WO2005059684B1 - End point control - Google Patents

End point control

Info

Publication number
WO2005059684B1
WO2005059684B1 PCT/US2004/041487 US2004041487W WO2005059684B1 WO 2005059684 B1 WO2005059684 B1 WO 2005059684B1 US 2004041487 W US2004041487 W US 2004041487W WO 2005059684 B1 WO2005059684 B1 WO 2005059684B1
Authority
WO
WIPO (PCT)
Prior art keywords
client computer
method recited
resource
access
network
Prior art date
Application number
PCT/US2004/041487
Other languages
French (fr)
Other versions
WO2005059684A2 (en
WO2005059684A3 (en
Inventor
Christopher A Hopen
Gary B Tomlinson
Parvez Anandam
Brian Young
Alan Flagg
Original Assignee
Aventail Corp
Christopher A Hopen
Gary B Tomlinson
Parvez Anandam
Brian Young
Alan Flagg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aventail Corp, Christopher A Hopen, Gary B Tomlinson, Parvez Anandam, Brian Young, Alan Flagg filed Critical Aventail Corp
Publication of WO2005059684A2 publication Critical patent/WO2005059684A2/en
Publication of WO2005059684A3 publication Critical patent/WO2005059684A3/en
Publication of WO2005059684B1 publication Critical patent/WO2005059684B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Claims

