Systems and methods of managing access to remote resources

US 9,888,015 B2
Filed: 04/25/2017
Issued: 02/06/2018
Est. Priority Date: 01/16/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing access to a plurality of resources available remotely from at least one computing device, the method comprising:

storing, in a memory in electronic communication with the at least one computing device, a plurality of access level indicators for indicating a plurality of different types of access, wherein each access level indicator in the plurality of access level indicators indicates a different type of access in the plurality of different types of access, each different type of access is a type of access to at least one resource in the plurality of resources;

storing in the memory a plurality of identifiers for identifying different users having access to the at least one computing device and possible access to the plurality of resources;

for each resource in the plurality of resources, storing in the memory a resource access level indicator for that resource, wherein the resource access level indicator is selected from the plurality of access level indicators;

for each identifier in the plurality of identifiers, storing in the memory a user access level indicator for that identifier, wherein the user access level indicator is selected from the plurality of access level indicators;

before granting access to a resource in the plurality of resources for a user seeking access to the resource using a computing device in the at least one computing device, operating at least one processor, the at least one processor being in electronic communication with the computing device, executing a sequence of access approval steps, the sequence of access approval steps comprising;

determining an identifier identifying the user seeking access to the resource;

determining the user access level indicator stored in the memory for the identifier and the resource access level indicator for the resource, the resource access level indicator being determinable from memory without using the identifier, and the user access level indicator being determinable from memory without identifying the resource being accessed;

determining if the user access level indicator determined for the identifier is consistent with the resource access level indicator determined for the resource; and

granting access to the resource for operating the resource if the sequence of access approval steps are successfully completed, otherwise, denying access to the resource, wherein the sequence of access approval steps is not successfully completed when the user access level indicator determined for the identifier is inconsistent with the resource access level indicator determined for the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for managing access to resources available remotely from at least one computing device. The resources include at least one software application and at least one hardware component. The method and system involve storing access level indicators for indicating different types of access; storing identifiers for identifying different users with access to the at least one computing device and possible access to the resources; for each resource and each identifier, storing an access level indicator for that resource and that user; and before granting access to a resource for a user seeking access to the resource, operating a processor to: determine an identifier identifying the user; determine the access level indicator stored in the storage module for the identifier and the resource; and if access is consistent with the determined access level indicator, grant access to the resource, otherwise, deny access to the resource.

35 Citations

20 Claims

1. A method of managing access to a plurality of resources available remotely from at least one computing device, the method comprising:
- storing, in a memory in electronic communication with the at least one computing device, a plurality of access level indicators for indicating a plurality of different types of access, wherein each access level indicator in the plurality of access level indicators indicates a different type of access in the plurality of different types of access, each different type of access is a type of access to at least one resource in the plurality of resources;
  
  storing in the memory a plurality of identifiers for identifying different users having access to the at least one computing device and possible access to the plurality of resources;
  
  for each resource in the plurality of resources, storing in the memory a resource access level indicator for that resource, wherein the resource access level indicator is selected from the plurality of access level indicators;
  
  for each identifier in the plurality of identifiers, storing in the memory a user access level indicator for that identifier, wherein the user access level indicator is selected from the plurality of access level indicators;
  
  before granting access to a resource in the plurality of resources for a user seeking access to the resource using a computing device in the at least one computing device, operating at least one processor, the at least one processor being in electronic communication with the computing device, executing a sequence of access approval steps, the sequence of access approval steps comprising;
  
  determining an identifier identifying the user seeking access to the resource;
  
  determining the user access level indicator stored in the memory for the identifier and the resource access level indicator for the resource, the resource access level indicator being determinable from memory without using the identifier, and the user access level indicator being determinable from memory without identifying the resource being accessed;
  
  determining if the user access level indicator determined for the identifier is consistent with the resource access level indicator determined for the resource; and
  
  granting access to the resource for operating the resource if the sequence of access approval steps are successfully completed, otherwise, denying access to the resource, wherein the sequence of access approval steps is not successfully completed when the user access level indicator determined for the identifier is inconsistent with the resource access level indicator determined for the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as defined in claim 1, wherein the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources,receiving a password from the user;
    - andverifying the password is consistent with a password record for that user;
      
