - 9. The method according to claim 1, wherein connecting the thin client to the virtual desktop further comprises:
    - identifying, by the server, an assignment for the support person to resolve the incident from an incident record stored in a memory; and
      
      identifying, by the server, the virtual desktop to connect to the thin client according to the incident record having the assignment.
  - 10. The method according to claim 9, further comprising automatically determining, by the server, the virtual desktop based on a type of incident of the assigned incident.
  - 11. The method according to claim 10, wherein the server determines the virtual desktop based upon a service area of the device associated with the incident.
  - 12. The method according to claim 9, further comprising storing, by the server, into the memory a new incident record comprising a new assignment transmitted by the computer associated with the administrator.
  - 13. The method according to claim 1, further comprising receiving, by the server, from a proxy server the first set of login credentials transmitted by the thin client, wherein the proxy server intermediates each communication of the server.
  - 14. The method according to claim 1, wherein verifying the first set of login credentials further comprises:
    - transmitting, by the server, the first set of login credentials to an authentication server configured to authenticate the first set of login credentials.
  - 15. The method according to claim 14, further comprising transmitting,by the server, a notification to the computer associated with the administrator notifying the administrator that the support person is awaiting an assignment of an incident.
  - 16. The method according to claim 1, automatically prohibiting, by the server, the remote desktop client of the thin client from connecting to the virtual desktop in response to the server detecting a second thin client connected to the virtual desktop.
  - 17. The method according to claim 1, further comprising providing, by the first server, to a display of the thin client a navigation mechanism directing the remote desktop client to connect to the virtual desktop upon actuation of the navigation mechanism.

18. An access-controlled system comprising:
- a thin client computing device operated by a support person and configured to execute a remote desktop client connecting the thin client to a virtual desktop;
  
  one or more workstations hosting one or more virtual desktops, wherein each virtual desktop stores a launch routine configured to execute a remote access application;
  
  an administrator terminal creating an assignment of an incident for the support person and approving access to the virtual desktop for the thin client operated by the support person; and
  
  a server comprising a processor and a non-transitory machine-readable storage medium storing one or more machine-readable instructions instructing the processor to;
  
  connect the remote desktop client to the virtual desktop identified by the assignment;
  
  obtain a second set of credentials accessing a device associated with the incident, according to the second set of credentials indicated from the administrator terminal;
  
  trigger the launch routine on the virtual desktop to execute the remote access application connecting the virtual desktop to the device associated with the incident using the second set of credentials; and
  
  open a remote session between the remote access application of the virtual desktop and the device associated with the incident.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The system according to claim 18, wherein the server automatically directs the virtual desktop to execute the launch routine upon receiving approval from the administrator terminal to access the device associated with the incident.
  - 20. The system according to claim 18, wherein the launch routine is initiated manually by the support person using the virtual desktop via the connection with the thin client.
  - 21. The system according to claim 18, wherein the server receives the second set of credentials from the administrator terminal.
  - 22. The system according to claim 18, wherein the server automatically identifies the second set of credentials stored in the database storing one or more sets of credentials based on the device associated with the incident, and wherein the server automatically fetches the second set of credentials from the administrator terminal.
  - 23. The system according to claim 18, wherein a database automatically provides the second set of credentials to the virtual desktop responsive to the server triggering the launch routine.
  - 24. The system according to claim 18, wherein the server automatically passes the second set of credentials to the remote access application upon triggering the launch routine.
  - 25. The system according to claim 18, wherein the server automatically accesses the device associated with the incident using the second set of credentials on behalf of the remote access application of the launch routine.
  - 26. The system according to claim 18, wherein the virtual desktop comprises a plurality of remote access applications, andwherein the virtual desktop automatically determines which of the plurality of remote access applications to execute based upon the device associated with the incident.
  - 27. The system according to claim 18, further comprising a non-transitory incident queue memory storing one or more incident records received from the administrator terminal, the administrator terminal assigning one or more incidents to resolve to one or more support persons,wherein the server connects the thin client to the virtual desktop according to an incident record comprising an assignment for the support person to resolve the incident and identifying the virtual desktop in the one or more virtual desktops.
  - 28. The system according to claim 27, wherein the incident record further identifies a type of record for the incident, and wherein the server automatically determines which virtual desktop in the one or more virtual desktops based on the type of incident of the incident.
  - 29. The system according to claim 27, further comprising one or more network devices comprising one or more service area attributes associated with a subset of the one or more virtual desktops configured to address a service area affected by the incident,wherein the one or more network devices are logically and physically isolated from the server and the thin client, wherein the device associated with the incident is in the one or more network devices, andwherein the server identifies the virtual desktop to connect to the thin client from the subset of the one or more virtual desktops addressing the service area of the device associated with the incident.
  - 30. The system according to claim 18, further comprising a proxy server logically interposed between the server and each of the thin client, the administrator terminal, and the workstation hosting the virtual desktop, wherein the proxy server intermediates communications with the server.
  - 31. The system according to claim 18, further comprising an authentication server authenticating one or more credentials associated with one or more support persons, wherein the server verifies the first set of login credentials by transmitting the first set of login credentials to the authentication server.
  - 32. The system according to claim 18, wherein the server automatically prohibits the remote desktop client of the thin client from connecting to the virtual desktop upon detecting a second remote desktop client of a second thin client being connected to the virtual desktop.
  - 33. The system according to claim 18, wherein the server provides a navigation mechanism to an interface of the thin client causing the remote desktop client to connect to the virtual desktop upon actuation of the navigation mechanism.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Wilkinson, Christopher Thomas, Francovich, Edward Allen, Scott, Jeremy Ryan, Sternitzke, Steven Dale
Primary Examiner(s)
Abrishamkar, Kaveh
Assistant Examiner(s)
Ho, Thomas

Application Number

US14/257,560
Time in Patent Office

498 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 11/0748   in a remote unit communicat...

G06F 9/465   Distributed object oriented...

G06Q 10/103   Workflow collaboration or p...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 67/025   for remote control or remot...

H04L 67/08   specially adapted for termi...

H04L 67/1085   involving dynamic managemen...

H04L 67/141   Setup of application sessio...

H04L 67/59   Providing operational suppo...

Access control center auto launch

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Access control center auto launch

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links