AMENDED CLAIMS [received by the International Bureau on 05 September 2005 (05.09.2005); originally filed claim 1-18 are amended and renumbered as claims 1,2,4,5,8-21. and new claims 3,6,7 and 22-45 have been added . [8 pages]What is claimed is:
1. A method of determining a computing environment of a client computer, comprising: establishing a secure communication method with the client computer in response to receipt of a network connection request from the client computer, installing an interrogator agent onto a client computer using the secure communication method; and receiving interrogation results produced by the interrogator agent that describe one or more elements of the computing environment of the client computer.
2. The method recited in claim 1, further comprising assigning a zone of trust to the client computer based upon the interrogation results produce by the interrogator agent
3. The method recited in claim 2, further comprising performing an independent evaluation of multiple device profiles to assign a zone of trust to the client computer.
4. The method recited in claim 2, further comprising: determining a set of process objects required for secure operation of the client computer in the assigned zone of trust; and installing process objects on the client computer to match the assigned set of process objects.
5. The method recited in claim 1, further comprising installing a second interrogator agent onto the client computer through the secure communication method; and receiving interrogation results produced by the second interrogator agent
6. The method recited in claim 5, further comprising analyzing the iπteπogatica t salts products by the second interrogator agent and
50 approving the client computer for secure access to the network based upon the analyzed interrogation results.
7. The method recited in claim 6, further comprising creating a set of access credentials for the client computer; and storing said access credentials and interrogation results in a cache on one or more servers on the network.
8. A method of controlling a computer's access to a resource, comprising: receiving a request f r a client computer for a set of resources from a network analyzing the computing environment of said client computer; determining if the computing environment of said client computer complies with a zone of trust associated with the requested set of resources, and satisfies an access control rule; and assigning access rights to the client computer if the client computer complies with the zone of trust associated with the requested set of resources, and satisfies the access control rule.
9. The method of controlling a client computer's access to a resource recited in claim 8, further comprising authorizing a second network server to allow the client computer to obtain the resource from the network.
10. A method of obtaining access to resources on a network server, comprising: requesting a resource on a network from an access server; executing an interrogator agent mat analyzes a client computing environment; transmitting results obtained from the execution of the interrogator agent to a control module; and
51 in response to transmitting the obtained results, obtaining access to the resource.
11. The method recited in claim 10, further comprising: receiving the interrogator agent from a provisioning server, and installing the interrogator agent on the client computer.
12. The method recited in claim 10, further comprising: identifying resources on other network servers accessible to the client computer, and obtaining the resource from the other network servers.
13. A method of controlling a client computer's access to a resource on a network, comprising; receiving a request for a resource from a client computer; in response to receiving the request, installing a first interrogator agent onto the client computer, receiving first interrogation results produced by the first interrogator agent; identifying one or more security process objects corresponding to the first interrogation results; installing the identified security process objects onto the client computer; authenticating an identity of a user of the client computer using results obtained from execution of the identified security process objects on the client computer; installing a second interrogator agent onto the client computer; receiving second interrogation results produced by the second interrogator agent; and based upon the first interrogation results and the second interrogation results, assigning the client computer a 2one of trust,
14. The method recited in claim 13, further comprising: identifying one or more security process objects required by the assigned zone of trust
52 installing the required security process objects onto the client computer, and determining whether the client computer can access the requested resource based upon the assigned zone of trust
15. The method recited in claim 14, further comprising: determining if the identified one or more security process objects are properly operating on the client computer, and if the identified security process objects are properly operating on the client computer, allowing die client computer to obtain the requested resource, and if one or more of the identified security process objects is not properly operating on the client computer, refusing to allow the client computer to obtain the requested resource.
16. The method recited in claim 13, further comprising assigning the zone of trust based upon the identity of the user.
17. The method recited in claim 13, further comprising allowing the client computer to obtain the resource on the network.
18. The method recited in claim 17, further comprising authorizing one or more network servers to provide one or more resources to the client computer.
19. A method of provisioning resources to a client computer, comprising: receiving a request for a resource from a client computer; creating at least one rule identifying a set of elements of a secure computing environment for a client computer; interrogating the client computer to determine if the client computer contains the set of elements required by the rule; and provisioning the identified process objects to the client computer to match the required set of elements of a secure computing environment
