Restricting device access per session
First Claim
1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, the computer system connected to another computer system over a computer network, the other computer system having one or more devices connected as peripheral devices, a method for tagging a device connected to the other computer system to restrict access to the device, the method comprising:
- an act of receiving a session establishment request from the other computer system, the session establishment request requesting establishment of a session between the computer system and the other computer system so that the other computer system can access a portion of the shared resources of the computer system;
an act of establishing a session between the computer system and the other computer system to allow the other computer system to access the portion of shared resources;
an act of assigning a session identifier to the established session, the session identifier differentiating the established session from other sessions of the computer system;
an act of receiving a device registration request from the other computer system, the device registration request being a request to register the device for use within the established session to interact with the shared resources;
an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request, wherein the act of accessing appropriate software to permit the computer system to interface with the device comprises an act of Plug and Play mechanisms at least partially automating the accessing of the appropriate software;
an act of creating a device entry for the device, the device entry including a session identifier property and other properties, the other properties configured to store device related values representing properties of the device;
an act of setting the value of the session identifier property in the device entry to the established session identifier such that access to the device related values can be restricted to processes in the established session; and
an act of storing the device entry in a device list, the device list being accessible to a module that performs access checks based on session identifier properties to determine appropriate responses to requests for device related information.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to restricting device access per session. Entries in a device list are configured to store session ID values in addition to values for other device properties. A session ID value for a device can be set to the session ID value of a (e.g., RDP) session that registered the device such that the subsequent transfer of device related information for the device can be restricted to processes in the session. When a request for device related information is received from a process, an access check is performed by at least comparing a session ID value for the process to a session ID value stored in a device entry for the device. When the access check is successful, for example, when session ID values match, access to the requested device related information can be permitted.
20 Citations
17 Claims
-
1. At a computer system having shared resources, the shared resources sharable among a plurality of sessions, the computer system connected to another computer system over a computer network, the other computer system having one or more devices connected as peripheral devices, a method for tagging a device connected to the other computer system to restrict access to the device, the method comprising:
-
an act of receiving a session establishment request from the other computer system, the session establishment request requesting establishment of a session between the computer system and the other computer system so that the other computer system can access a portion of the shared resources of the computer system; an act of establishing a session between the computer system and the other computer system to allow the other computer system to access the portion of shared resources; an act of assigning a session identifier to the established session, the session identifier differentiating the established session from other sessions of the computer system; an act of receiving a device registration request from the other computer system, the device registration request being a request to register the device for use within the established session to interact with the shared resources; an act of accessing appropriate software to permit the computer system to interface with the device in response to the registration request, wherein the act of accessing appropriate software to permit the computer system to interface with the device comprises an act of Plug and Play mechanisms at least partially automating the accessing of the appropriate software; an act of creating a device entry for the device, the device entry including a session identifier property and other properties, the other properties configured to store device related values representing properties of the device; an act of setting the value of the session identifier property in the device entry to the established session identifier such that access to the device related values can be restricted to processes in the established session; and an act of storing the device entry in a device list, the device list being accessible to a module that performs access checks based on session identifier properties to determine appropriate responses to requests for device related information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for use at a computer system having shared resources, the shared resources sharable among a plurality of sessions, the computer system connected to another computer system over a computer network, the other computer system having one or more devices connected as peripheral devices, the computer program product for implementing a method for tagging a device connected to the other computer system to indicate that the device corresponds to a specified session, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
-
receive a session establishment request from the other computer system, the session establishment request requesting establishment of a session between the computer system and the other computer system so that the other computer system can access a portion of the shared resources; establish a session between the computer system and the other computer system to allow the other computer system to access the portion of shared resources; assign a session identifier to the established session, the session identifier differentiating the established session from other sessions of the computer system; receive a device registration request from the other computer system, the device registration request being a request to register the device for use within the established session; access appropriate software to permit the computer system to interface with the device in response to the registration request by utilizing Plug and Play mechanisms to at least partially automate the accessing of the appropriate software; create a device entry for the device, the device entry configured to store values for properties of the device; set the value of a session identifier property in the device entry to the session identifier for the established session such that the subsequent transfer of device related information for the device can be restricted to processes in the established session; and store the device entry in a device list accessible to a module that performs access checks to determine appropriate responses to requests for device related information. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification