System and method for managing secure communications for a virtual machine infrastructure
First Claim
1. A method, performed at a network server device disposed between a client device and an application server, the method comprising:
- at a processing circuit in the network server device;
receiving a connection request from the client device to communicate with an application executing at the application server via a secure communications session;
determining an application type for the application executing at the application server based on information included in the connection request;
dynamically generating and allocating a dedicated operating environment for a user agent executing on the client device based on the determined application type, wherein the operating environment is dedicated to the user agent and comprises software and hardware components utilized by the user agent to communicate with the application via the secure communications session;
establishing a first bi-directional communications link between the operating environment and the user agent in a first security domain;
establishing a second bi-directional communications link between the operating environment and the application server in a second security domain;
communicating data between the user agent and the application server via the first and second bi-directional communications links, wherein communicating the data comprises the operating environment translating the data between the first and second security domains; and
deallocating the operating environment responsive to detecting termination of the secure communications session.
1 Assignment
0 Petitions
Accused Products
Abstract
A network server generates and allocates operating environments to trusted user agents executing on a client device. Each operating environment is generated responsive to a request to establish a secure communications session between a trusted user agent and a user-level application executing on a secure application server at a secure site, and comprises the software and/or hardware components that are necessary for maintaining that secure session. The network server monitors the secure communications session and deletes the operating environment upon detecting that the secure communications session has terminated.
-
Citations
20 Claims
-
1. A method, performed at a network server device disposed between a client device and an application server, the method comprising:
at a processing circuit in the network server device; receiving a connection request from the client device to communicate with an application executing at the application server via a secure communications session; determining an application type for the application executing at the application server based on information included in the connection request; dynamically generating and allocating a dedicated operating environment for a user agent executing on the client device based on the determined application type, wherein the operating environment is dedicated to the user agent and comprises software and hardware components utilized by the user agent to communicate with the application via the secure communications session; establishing a first bi-directional communications link between the operating environment and the user agent in a first security domain; establishing a second bi-directional communications link between the operating environment and the application server in a second security domain; communicating data between the user agent and the application server via the first and second bi-directional communications links, wherein communicating the data comprises the operating environment translating the data between the first and second security domains; and deallocating the operating environment responsive to detecting termination of the secure communications session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A network server device disposed between a client device and an application server, the network server device comprising:
-
a communications interface circuit configured to communicate with a user agent installed on the client device and the application server; and a programmable processing circuit communicatively connected to the communications interface circuit and configured to; receive a connection request from the client device to communicate with an application executing at the application server via a secure communications session; determine an application type for the application executing at the application server based on information included in the connection request; dynamically generate and allocate a dedicated operating environment for the user agent based on the determined application type, wherein the operating environment is dedicated for use by the user agent and comprises software and hardware components utilized by the user agent to communicate with the application via the secure communications session; establish a first bi-directional communications link between the operating environment and the user agent in a first security domain; establish a second bi-directional communications link between the operating environment and the application server in a second security domain; communicate data between the user agent and the application server via the first and second bi-directional communications links, wherein communicating the data comprises the operating environment translating the data between the first and second security domains; and deallocate the operating environment responsive to detecting termination of the secure communications session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising:
a non-transitory computer readable storage medium configured to store a control application that, when executed by a processing circuit on a network server device disposed between a client device and an application server, configures the processing circuit to; receive a connection request from the client device to communicate with an application executing at the application server via a secure communications session; determine an application type for the application executing at the application server based on information included in the connection request; dynamically generate and allocate a dedicated operating environment for the user agent based on the determined application type, wherein the operating environment is dedicated for use by the user agent and comprises software and hardware components utilized by the user agent to communicate with the application via the secure communications session; establish a first bi-directional communications link between the operating environment and the user agent in a first security domain; establish a second bi-directional communications link between the operating environment and the application server in a second security domain; communicate data between the user agent and the application server via the first and second bi-directional communications links, wherein to communicate the data, the control application causes the programmable controller to translate the data between the first and second security domains; and deallocate the operating environment responsive to detecting termination of the secure communications session. - View Dependent Claims (18, 19, 20)
Specification