20. The method recited in claim 19, further comprising:
53 creating a rule to further require that an identity associated with the client computer be an authenticated identity before provisioning the set of process objects onto the client computer.
21. The method recited in claim 19, further comprising: creating the rule to specify a set of communication methods for secure provisioning and execution of process objects on the client computer.
22. A method of provisioning resources to a client computer, comprising: creating at least one rule identifymg a client computer computing environment, a resource, and an action to be taken when the rule is applied in response to a request from the client computer for a resource.
23. The method recited in claim 22, wherein the action allows the client computer to obtain the resource when the rule is applied.
24. The method recited in claim 22, wherein the action prohibits the client computer from obtaining the resource when the rule is applied.
25. The method recited in claim 22, further comprising: creating the rule to further require that an identity associated with the client computer be authenticated before taking the action in response to a request from the client computer for a resource.
26. The method recited in claim 22, further comprising: creating the rule to control the use of a set of communication methods,
27. A method of provisioning a client computer, comprising; receiving a communication from a client computer, installing at least one interrogator agent onto the client computer in response to said communication; receiving interrogation results produced by the at least one interrogator agent; based upon the interrogation results, identifying one or more process objects in the computing environment of the client computer, and installing the one or more process objects onto the client computer.
28. The method recited in claim 27, wherein die process objects are communication process objects.
29. The method recited in claim 28, wherein the communication from the client computer employs a first communication method; and at least one of the communication process objects implements a second communication method different from the first communication technique.
30. The method recited in claim 27, further comprising installing an end point installer to facilitate subsequent installation of the process objects.
31. A method of receiving process objects from a network server to a client computer, comprising: transmitting a communication to a network server; receiving an interrogator agent; executing the interrogator agent to analyze a client computing environment; transmitting results obtained from the execution of the interrogator agent to the network server, and in response to transmitting the obtained results, receiving at least one process object; and installing ihe at least one process object on the client computer for execution.
55
32. The method recited in claim 31, wherein the at least one process object is a communication process object 33. A method of a network server performing an action based upon an operating environment of a client computer, comprising: installing an interrogator agent onto the client computer; and receiving interrogation results produced by the interrogator agent; assigning a zone of trust to the client computer based upon the interrogation results sent by the interrogator; and performing an action associated with the zone of trust. 34. The method recited in claim 33, wherein the action is to log the client computer off of a secure communication session. 35. The method recited in claim 33, wherein the action is to terminate the secure communication session with the client computer. 36. The method recited in claim 33, wherein the action is to allow the client computer to access one or more requested resources. 37. The method recited in claim 36, wherein die action is to authorize one or more network servers to provide the client computer with the requested resources. 38. The method recited in claim 33, wherein the action is to provision and execute on the client computer at least one process object. 39. The method recited in claim 38, wherein the at least one process object is a communication process object. 40. The method recited in claim 38, wherein the at least one process object is a security process object 41. A network device, comprising: an access module that establishes communication with a client computer;
56 a provisioning module that installs at least one interrogator agent onto a client computer communicating with die access module; an end point control module that analyzes interrogation results provided by the at least one interrogator agent, and assigns a zone of trust to the client computer based upon the interrogation results provided by the at least one interrogator agent 42. The network device recited in claim 41, further comprising: a policy module implementing rules for associating a zone of trust with an operating environment of a client computer. 43. The network device recited in claim 42, wherein the policy module further authenticates an identity associated with a client computer communicating with the access module. 44. The network device recited in claim 43, wherein the provisioning module installs a first interrogation agent onto a client computer communicating with the access module before the policy module authenticates an identity associated with that client computer; and installs a second interrogation agent onto that client computer after the policy module authenticates an identify associated with that client computer. 45. The network device recited in claim 41, wherein the access module establishes secure communication with a client computer.
57
PCT/US2004/041487 2003-12-10 2004-12-10 End point control WO2005059684A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US52887003P 2003-12-10 2003-12-10
US60/528,870 2003-12-10

