System and method for secure remote access

US 9,137,224 B2
Filed: 03/31/2014
Issued: 09/15/2015
Est. Priority Date: 02/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method for remote secure access of a user to a service on a server computer, the method comprising:

(a) at a client device, obtaining, from the server computer or a third party server computer, an authorization software and an input information to the authorization software;

(b) separating authentication and authorization processes, comprising excluding service access privileges from the authenticating process and transferring the privileges to the authorization process, comprising;

(i) authenticating at least one of;

a user;

or the user and the client device, comprising;

verifying identity thereof, without providing the access of the user to the service;

(ii) upon successful authenticating, authorizing access of the user to the service, comprising;

(ii-1) establishing an authorization connection between the client device and the server computer;

(ii-2) at the server computer, detecting the authorization connection, and creating a blocking process to block access of the user to the service on the server computer;

(ii-3) executing the authorization software on the client device and the server computer or the third party server computer with the input information obtained in the step (a); and

(ii-4) provided an output from the authorization software on the client device and the server computer or the third party server computer is the same, terminating the blocking process on the server computer, thereby allowing the access of the user to the service on the service computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

43 Citations

View as Search Results

22 Claims

1. A method for remote secure access of a user to a service on a server computer, the method comprising:
- (a) at a client device, obtaining, from the server computer or a third party server computer, an authorization software and an input information to the authorization software;
  
  (b) separating authentication and authorization processes, comprising excluding service access privileges from the authenticating process and transferring the privileges to the authorization process, comprising;
  
  (i) authenticating at least one of;
  
  a user;
  
  or the user and the client device, comprising;
  
  verifying identity thereof, without providing the access of the user to the service;
  
  (ii) upon successful authenticating, authorizing access of the user to the service, comprising;
  
  (ii-1) establishing an authorization connection between the client device and the server computer;
  
  (ii-2) at the server computer, detecting the authorization connection, and creating a blocking process to block access of the user to the service on the server computer;
  
  (ii-3) executing the authorization software on the client device and the server computer or the third party server computer with the input information obtained in the step (a); and
  
  (ii-4) provided an output from the authorization software on the client device and the server computer or the third party server computer is the same, terminating the blocking process on the server computer, thereby allowing the access of the user to the service on the service computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 18)
- - 2. The method of claim 1, wherein the authorization software is configured to perform a One-Time-Authorization (OTA).
  - 3. The method of claim 2, wherein the OTA is performed using a one-way function.
  - 4. The method of claim 2, wherein the OTA is performed using a dynamic connection information for the authorization connection as the input information.
  - 5. The method of claim 1, wherein the establishing the authorization connection comprises establishing a remote desktop connection.
  - 6. The method of claim 1, wherein the creating the blocking process further comprises creating a blocking window on a desktop of the server computer.
  - 7. The method of claim 6, wherein the creating the blocking window further comprises creating a modal dialog window.
  - 8. The method of claim 1, further comprising:
    - providing a quick response (QR) code including a dynamic connection information for the authorization connection in a blocking window on the server computer; and
      
      at the client device, obtaining the dynamic connection information from the QR code.
  - 9. The method of claim 1, further comprising one or more of the following:
    - sharing the output from the authorization software on the client device and the server computer or the third party server computer via a shared clipboard;
      
      orsending the output from the authorization software on the client device to the server computer or the third party server computer via a secure channel;
      
      orcopying the output from the authorization software on the client device to a clipboard, and pasting said output into a secure shell executing the blocking process.
  - 10. The method of claim 1, further comprising:
    - using the service; and
      
      closing the authorization connection on the server computer.
  - 11. The method of claim 10, wherein the using the service further comprises:
    - automatically signing into the service in a remote desktop window on the client device using user account credentials; and
      
      the user signing out of the service in the remote desktop window on the client device.
  - 18. The system of claim 6, wherein the blocking window comprises a modal dialog window.

12. A system for remote secure access of a user to a service on a server computer, the system comprising:
- a client device having a processor;
  
  a server computer; and
  
  computer readable instructions stored in a memory of the client device and the server computer, causing;
  
  (a) the client device to obtain, from the server computer or a third party server computer, an authorization software and an input information to the authorization software;
  
  (b) the server computer and the client device to separate authentication and authorization processes, comprising excluding service access privileges from the authenticating process and transferring the privileges to the authorization process, comprising;
  
  (i) authenticating at least one of;
  
  a user;
  
  or the user and the client device, comprising;
  
  verifying identity thereof, without providing the access of the user to the service;
  
  (ii) upon successful authenticating, authorizing access of the user to the service, comprising;
  
  (ii-1) establishing an authorization connection between the client device and the server computer;
  
  (ii-2) at the server computer, detecting the authorization connection, and creating a blocking process to block access of the user to the service on the server computer;
  
  (ii-3) executing the authorization software on the client device and the server computer or the third party server computer with the input information obtained in the step (a); and
  
  (ii-4) provided an output from the authorization software on the client device and the server computer or the third party server computer is the same, terminating the blocking process on the server computer, thereby allowing the access of the user to the service on the service computer.
- View Dependent Claims (13, 14, 15, 16, 17, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the authorization software is configured to perform a One-Time-Authorization (OTA).
  - 14. The system of claim 13, wherein the OTA is performed using a one-way function.
  - 15. The system of claim 13, wherein the OTA is performed using a dynamic connection information for the authorization connection as the input information.
  - 16. The system of claim 12, wherein the the authorization connection comprises a remote desktop connection.
  - 17. The system of claim 12, wherein the blocking process comprises a blocking window on a desktop of the server computer.
  - 19. The system of claim 12, wherein the computer readable instructions further cause the server computer to form a quick response (QR) code including a dynamic connection information for the authorization connection in a blocking window on the server computer, and the client device to obtain the dynamic connection information from the QR code.
  - 20. The system of claim 12, wherein the computer readable instructions further cause the server computer and the client device to perform one or more of the following:
    - to share the output from the authorization software on the client device and the server computer or the third party server computer via a shared clipboard;
      
      orto send the output from the authorization software on the client device to the server computer or the third party server computer via a secure channel;
      
      orto copy the output from the authorization software on the client device to a clipboard, and to paste said output into a secure shell executing the blocking process.
  - 21. The system of claim 12, wherein the computer readable instructions further cause the server computer to close the authorization connection upon the user using the service.
  - 22. The system of claim 12, wherein the computer readable instructions further cause the client device to automatically sign into the service in a remote desktop window using user account credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
inBay Technologies, Inc.
Original Assignee
inBay Technologies, Inc.
Inventors
Kuang, Randy, Xavier, Stanislus Kisito, Steklasa, Robert Frank, Wilson, Stephen George, Zhu, He
Primary Examiner(s)
Mehedi, Morshed

Application Number

US14/231,545
Publication Number

US 20140237555A1
Time in Patent Office

533 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/168   above the transport layer

H04W 12/77   Graphical identity

System and method for secure remote access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure remote access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links