Centralized pluggable authentication and authorization

US 9,935,789 B2
Filed: 06/17/2015
Issued: 04/03/2018
Est. Priority Date: 02/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by a first computing device of an infrastructure:

receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity;

determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and

assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises;

nullifying the first ticket previously assigned by the first computing device; and

sending the second ticket to the second computing device.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, a first computing device may receive a request from a second computing device to access a first entity of an infrastructure, the second computing device being coupled to the first computing device, then determining an eligibility of the second computing device to access as least the first entity of the infrastructure, and if the second computing device is determined to be eligible to access the first entity, then assigning a second ticket to the second computing device responsive to the received request.

Citations

13 Claims

1. A method comprising, by a first computing device of an infrastructure:
- receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity;
  
  determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and
  
  assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises;
  
  nullifying the first ticket previously assigned by the first computing device; and
  
  sending the second ticket to the second computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein an entity comprises one or more of a computing device, a data, or software.
  - 3. The method of claim 1, wherein the infrastructure comprises an enterprise infrastructure.
  - 4. The method of claim 1, wherein the assigned second ticket comprises one or more keys for the second computing device to access at least the first entity of the infrastructure, the first entity being associated with the pre-determined entities of the infrastructure.
  - 5. The method of claim 1, wherein determining the eligibility of the second computing device to access at least the first entity of the infrastructure comprises determining an eligibility of a user of the second computing device to access at least the first entity of the infrastructure.
  - 6. The method of claim 1, wherein the second entity comprises a remote desktop gateway of the infrastructure.
  - 7. The method of claim 1, wherein the access to the first entity comprises a modification to the first entity.

8. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
- by a first computing device of an infrastructure;
  
  receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity;
  
  determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and
  
  assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure through the gateway, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises;
  
  nullifying the first ticket previously assigned by the first computing device; and
  
  sending the second ticket to the second computing device.
- View Dependent Claims (9, 10)
- - 9. The media of claim 8, wherein the assigned second ticket comprises one or more keys for the second computing device to access at least the first entity of the infrastructure, the first entity being associated with the pre-determined entities of the infrastructure.
  - 10. The media of claim 8, wherein the second entity comprises a remote desktop gateway of the infrastructure.

11. An information handling system comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to;
  
  by a first computing device of an infrastructure;
  
  receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity;
  
  determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and
  
  assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises;
  
  nullifying the first ticket previously assigned by the first computing device; and
  
  sending the second ticket to the second computing device.
- View Dependent Claims (12, 13)
- - 12. The information handling system of claim 11, wherein the assigned second ticket comprises one or more keys for the second computing device to access at least the first entity of the infrastructure, the first entity being associated with the pre-determined entities of the infrastructure.
  - 13. The information handling system of claim 11, wherein the second entity comprises a remote desktop gateway of the infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Fausak, Andrew T., Rombakh, Oleg
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/742,239
Publication Number

US 20160234196A1
Time in Patent Office

1,021 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4679   Arrangements for the regist...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/025   for remote control or remot...

H04L 67/08   specially adapted for termi...

H04L 67/1001   for accessing one among a p...

H04L 67/131   Protocols for games, networ...

H04L 67/141   Setup of application sessio...

H04L 67/142   Managing session states for...

H04L 67/148   Migration or transfer of se...

H04L 67/563   Data redirection of data ne...

H04L 69/04   Protocols for data compress...

H04L 69/14   Multichannel or multilink p...

H04L 9/3213   using tickets or tokens, e....

Y02D 30/50   in wire-line communication ...

Centralized pluggable authentication and authorization

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized pluggable authentication and authorization

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links