Client side redirection with pluggable authentication and authorization

US 9,900,182 B2
Filed: 06/17/2015
Issued: 02/20/2018
Est. Priority Date: 02/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by an operating system (OS) of a first computing device;

receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;

creating an RDP virtual channel over the first RDP connection;

permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel;

qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and

if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;

an instruction for the RDP client device to be re-directed from the first computing device to the second computing device;

an instruction for the RDP client device to close the first RDP connection; and

one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of client side redirection with pluggable authentication and authorization is disclosed. In a particular embodiment, an operating system of a first computing device receives a request to cause remote desktop protocol (RDP) client device to connect to a second computing device. The client is coupled to the first computing device via a first RDP connection. The first computing device may use information associated with the first RDP connection to qualify the client to connect to the second computing device. If qualified, first computing device may send a redirect instruction to the client that redirects the client from the first computing device to the second computing device. The first computing device may send credentials to the client for use in establishing a second RDP connection to the second computing device. The redirect instruction and credentials may be sent via a virtual channel of the first RDP connection.

49 Citations

View as Search Results

13 Claims

1. A method comprising:
- by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  creating an RDP virtual channel over the first RDP connection;
  
  permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device;
  
  an instruction for the RDP client device to close the first RDP connection; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein qualifying the RDP client device comprises allowing the RDP client device to access an RDP server for a pre-determined period of time.
  - 3. The method of claim 1, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 4. The method of claim 1, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.
  - 5. The method of claim 1, wherein the second RDP connection comprises a third computing device.
  - 6. The method of claim 5, wherein the credentials being sent to the RDP client device allow the RDP client device to access the third computing device.

7. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
- by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  creating an RDP virtual channel over the first RDP connection;
  
  permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device;
  
  an instruction for the RDP client device to close the first RDP connection; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.
- View Dependent Claims (8, 9, 10)
- - 8. The media of claim 7, wherein the virtual channel of the first RDP connection is encrypted.
  - 9. The media of claim 7, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 10. The media of claim 7, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.

11. An information handling system comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to;
  
  by an operating system (OS) of a first computing device;
  
  receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
  
  creating an RDP virtual channel over the first RDP connection;
  
  permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel;
  
  qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and
  
  if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
  
  an instruction for the RDP client device to be re-directed from the first computing device to the second computing device;
  
  an instruction for the RDP client device to close the first RDP connection; and
  
  one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, and wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.
- View Dependent Claims (12, 13)
- - 12. The information handling system of claim 11, wherein establishing the second RDP connection between the RDP client device and the second computing device does not involve a user of the RDP client device.
  - 13. The information handling system of claim 11, wherein the credentials being sent to the RDP client device allow the RDP client device to access the gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Fausak, Andrew T., Rombakh, Oleg
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/742,148
Publication Number

US 20160234216A1
Time in Patent Office

979 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4679   Arrangements for the regist...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/025   for remote control or remot...

H04L 67/08   specially adapted for termi...

H04L 67/1001   for accessing one among a p...

H04L 67/131   Protocols for games, networ...

H04L 67/141   Setup of application sessio...

H04L 67/142   Managing session states for...

H04L 67/148   Migration or transfer of se...

H04L 67/563   Data redirection of data ne...

H04L 69/04   Protocols for data compress...

H04L 69/14   Multichannel or multilink p...

H04L 9/3213   using tickets or tokens, e....

Y02D 30/50   in wire-line communication ...

Client side redirection with pluggable authentication and authorization

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Client side redirection with pluggable authentication and authorization

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links