Restricting device access per session
First Claim
1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for tagging a device to indicate the device corresponds to a specified session, the method comprising:
- an act of receiving a session establishment request from computing components coupled to the computer system, session establishment request requesting establishment of a session to access a portion of the shared resources;
an act of establishing a session between the computer system and the computing components to allow the computing components to access the portion of shared resources;
an act of assigning a session identifier to the established session the session identifier differentiating the established session from other sessions of the computer system;
an act of receiving a device registration request to register a device for use with the established session;
an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request;
an act of creating a device entry for the device, the device entry configured to store values for properties of the device;
an act of setting the value of a session identifier property in the device entry to the session identifier for the established session such that the subsequent transfer of device related information for the device can be restricted to processes in the established session; and
an act of storing the device entry in a device list accessible to a module that performs access checks to determine appropriate responses to requests for device related information.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to restricting device access per session. Entries in a device list are configured to store session ID values in addition to values for other device properties. A session ID value for a device can be set to the session ID value of a (e.g., RDP) session that registered the device such that the subsequent transfer of device related information for the device can be restricted to processes in the session. When a request for device related information is received from a process, an access check is performed by at least comparing a session ID value for the process to a session ID value stored in a device entry for the device. When the access check is successful, for example, when session ID values match, access to the requested device related information can be permitted.
52 Citations
20 Claims
-
1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for tagging a device to indicate the device corresponds to a specified session, the method comprising:
-
an act of receiving a session establishment request from computing components coupled to the computer system, session establishment request requesting establishment of a session to access a portion of the shared resources;
an act of establishing a session between the computer system and the computing components to allow the computing components to access the portion of shared resources;
an act of assigning a session identifier to the established session the session identifier differentiating the established session from other sessions of the computer system;
an act of receiving a device registration request to register a device for use with the established session;
an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request;
an act of creating a device entry for the device, the device entry configured to store values for properties of the device;
an act of setting the value of a session identifier property in the device entry to the session identifier for the established session such that the subsequent transfer of device related information for the device can be restricted to processes in the established session; and
an act of storing the device entry in a device list accessible to a module that performs access checks to determine appropriate responses to requests for device related information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, a method for restricting device access to a specified session, the method comprising:
-
an act of receiving a request for device related information for a device, the request received from a requesting process in a requesting session, the requesting session having a corresponding requesting session identifier;
an act of accessing a device session identifier for the device from a device list that lists devices connected to the computer system, the device session identifier being the session identifier of the session that the device is bound to;
an act of performing an access check to determine if the requesting process is permitted to access the device related information for the device by at least comparing the requesting session identifier to the device session identifier; and
an act of formulating an appropriate response to the requesting process based on the results of the access check. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer system, the computer system comprising:
-
one or more processors;
system memory; and
one or more computer readable media have stored thereon computer-executable instructions representing a property assignment module and a session filter, the property assignment module configured to;
create device entries for devices, each device entry configured to store values for properties of a corresponding device;
set a value for a device session identifier property in the device entry to the session identifier value of a session that registered a device such that the subsequent transfer of device related information for the device can be restricted to processes in the registering session; and
store the device entry in a device list accessible to the session filter. the session filter configured to;
receive requests for device related information from processes in sessions the computer system participates in, each request associated with a requesting session identifier;
access device session identifiers for devices from the device list;
performing access checks to determine if requesting processes are permitted to access requested device related information by at least comparing requesting session identifiers to device session identifiers; and
formulate appropriate responses to requesting processes based on the results of the access check.
-
Specification