      wherein the sequence of access approval steps is not successfully completed when the password is not received from the user, or when the password received is inconsistent with the password record for that user.
  - 3. The method as defined in claim 1, wherein the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources, determining that the at least one computing device satisfies a proximity condition relative to the resource, wherein the sequence of access approval steps is not successfully completed when the at least one computing device fails to satisfy the proximity condition relative to the resource.
  - 4. The method as defined in claim 1, wherein:
    - the plurality of resources comprises a plurality of computer products available to be provided in an emulation session;
      
      the method further comprises;
      
      receiving a request from the computing device to establish an emulation session of a computer product from the plurality of computer products, the request comprising a requested computer product identifier identifying the computer product being requested; and
      
      operating the at least one processor to determine the resource access level indicator in the memory for the computer product based on the requested computer product identifier.
  - 5. The method as defined in claim 1 wherein:
    - the plurality of identifiers comprises an administrator identifier for identifying an administrator;
      
      the method further comprises;
      
      receiving a request to change the user access level indicator for an identifier and the resource access level indicator for a resource, wherein the request comprises a requestor identifier;
      
      operating the processor to determine if the requestor identifier is the administrator identifier;
      
      if the requestor identifier is the administrator identifier and the sequence of access approval steps are successfully completed, changing the user access level indicator for the identifier and the resource access level indicator for the resource according to the request.
  - 6. The method as defined in claim 5 further comprises:
    - in response to determining the requester identifier is not the administrator identifier, generating a denied access response indicating the request is denied, the denied access response includes at least one of redirecting a display of the computing device to a predetermined user interface and shutting down the computing device.
  - 7. The method as defined in claim 1 wherein:
    - the plurality of identifiers comprises a user identifier for identifying a user, and an administrator identifier for identifying an administrator;
      
      the user access level indicator for the administrator identifier provides an unlimited access to each resource in the plurality of resources if the sequence of access approval steps are successfully completed, the unlimited access provides access to a resource without restrictions; and
      
      the user access level indicator for the user identifier provides a limited access to each resource in the plurality of resources if the sequence of access approval steps are successfully completed, the limited access provides access to a resource with at least one restriction.
  - 8. The method as defined in claim 7, wherein the limited access includes at least one of a time restricted access granting the user access to the resource for a predefined time period if the sequence of access approval steps are successfully completed, an operation restricted access granting the user access to the resource for conducting at least one predefined operation and a user type restricted access granting the user access to the resource as defined for each user type in a plurality of user types.
  - 9. The method as defined in claim 8, wherein the operation restricted access includes at least one of a user interface restriction granting the user access to modify at least a portion of a user interface of the resource if the sequence of access approval steps are successfully completed, a user display restriction granting the user access to modify at least one display setting of the computing device and an output port restriction granting the user access to modify at least one output setting of the computing device.
  - 10. The method as defined in claim 1, wherein:
    - the user access level indicator is associated with a variable access threshold, the variable access threshold being a minimum availability level required at the at least one computing device in order for the at least one computing device to access the resource;
      
      operating the at least one processor to determine the user access level indicator for the identifier comprises;
      
      detecting an availability level of the at least one computing device, the availability level representing an operating capacity of the at least one computing device; and
      
      determining whether the detected availability level satisfies the variable access threshold; and
      
      the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources, (i) determining the user access level indicator is consistent with the resource access level indicator and (ii) determining the detected availability level satisfies the variable access threshold.

11. A system of managing access to a plurality of resources available remotely from at least one computing device, the system comprising:
- a controller in electronic communication with the at least one computing device, the controller comprising a control processor and a control memory having instructions stored thereon for configuring the control processor to;
  
  store in the control memory a plurality of access level indicators for indicating a plurality of different types of access, wherein each access level indicator in the plurality of access level indicators indicates a different type of access in the plurality of different types of access, each different type of access is a type of access to at least one resource in the plurality of resources;
  
  store in the control memory a plurality of identifiers for identifying different users having access to the at least one computing device and possible access to the plurality of resources;
  
  for each resource in the plurality of resources, store in the control memory a resource access level indicator for that resource, wherein the resource access level indicator is selected from the plurality of access level indicators;
  
  for each identifier in the plurality of identifiers, storing in the memory a user access level indicator for that identifier, wherein the user access level indicator is selected from the plurality of access level indicators; and
  
  before granting access to a resource in the plurality of resources for a user seeking access to the resource using a computing device in the at least one computing device, executing a sequence of access approval steps, the sequence of access approval steps comprising;
  
