Method and apparatus for providing authorized remote access to application sessions
First Claim
Patent Images
1. A method of providing authorized remote access to an application session, comprising:
- requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between a first device and a session server;
transmitting, by a policy engine, to the first client node, a collection agent;
gathering, by the collection agent, information about the first client node responsive to requesting access to the resource via the first communications channel;
making, by the policy engine, an access control decision based on the information about the first client node for access to the resource via the first communications channel;
identifying, by the policy engine, the application session in response to the information;
requesting, by a second client node, a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server;
determining, by the session server, an active connection of the application session to the first client node; and
in response to both the connection request by the second client node to connect to the application session and determining the active connection;
disconnecting, by the session server, the application session from the first client node;
continuing, by the session server, the application session;
establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and
restricting, by the session server and during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing authorized remote access to one or more application sessions includes a client node, a collection agent, a policy engine, and a session server. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information, and makes an access control decision based on the received information. The session server establishes a connection between a client computer operated by the user and the one or more application sessions associated with the user of the client node identified in response to the received information.
-
Citations
18 Claims
-
1. A method of providing authorized remote access to an application session, comprising:
-
requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between a first device and a session server; transmitting, by a policy engine, to the first client node, a collection agent; gathering, by the collection agent, information about the first client node responsive to requesting access to the resource via the first communications channel; making, by the policy engine, an access control decision based on the information about the first client node for access to the resource via the first communications channel; identifying, by the policy engine, the application session in response to the information; requesting, by a second client node, a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server; determining, by the session server, an active connection of the application session to the first client node; and in response to both the connection request by the second client node to connect to the application session and determining the active connection; disconnecting, by the session server, the application session from the first client node; continuing, by the session server, the application session; establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and restricting, by the session server and during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16)
-
-
8. A system to provide authorized remote access to an application session, comprising:
-
a first client node that requests access to a resource via a first communications channel, the first communications channel between a first device and a session server; a collection agent that gathers information about the first client node, responsive to access to the resource via the first communications channel; a policy engine configured to; transmit, to the first client node, the collection agent; make an access control decision based on the received information about the first client node for access to the resource via the first communications channel; identify the application session in response to the received information; a second client node configured to request a connection between the second client node and the application session via a second communications channel, the second communications channel between a second device and the session server; and the session server configured to; determine an active connection of the application session to the first client node; and in response to both the connection request by the second client node to connect to the application session and determining the active connection; disconnect the application session from the first client node; continue the application session; establish a connection between the second client node and the application session via the second communications channel; and restrict, during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session. - View Dependent Claims (9, 10, 11, 12, 13, 17, 18)
-
-
14. A method of providing authorized remote access to an application session, comprising:
-
requesting, by a first client node, access to a resource via a first communications channel, the first communications channel between the first client node and a session server; establishing, by the session server, an application session in response to the request for access to the resource, providing, by the session server, the resource to the first client node via the first communications channel in a format selected based on characteristics of the first client node; requesting, by a second client node, a connection between the second client node computer and the application session via a second communications channel, the second communications channel between a second device and the session server; determining, by the session server, an active connection of the application session to the first client node; in response to both the connection request by the second client node to connect to the application session and determining the active connection; disconnecting, by the session server, the application session from the first client node; continuing, by the session server, the application session; establishing, by the session server, a connection between the second client node and the application session via the second communications channel; and restricting, during the connection of the second client node and the application session, a re-connection between the first client node and the application session to prevent the first client node from connecting to the application session.
-
Specification