Publications (3)

Publication Number Publication Date
WO2005059684A2 WO2005059684A2 (en) 2005-06-30
WO2005059684A3 WO2005059684A3 (en) 2005-09-29
WO2005059684B1 true WO2005059684B1 (en) 2005-11-17

Family

ID=34699908

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/041487 WO2005059684A2 (en) 2003-12-10 2004-12-10 End point control

Country Status (2)

Country Link
US (3) US8255973B2 (en)
WO (1) WO2005059684A2 (en)

Families Citing this family (91)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050198379A1 (en) 2001-06-13 2005-09-08 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions
US7594018B2 (en) * 2003-10-10 2009-09-22 Citrix Systems, Inc. Methods and apparatus for providing access to persistent application sessions
WO2005048106A2 (en) * 2003-11-11 2005-05-26 Net6, Inc. Virtual private network with pseudo server
US7978716B2 (en) 2003-11-24 2011-07-12 Citrix Systems, Inc. Systems and methods for providing a VPN solution
US8590032B2 (en) 2003-12-10 2013-11-19 Aventail Llc Rule-based routing to resources through a network
WO2005059684A2 (en) * 2003-12-10 2005-06-30 Aventail Corporation End point control
US8661158B2 (en) * 2003-12-10 2014-02-25 Aventail Llc Smart tunneling to resources in a network
US8739274B2 (en) 2004-06-30 2014-05-27 Citrix Systems, Inc. Method and device for performing integrated caching in a data communication network
US8495305B2 (en) 2004-06-30 2013-07-23 Citrix Systems, Inc. Method and device for performing caching of dynamically generated objects in a data communication network
US7757074B2 (en) 2004-06-30 2010-07-13 Citrix Application Networking, Llc System and method for establishing a virtual private network
EP1771998B1 (en) 2004-07-23 2015-04-15 Citrix Systems, Inc. Systems and methods for optimizing communications between network nodes
KR20070037649A (en) 2004-07-23 2007-04-05 사이트릭스 시스템스, 인크. A method and systems for routing packets from a gateway to an endpoint
KR20070083482A (en) 2004-08-13 2007-08-24 사이트릭스 시스템스, 인크. A method for maintaining transaction integrity across multiple remote access servers
US8613048B2 (en) 2004-09-30 2013-12-17 Citrix Systems, Inc. Method and apparatus for providing authorized remote access to application sessions
US7711835B2 (en) 2004-09-30 2010-05-04 Citrix Systems, Inc. Method and apparatus for reducing disclosure of proprietary data in a networked environment
US7748032B2 (en) 2004-09-30 2010-06-29 Citrix Systems, Inc. Method and apparatus for associating tickets in a ticket hierarchy
WO2006044820A2 (en) 2004-10-14 2006-04-27 Aventail Corporation Rule-based routing to resources through a network
US8195952B2 (en) 2004-12-14 2012-06-05 International Business Machines Corporation System and method of facilitating the identification of a computer on a network
US20060253605A1 (en) * 2004-12-30 2006-11-09 Prabakar Sundarrajan Systems and methods for providing integrated client-side acceleration techniques to access remote applications
US8954595B2 (en) 2004-12-30 2015-02-10 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP buffering
US7810089B2 (en) 2004-12-30 2010-10-05 Citrix Systems, Inc. Systems and methods for automatic installation and execution of a client-side acceleration program
US8700695B2 (en) 2004-12-30 2014-04-15 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP pooling
US8706877B2 (en) 2004-12-30 2014-04-22 Citrix Systems, Inc. Systems and methods for providing client-side dynamic redirection to bypass an intermediary
US8549149B2 (en) 2004-12-30 2013-10-01 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
EP2739014B1 (en) 2005-01-24 2018-08-01 Citrix Systems, Inc. Systems and methods for performing caching of dynamically generated objects in a network
US8255456B2 (en) 2005-12-30 2012-08-28 Citrix Systems, Inc. System and method for performing flash caching of dynamically generated objects in a data communication network
US8024568B2 (en) 2005-01-28 2011-09-20 Citrix Systems, Inc. Method and system for verification of an endpoint security scan
US8245280B2 (en) * 2005-02-11 2012-08-14 Samsung Electronics Co., Ltd. System and method for user access control to content in a network
