Restricting device access per session

US 20070233869A1
Filed: 03/31/2006
Published: 10/04/2007
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for tagging a device to indicate the device corresponds to a specified session, the method comprising:

an act of receiving a session establishment request from computing components coupled to the computer system, session establishment request requesting establishment of a session to access a portion of the shared resources;

an act of establishing a session between the computer system and the computing components to allow the computing components to access the portion of shared resources;

an act of assigning a session identifier to the established session the session identifier differentiating the established session from other sessions of the computer system;

an act of receiving a device registration request to register a device for use with the established session;

an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request;

an act of creating a device entry for the device, the device entry configured to store values for properties of the device;

an act of setting the value of a session identifier property in the device entry to the session identifier for the established session such that the subsequent transfer of device related information for the device can be restricted to processes in the established session; and

an act of storing the device entry in a device list accessible to a module that performs access checks to determine appropriate responses to requests for device related information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to restricting device access per session. Entries in a device list are configured to store session ID values in addition to values for other device properties. A session ID value for a device can be set to the session ID value of a (e.g., RDP) session that registered the device such that the subsequent transfer of device related information for the device can be restricted to processes in the session. When a request for device related information is received from a process, an access check is performed by at least comparing a session ID value for the process to a session ID value stored in a device entry for the device. When the access check is successful, for example, when session ID values match, access to the requested device related information can be permitted.

52 Citations

View as Search Results

20 Claims

1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for tagging a device to indicate the device corresponds to a specified session, the method comprising:
- an act of receiving a session establishment request from computing components coupled to the computer system, session establishment request requesting establishment of a session to access a portion of the shared resources;
  
  an act of establishing a session between the computer system and the computing components to allow the computing components to access the portion of shared resources;
  
  an act of assigning a session identifier to the established session the session identifier differentiating the established session from other sessions of the computer system;
  
  an act of receiving a device registration request to register a device for use with the established session;
  
  an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request;
  
  an act of creating a device entry for the device, the device entry configured to store values for properties of the device;
  
  an act of setting the value of a session identifier property in the device entry to the session identifier for the established session such that the subsequent transfer of device related information for the device can be restricted to processes in the established session; and
  
  an act of storing the device entry in a device list accessible to a module that performs access checks to determine appropriate responses to requests for device related information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as recited in claim 1, wherein the act of receiving a session establishment request from computing components coupled to the computer system comprises an act of a terminal server receiving request to establish an RDP session form a client.
  - 3. The method as recited in claim 1, wherein the act of receiving a session establishment request from computing components coupled to the computer system comprises an act of operating system modules at the computer system receiving a request from a process at the computer system to establish a session within the computer system.
  - 4. The method as recited in claim 1, wherein the act of establishing a session between the computer system and the computing components comprises an act of establishing an RDP session between a terminal server and client.
  - 5. The method as recited in claim 1, wherein in the act of assigning a session identifier to the established session comprises an act of assigning an RDP session identifier to an RDP session during establishment of the RDP session.
  - 6. The method as recited in claim 1, wherein the act of receiving a device registration request to register a device comprises an act of a terminal server receiving a request from a client to redirect a device from the client to the terminal server.
  - 7. The method as recited in claim 1, wherein the act of receiving a device registration request to register a device comprises an act of detecting that a device is coupled to a port allocated to the session.
  - 8. The method as recited in claim 1, wherein the act of accessing appropriate software to permit the computer system to interface with the device comprises an act of loading a device driver.
  - 9. The method as recited in claim 1, wherein the act of accessing appropriate software to permit the computer system to interface with the device comprises an act of Plug and Play mechanisms at least partially automating the accessing of the appropriate software.
  - 10. The method as recited in claim 1, wherein the act of creating a device entry for the device comprises an act of creating a device node for inclusion in a hierarchical device tree.
  - 11. The method as recited in claim 1, wherein the act of setting the value of a session identifier property in the device entry comprises an act of assigning the value of the session identifier property to the session ID value of an established RDP session.
  - 12. The method as recited in claim 1, wherein the act of storing the device entry in a device list comprises an act of storing a device node in a hierarchical device tree.

13. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for restricting device access to a specified session, the method comprising:
- an act of receiving a request for device related information for a device, the request received from a requesting process in a requesting session, the requesting session having a corresponding requesting session identifier;
  
  an act of accessing a device session identifier for the device from a device list that lists devices connected to the computer system, the device session identifier being the session identifier of the session that the device is bound to;
  
  an act of performing an access check to determine if the requesting process is permitted to access the device related information for the device by at least comparing the requesting session identifier to the device session identifier; and
  
  an act of formulating an appropriate response to the requesting process based on the results of the access check.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method as recited in claim 13, wherein the act of receiving a request for device related information for a device comprises an act of receiving one of a device enumeration request, a request to register for device event notifications, and detected event.
  - 15. The method as recited in claim 13, wherein the act of accessing a device session identifier for the device from a device list comprises an act of accessing an RDP session identifier from a device node in a hierarchical device tree.
  - 16. The method as recited in claim 13, wherein the act of performing an access check to determine if the requesting process is permitted to access the device related information comprises an act of comparing a session ID for the session that registered the device to the session ID for the session corresponding to the requesting process.
  - 17. The method as recited in claim 16, wherein the act of comparing a session ID for the session that registered the device to the session ID for the session corresponding to the requesting process comprises an act of comparing an RDP session ID for the session that registered the device to an RDP session ID corresponding to the requesting process.
  - 18. The method as recited in claim 13, wherein an act of formulating an appropriate response to the requesting process comprises an act of including the requested related device information in the response when the requesting process and the device are in the same session.
  - 19. The method as recited in claim 13, wherein an act of formulating an appropriate response to the requesting process comprises an act of preventing the requested related device information from being included in the response when the requesting process and the device are in different sessions.

20. A computer system, the computer system comprising:
- one or more processors;
  
  system memory; and
  
  one or more computer readable media have stored thereon computer-executable instructions representing a property assignment module and a session filter, the property assignment module configured to;
  
  create device entries for devices, each device entry configured to store values for properties of a corresponding device;
  
  set a value for a device session identifier property in the device entry to the session identifier value of a session that registered a device such that the subsequent transfer of device related information for the device can be restricted to processes in the registering session; and
  
  store the device entry in a device list accessible to the session filter. the session filter configured to;
  
  receive requests for device related information from processes in sessions the computer system participates in, each request associated with a requesting session identifier;
  
  access device session identifiers for devices from the device list;
  
  performing access checks to determine if requesting processes are permitted to access requested device related information by at least comparing requesting session identifiers to device session identifiers; and
  
  formulate appropriate responses to requesting processes based on the results of the access check.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sampath, Sriram, Bernardi, Ara, Ganapathy, Narayanan, Jodh, Santosh, Cavalaris, James

Granted Patent

US 7,600,024 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/226
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 67/08 specially adapted for termi...

Restricting device access per session

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting device access per session

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links