Access control center workflow and approval

US 8,978,104 B1
Filed: 07/23/2008
Issued: 03/10/2015
Est. Priority Date: 07/23/2008
Status: Active Grant

First Claim

Patent Images

1. A system for restricting access provided to technical support personnel to computing devices of a company'"'"'s computing network, the system comprising a processor and memory in a computing apparatus configured to:

verify an identification of a technical support person based on a user identifier and password associated with the technical support person;

provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal,wherein the received access approval is selectively provided based on a type of incident needing resolution;

allow the computing terminal operated by the technical support person to connect to the remote computing terminal upon activation of the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system,wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal;

establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system;

allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal;

track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and

recording the user identifier and the password that was used by the technical support person while performing each of the number of activities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing indirect and temporary access to a company'"'"'s IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company'"'"'s IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to control the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

65 Citations

View as Search Results

21 Claims

1. A system for restricting access provided to technical support personnel to computing devices of a company'"'"'s computing network, the system comprising a processor and memory in a computing apparatus configured to:
- verify an identification of a technical support person based on a user identifier and password associated with the technical support person;
  
  provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal,wherein the received access approval is selectively provided based on a type of incident needing resolution;
  
  allow the computing terminal operated by the technical support person to connect to the remote computing terminal upon activation of the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system,wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal;
  
  establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system;
  
  allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal;
  
  track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and
  
  recording the user identifier and the password that was used by the technical support person while performing each of the number of activities.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the processor and memory are further configured to access a company authentication server to verify the identification of the technical support person.
  - 3. The system of claim 1, wherein the processor and memory are further configured to obtain one or more credentials for the at least one of the production, development, and test system from a centralized credentials database.
  - 4. The system of claim 1, wherein the processor and memory are further configured to communicate with the technical support person through a gateway server.
  - 5. The system of claim 1, wherein the processor and memory are further configured to communicate with the technical support person through at least one firewall.
  - 6. The system of claim 1, wherein the remote computing terminal is a virtual desktop, one or more virtual desktops being provided by a workstation.
  - 7. The system of claim 1, wherein the computing terminal operated by the technical support person is a thin client terminal, and wherein the technical support person connects to the remote computing terminal using the thin client terminal, and wherein the thin client terminal is local to the technical support person.

8. A method of restricting access provided to technical support personnel to a company'"'"'s computing devices, the method comprising:
- verifying an identification of a technical support person using a user identifier and a password associated with the technical support person;
  
  providing a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal;
  
  wherein the received access approval is selectively provided based on a type of incident needing resolution;
  
  allowing the computing terminal operated by the technical support person to connect to the remote computing terminal via the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system,wherein the remote computing terminal is pre-assigned the service area based on one or more software tools loaded on the remote computing terminal;
  
  establishing a remote access session between the remote computing terminal and the company'"'"'s computing system;
  
  allowing the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal;
  
  tracking and recording a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and
  
  recording the user identifier and the password that was used by the technical support person while performing each of the number of activities.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising accessing a company authentication server to verify the identification of the technical support person.
  - 10. The method of claim 8, further comprising obtaining one or more credentials for the at least one of the production, development, and test system from a centralized credentials database.
  - 11. The method of claim 8, further comprising communicating with the technical support person through a gateway server.
  - 12. The method of claim 8, further comprising communicating with the technical support person through at least one firewall.
  - 13. The method of claim 8, wherein the remote computing terminal is a virtual desktop, one or more virtual desktops being provided by a workstation.
  - 14. The method of claim 8, wherein the technical support person connect to the remote computing terminal using a thin client terminal that is local to the technical support person.

15. A non-transitory computer-readable medium encoded with computer-readable instructions for restricting access provided to technical support personnel to a company'"'"'s computing devices, the computer-readable instructions comprising instructions for causing a computer to:
- verify an identification of a technical support person based on a user identifier and password associated with the technical support person;
  
  provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal,wherein the received access approval is selectively provided based on a type of incident needing resolution;
  
  allow the computing terminal operated by the technical support person to connect to the remote computing terminal via the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system,wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal;
  
  establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system;
  
  allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal;
  
  track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and
  
  recording the user identifier and the password that was used by the technical support person while performing each of the number of activities.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable medium of claim 15, further comprising instructions for causing a computer to access a company authentication server to verify the identification of the technical support person.
  - 17. The non-transitory computer-readable medium of claim 15, further comprising instructions for causing a computer to obtain one or more credentials for the system at least one of the production, development, and test from a centralized credentials database.
  - 18. The non-transitory computer-readable medium of claim 15, further comprising instructions for causing a computer to communicate with the technical support person through a gateway server.
  - 19. The non-transitory computer-readable medium of claim 15, further comprising instructions for causing a computer to communicate with the technical support person through at least one firewall.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the remote computing terminal is a virtual desktop, one or more virtual desktops being provided by a workstation.
  - 21. The non-transitory computer-readable medium of claim 15, wherein the technical support person connect to the remote computing terminal using a thin client terminal that is local to the technical support person.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Wilkinson, Christopher Thomas, Francovich, Edward Allen
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US12/178,566
Time in Patent Office

2,421 Days
Field of Search

726/4, 709/217, 709/219
US Class Current

726/4
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/45   Structures or tools for the...

G06F 21/6218   to a system of files or obj...

Access control center workflow and approval

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access control center workflow and approval

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links