US7831833B2 (en) * 2005-04-22 2010-11-09 Citrix Systems, Inc. System and method for key recovery
US8079059B1 (en) * 2005-05-31 2011-12-13 Imera Systems, Inc. Method and system for providing terminal view access of a client device in a secure network
WO2006134269A1 (en) * 2005-06-14 2006-12-21 Patrice Guichard Data and a computer system protecting method and device
US8646070B1 (en) * 2005-06-30 2014-02-04 Emc Corporation Verifying authenticity in data storage management systems
US8726353B2 (en) * 2005-11-01 2014-05-13 Qinetiq Limited Secure computer use system
CA2632235A1 (en) 2005-12-02 2007-06-07 Citrix Systems, Inc. Method and apparatus for providing authentication credentials from a proxy server to a virtualized computing environment to access a remote resource
US8301839B2 (en) 2005-12-30 2012-10-30 Citrix Systems, Inc. System and method for performing granular invalidation of cached dynamically generated objects in a data communication network
US7921184B2 (en) 2005-12-30 2011-04-05 Citrix Systems, Inc. System and method for performing flash crowd caching of dynamically generated objects in a data communication network
US8104077B1 (en) * 2006-01-03 2012-01-24 Symantec Corporation System and method for adaptive end-point compliance
US8452961B2 (en) * 2006-03-07 2013-05-28 Samsung Electronics Co., Ltd. Method and system for authentication between electronic devices with minimal user intervention
US8972534B2 (en) * 2006-04-12 2015-03-03 International Business Machines Corporation Adjusting software settings
US8151323B2 (en) * 2006-04-12 2012-04-03 Citrix Systems, Inc. Systems and methods for providing levels of access and action control via an SSL VPN appliance
JP4299316B2 (en) * 2006-05-12 2009-07-22 株式会社日立製作所 Information processing system
US7827275B2 (en) * 2006-06-08 2010-11-02 Samsung Electronics Co., Ltd. Method and system for remotely accessing devices in a network
US20070288487A1 (en) * 2006-06-08 2007-12-13 Samsung Electronics Co., Ltd. Method and system for access control to consumer electronics devices in a network
US8108525B2 (en) 2006-08-03 2012-01-31 Citrix Systems, Inc. Systems and methods for managing a plurality of user sessions in a virtual private network environment
US8533846B2 (en) * 2006-11-08 2013-09-10 Citrix Systems, Inc. Method and system for dynamically associating access rights with a resource
JP2010518468A (en) * 2007-01-16 2010-05-27 アブソリュート ソフトウェア コーポレイション Security module with an auxiliary agent that works with the host agent
US8504775B2 (en) 2007-03-12 2013-08-06 Citrix Systems, Inc Systems and methods of prefreshening cached objects based on user's current web page
US8074028B2 (en) 2007-03-12 2011-12-06 Citrix Systems, Inc. Systems and methods of providing a multi-tier cache
US8701010B2 (en) 2007-03-12 2014-04-15 Citrix Systems, Inc. Systems and methods of using the refresh button to determine freshness policy
US7783757B2 (en) 2007-03-12 2010-08-24 Citrix Systems, Inc. Systems and methods of revalidating cached objects in parallel with request for object
US8103783B2 (en) 2007-03-12 2012-01-24 Citrix Systems, Inc. Systems and methods of providing security and reliability to proxy caches
US7720936B2 (en) 2007-03-12 2010-05-18 Citrix Systems, Inc. Systems and methods of freshening and prefreshening a DNS cache
US7584294B2 (en) 2007-03-12 2009-09-01 Citrix Systems, Inc. Systems and methods for prefetching objects for caching using QOS
US7809818B2 (en) * 2007-03-12 2010-10-05 Citrix Systems, Inc. Systems and method of using HTTP head command for prefetching
US8037126B2 (en) 2007-03-12 2011-10-11 Citrix Systems, Inc. Systems and methods of dynamically checking freshness of cached objects based on link status
US7770214B2 (en) * 2007-04-17 2010-08-03 International Business Machines Corporation Apparatus, system, and method for establishing a reusable and reconfigurable model for fast and persistent connections in database drivers
US8561148B2 (en) 2008-06-26 2013-10-15 Citrix Systems, Inc. Methods and systems for interactive evaluation using dynamically generated, interactive resultant sets of policies