  determining an identifier identifying the user seeking access to the resource;
  
  determining the access level indicator stored in the control storage component for the identifier and the resource, the resource access level indicator being determinable from memory without using the identifier, and the user access level indicator being determinable from memory without identifying the resource being accessed;
  
  determining if the user access level indicator determined for the identifier is consistent with the resource access level indicator determined for the resource; and
  
  granting access to the resource for operating the resource if the sequence of access approval steps successfully completed, otherwise, denying access to the resource, wherein the sequence of access approval steps is not successfully completed when the user access level indicator determined for the identifier is inconsistent with the resource access level indicator determined for the resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system as defined in claim 11, wherein the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources,receiving a password from the user;
    - andverifying the password is consistent with a password record for that user;
      
      wherein the sequence of access approval steps is not successfully completed when the password is not received from the user, or when the password received is inconsistent with the password record for that user.
  - 13. The method as defined in claim 11, wherein the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources, determining that the at least one computing device satisfies a proximity condition relative to the resource, wherein the sequence of access approval steps is not successfully completed when the at least one computing device fails to satisfy the proximity condition relative to the resource.
  - 14. The system as defined in claim 11, wherein:
    - the plurality of resources comprises a plurality of computer products available to be provided in an emulation session;
      
      the control processor is further configured to;
      
      receive a request from the computing device to establish an emulation session of a computer product from the plurality of computer products, the request comprising a requested computer product identifier identifying the computer product being requested; and
      
      operate the at least one processor to determine the resource access level indicator in the memory for the computer product based on the requested computer product identifier.
  - 15. The system as defined in claim 11 wherein:
    - the plurality of identifiers comprises an administrator identifier for identifying an administrator;
      
      the control processor is further configured to;
      
      receive a request to change the user access level indicator for an identifier and the resource access level indicator for a resource, wherein the request comprises a requestor identifier;
      
      operate the processor to determine if the requestor identifier is the administrator identifier;
      
      if the requestor identifier is the administrator identifier and the sequence of access approval steps are successfully completed, change the user access level indicator for the identifier and the resource access level indicator for the resource according to the request.
  - 16. The system as defined in claim 11 wherein:
    - the plurality of identifiers comprises a user identifier for identifying a user, and an administrator identifier for identifying an administratorthe user access level indicator for the administrator identifier provides an unlimited access to each resource in the plurality of resources if the sequence of access approval steps are successfully completed, the unlimited access provides access to a resource without restrictions; and
      
      the user access level indicator for the user identifier provides a limited access to each resource in the plurality of resources if the sequence of access approval steps are successfully completed, the limited access provides access to a resource with at least one restriction.
  - 17. The system as defined in claim 16, wherein the limited access includes at least one of a time restricted access granting the user access to the resource for a predefined time period if the sequence of access approval steps are successfully completed, an operation restricted access granting the user access to the resource for conducting at least one predefined operation and a user type restricted access granting the user access to the resource as defined for each user type in a plurality of user types.
  - 18. The system as defined in claim 17, wherein the operation restricted access includes at least one of a user interface restriction granting the user access to modify at least a portion of a user interface of the resource if the sequence of access approval steps are successfully completed, a user display restriction granting the user access to modify at least one display setting of the computing device and an output port restriction granting the user access to modify at least one output setting of the computing device.
  - 19. The system as defined in claim 15, wherein:
    - the user access level indicator is associated with a variable access threshold, the variable access threshold being a minimum availability level required at the at least one computing device in order for the at least one computing device to access the resource;
      
      the control processor is further configured to;
      
      detect an availability level of the at least one computing device, the availability level representing an operating capacity of the at least one computing device; and
      
      determine whether the detected availability level satisfies the variable access threshold; and
      
      the sequence of access approval steps additionally comprises, for at least some resources in the plurality of resources, (i) determining the user access level indicator is consistent with the resource access level indicator and (ii) determining the detected availability level satisfies the variable access threshold.
  - 20. The system as defined in claim 11, wherein the controller is provided on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sphere 3D, Inc. (Sphere 3D Corporation)
Original Assignee
Sphere 3D, Inc. (Sphere 3D Corporation)
Inventors
Morelli, Jr., Giovanni
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US15/496,455
Publication Number

US 20170230379A1
Time in Patent Office

287 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

Systems and methods of managing access to remote resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of managing access to remote resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links