Method and apparatus for providing authorized remote access to application sessions

US 9,401,906 B2
Filed: 12/03/2013
Issued: 07/26/2016
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing authorized remote access to an application session, comprising:

requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between a first device and a session server;

transmitting, by a policy engine, to the first client node, a collection agent;

gathering, by the collection agent, information about the first client node responsive to requesting access to the resource via the first communications channel;

making, by the policy engine, an access control decision based on the information about the first client node for access to the resource via the first communications channel;

identifying, by the policy engine, the application session in response to the information;

requesting, by a second client node, a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server;

determining, by the session server, an active connection of the application session to the first client node; and

in response to both the connection request by the second client node to connect to the application session and determining the active connection;

disconnecting, by the session server, the application session from the first client node;

continuing, by the session server, the application session;

establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and

restricting, by the session server and during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing authorized remote access to one or more application sessions includes a client node, a collection agent, a policy engine, and a session server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information, and makes an access control decision based on the received information. The session server establishes a connection between a client computer operated by the user and the one or more application sessions associated with the user of the client node identified in response to the received information.

Citations

18 Claims

1. A method of providing authorized remote access to an application session, comprising:
- requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between a first device and a session server;
  
  transmitting, by a policy engine, to the first client node, a collection agent;
  
  gathering, by the collection agent, information about the first client node responsive to requesting access to the resource via the first communications channel;
  
  making, by the policy engine, an access control decision based on the information about the first client node for access to the resource via the first communications channel;
  
  identifying, by the policy engine, the application session in response to the information;
  
  requesting, by a second client node, a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server;
  
  determining, by the session server, an active connection of the application session to the first client node; and
  
  in response to both the connection request by the second client node to connect to the application session and determining the active connection;
  
  disconnecting, by the session server, the application session from the first client node;
  
  continuing, by the session server, the application session;
  
  establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and
  
  restricting, by the session server and during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16)
- - 2. The method of claim 1, wherein at least one of the first communications channel and the second communications channel is wireless.
  - 3. The method of claim 1, further comprising determining, by the policy engine, if the information satisfies a condition.
  - 4. The method of claim 3, further comprising making, by the policy engine, an access control decision by applying a policy to the condition.
  - 5. The method of claim 1, further comprising updating, by the session server, at least one data record associated with the application session to indicate that the application session is disconnected.
  - 6. The method of claim 1, further comprising one or more applications sessions, wherein a first one of the one or more application sessions is executing on a first server and a second one of the one or more application sessions is running on a second server.
  - 7. The method of claim 1, wherein the first client node is a mobile device.
  - 15. The method of claim 1, further comprising receiving, by the session server, information from the second client node related to a termination.
  - 16. The method of claim 15, further comprising terminating, by the session server, the application session based on the information related to the termination.

8. A system to provide authorized remote access to an application session, comprising:
- a first client node that requests access to a resource via a first communications channel, the first communications channel between a first device and a session server;
  
  a collection agent that gathers information about the first client node, responsive to access to the resource via the first communications channel;
  
  a policy engine configured to;
  
  transmit, to the first client node, the collection agent;
  
  make an access control decision based on the received information about the first client node for access to the resource via the first communications channel;
  
  identify the application session in response to the received information;
  
  a second client node configured to request a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server; and
  
  the session server configured to;
  
  determine an active connection of the application session to the first client node; and
  
  in response to both the connection request by the second client node to connect to the application session and determining the active connection;
  
  disconnect the application session from the first client node;
  
  continue the application session;
  
  establish a connection between the second client node and the application session via the second communications channel; and
  
  restrict, during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.
- View Dependent Claims (9, 10, 11, 12, 13, 17, 18)
- - 9. The system of claim 8, wherein at least one of the first communications channel and the second communications channel is wireless.
  - 10. The system of claim 8, wherein the policy engine is configured to determine if the information satisfies a condition.
  - 11. The system of claim 10, wherein the policy engine is configured to make an access control decision by applying a policy to the condition.
  - 12. The system of claim 8, wherein the session server is configured to update at least one data record associated with the application session to indicate that the application session is disconnected.
  - 13. The system of claim 8, further comprising one or more applications sessions, wherein a first one of the one or more application sessions executes on a first server and a second one of the one or more application sessions runs on a second server.
  - 17. The system of claim 8, comprising the session server configured to receive information from the second client node related to a termination.
  - 18. The system of claim 17, wherein the session server further configured to terminate the application session based on the information related to the termination.

14. A method of providing authorized remote access to an application session, comprising:
- requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between the first client node and a session server;
  
  establishing, by the session server, an application session in response to the request for access to the resource, providing, by the session server, the resource to the first client node via the first communications channel in a format selected based on characteristics of the first client node;
  
  requesting, by a second client node, a connection between the second client node computer and the application session via a second communications channel, the second communications channel between a second device and the session server;
  
  determining, by the session server, an active connection of the application session to the first client node;
  
  in response to both the connection request by the second client node to connect to the application session and determining the active connection;
  
  disconnecting, by the session server, the application session from the first client node;
  
  continuing, by the session server, the application session;
  
  establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and
  
  restricting, during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Braddy, Ricky Gene, Simmons, Timothy Ernest, Stone, David Sean
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US14/095,418
Publication Number

US 20140096185A1
Time in Patent Office

966 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Method and apparatus for providing authorized remote access to application sessions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing authorized remote access to application sessions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links