US8775944B2 (en) * 2008-06-26 2014-07-08 Citrix Systems, Inc. Methods and systems for interactive evaluation of policies
US20090007021A1 (en) * 2007-06-28 2009-01-01 Richard Hayton Methods and systems for dynamic generation of filters using a graphical user interface
US20090006618A1 (en) * 2007-06-28 2009-01-01 Richard Hayton Methods and systems for access routing and resource mapping using filters
US8132247B2 (en) * 2007-08-03 2012-03-06 Citrix Systems, Inc. Systems and methods for authorizing a client in an SSL VPN session failover environment
KR20090038683A (en) * 2007-10-16 2009-04-21 한국전자통신연구원 Web firewall with automatic checking function of web server vulnerability and vulnerability checking method for using the same
US7925694B2 (en) * 2007-10-19 2011-04-12 Citrix Systems, Inc. Systems and methods for managing cookies via HTTP content layer
US8090877B2 (en) 2008-01-26 2012-01-03 Citrix Systems, Inc. Systems and methods for fine grain policy driven cookie proxying
US8739292B2 (en) * 2008-03-04 2014-05-27 Apple Inc. Trust exception management
US8161521B1 (en) * 2008-03-05 2012-04-17 Juniper Networks, Inc. Controlling network access by applying super security policies
US8850569B1 (en) * 2008-04-15 2014-09-30 Trend Micro, Inc. Instant messaging malware protection
CN101272627B (en) * 2008-04-30 2010-12-22 杭州华三通信技术有限公司 Network access control method and apparatus for implementing roaming
US8613045B1 (en) * 2008-05-01 2013-12-17 F5 Networks, Inc. Generating secure roaming user profiles over a network
US8424098B2 (en) * 2008-12-01 2013-04-16 General Electric Company System and method for enhanced data security
US8332496B2 (en) * 2009-09-23 2012-12-11 International Business Machines Corporation Provisioning of operating environments on a server in a networked environment
US8552833B2 (en) 2010-06-10 2013-10-08 Ricoh Company, Ltd. Security system for managing information on mobile wireless devices
US8782404B2 (en) * 2010-09-07 2014-07-15 Nicholas L. Lamb System and method of providing trusted, secure, and verifiable operating environment
US9311482B2 (en) * 2010-11-01 2016-04-12 CounterTack, Inc. Inoculator and antibody for computer security
US8806638B1 (en) * 2010-12-10 2014-08-12 Symantec Corporation Systems and methods for protecting networks from infected computing devices
US9165289B2 (en) 2011-02-28 2015-10-20 Ricoh Company, Ltd. Electronic meeting management for mobile wireless devices with post meeting processing
US8725904B2 (en) * 2011-08-18 2014-05-13 Hewlett-Packard Development Company, L.P. Management processors, methods and articles of manufacture
US20130347054A1 (en) * 2012-06-20 2013-12-26 Tetsuro Motoyama Approach For Managing Access To Data On Client Devices
US9344437B2 (en) 2011-09-23 2016-05-17 Jerome Svigals Internet of things security
US9319404B2 (en) 2011-09-23 2016-04-19 Jerome Svigals Security for the internet of things
US8997188B2 (en) 2012-04-11 2015-03-31 Jerome Svigals System for enabling a smart device to securely accept unsolicited transactions
US9432378B1 (en) 2011-09-23 2016-08-30 Jerome Svigals Internet of things security
US9009807B2 (en) * 2012-04-11 2015-04-14 Jerome Svigals Smart device lockout
US9213805B2 (en) 2012-06-20 2015-12-15 Ricoh Company, Ltd. Approach for managing access to data on client devices
US8732792B2 (en) * 2012-06-20 2014-05-20 Ricoh Company, Ltd. Approach for managing access to data on client devices
CA3099685C (en) * 2013-03-29 2022-09-20 Ologn Technologies Ag Systems, methods and apparatuses for secure storage of data using a security-enhancing chip
CN107295033B (en) 2016-03-31 2020-07-28 阿里巴巴集团控股有限公司 Routing method and device
US10333918B2 (en) * 2017-02-22 2019-06-25 Accenture Global Solutions Limited Automated system identification, authentication, and provisioning
US11055415B2 (en) * 2017-09-29 2021-07-06 Valente Sherman, Inc. Computational risk analysis and intermediation
US11394691B2 (en) * 2018-06-05 2022-07-19 Acreto Cloud Corporation Ecosystem per distributed element security through virtual isolation networks
US11539695B2 (en) * 2019-11-26 2022-12-27 Twingate, Inc. Secure controlled access to protected resources

Family Cites Families (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5845090A (en) * 1994-02-14 1998-12-01 Platinium Technology, Inc. System for software distribution in a digital computer network
US6269392B1 (en) * 1994-11-15 2001-07-31 Christian Cotichini Method and apparatus to monitor and locate an electronic device using a secured intelligent agent
US6300863B1 (en) * 1994-11-15 2001-10-09 Absolute Software Corporation Method and apparatus to monitor and locate an electronic device using a secured intelligent agent via a global network
US6244758B1 (en) * 1994-11-15 2001-06-12 Absolute Software Corp. Apparatus and method for monitoring electronic devices via a global network
US6049671A (en) * 1996-04-18 2000-04-11 Microsoft Corporation Method for identifying and obtaining computer software from a network computer
FI103450B1 (en) * 1996-04-23 1999-06-30 Nokia Mobile Phones Ltd Multimedia terminal and procedure for conducting multimedia reception
US6151643A (en) * 1996-06-07 2000-11-21 Networks Associates, Inc. Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer
US6052780A (en) 1996-09-12 2000-04-18 Open Security Solutions, Llc Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information
US7580919B1 (en) * 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US7272625B1 (en) * 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6779030B1 (en) * 1997-10-06 2004-08-17 Worldcom, Inc. Intelligent network
US6128279A (en) * 1997-10-06 2000-10-03 Web Balance, Inc. System for balancing loads among network servers
FI108827B (en) * 1998-01-08 2002-03-28 Nokia Corp A method for implementing connection security in a wireless network
US6226751B1 (en) * 1998-04-17 2001-05-01 Vpnet Technologies, Inc. Method and apparatus for configuring a virtual private network
US6779118B1 (en) 1998-05-04 2004-08-17 Auriq Systems, Inc. User specific automatic data redirection system
US6772350B1 (en) * 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
US6321334B1 (en) * 1998-07-15 2001-11-20 Microsoft Corporation Administering permissions associated with a security zone in a computer system security model
US7127493B1 (en) * 1998-08-20 2006-10-24 Gautier Taylor S Optimizing server delivery of content by selective inclusion of optional data based on optimization criteria
US6199099B1 (en) * 1999-03-05 2001-03-06 Ac Properties B.V. System, method and article of manufacture for a mobile communication network utilizing a distributed communication network
US6081900A (en) * 1999-03-16 2000-06-27 Novell, Inc. Secure intranet access
US6691232B1 (en) * 1999-08-05 2004-02-10 Sun Microsystems, Inc. Security architecture with environment sensitive credential sufficiency evaluation
US6874028B1 (en) * 1999-10-25 2005-03-29 Microsoft Corporation System and method for unified registration information collection
US7028334B2 (en) * 2000-04-12 2006-04-11 Corente, Inc. Methods and systems for using names in virtual networks
US7047424B2 (en) * 2000-04-12 2006-05-16 Corente, Inc. Methods and systems for hairpins in virtual networks
US6631416B2 (en) * 2000-04-12 2003-10-07 Openreach Inc. Methods and systems for enabling a tunnel between two computers on a network
US6981041B2 (en) * 2000-04-13 2005-12-27 Aep Networks, Inc. Apparatus and accompanying methods for providing, through a centralized server site, an integrated virtual office environment, remotely accessible via a network-connected web browser, with remote network monitoring and management capabilities
US6675206B1 (en) * 2000-04-14 2004-01-06 International Business Machines Corporation Method and apparatus for generating replies to address resolution protocol requests for virtual IP addresses
BR0102116B1 (en) * 2000-05-10 2010-09-21 component for a breathing circuit member.
GB2363548A (en) * 2000-06-15 2001-12-19 Int Computers Ltd Computer systems, in particular virtual private networks
US7032031B2 (en) * 2000-06-23 2006-04-18 Cloudshield Technologies, Inc. Edge adapter apparatus and method
WO2002006971A1 (en) * 2000-07-13 2002-01-24 Aprisma Management Technologies, Inc. Method and apparatus for a comprehensive network management system
US6996631B1 (en) * 2000-08-17 2006-02-07 International Business Machines Corporation System having a single IP address associated with communication protocol stacks in a cluster of processing systems
GB0020371D0 (en) * 2000-08-18 2000-10-04 Hewlett Packard Co Apparatus and method for establishing trust
US7269735B2 (en) * 2000-08-28 2007-09-11 Contentgaurd Holdings, Inc. Instance specific digital watermarks
US7099955B1 (en) * 2000-10-19 2006-08-29 International Business Machines Corporation End node partitioning using LMC for a system area network
EP1332600A2 (en) 2000-11-03 2003-08-06 The Board of Regents of the University of Nebraska Load balancing method and system
US7447782B2 (en) * 2000-12-18 2008-11-04 Sun Microsystems, Inc. Community access control in a multi-community node
US6760330B2 (en) * 2000-12-18 2004-07-06 Sun Microsystems, Inc. Community separation control in a multi-community node
US7016325B2 (en) * 2001-01-18 2006-03-21 Strix Systems, Inc. Link context mobility method and system for providing such mobility, such as a system employing short range frequency hopping spread spectrum wireless protocols
US7702785B2 (en) * 2001-01-31 2010-04-20 International Business Machines Corporation Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources
US7092987B2 (en) * 2001-02-13 2006-08-15 Educational Testing Service Remote computer capabilities querying and certification
US20040015961A1 (en) * 2001-03-19 2004-01-22 International Business Machines Corporation Method and apparatus for automatic prerequisite verification and installation of software
US7197559B2 (en) * 2001-05-09 2007-03-27 Mercury Interactive Corporation Transaction breakdown feature to facilitate analysis of end user performance of a server system
US7073093B2 (en) * 2001-05-15 2006-07-04 Hewlett-Packard Development Company, L.P. Helpdesk system and method
US7450505B2 (en) 2001-06-01 2008-11-11 Fujitsu Limited System and method for topology constrained routing policy provisioning
US6957274B2 (en) * 2001-06-27 2005-10-18 Microsoft Corporation System adds additional new routes and default routes to a routing table to allow concurrent access to two different network connections
US6873988B2 (en) * 2001-07-06 2005-03-29 Check Point Software Technologies, Inc. System and methods providing anti-virus cooperative enforcement
US7017162B2 (en) * 2001-07-10 2006-03-21 Microsoft Corporation Application program interface for network software platform
US7131141B1 (en) * 2001-07-27 2006-10-31 At&T Corp. Method and apparatus for securely connecting a plurality of trust-group networks, a protected resource network and an untrusted network
US7093024B2 (en) * 2001-09-27 2006-08-15 International Business Machines Corporation End node partitioning using virtualization
US7194553B2 (en) * 2001-10-16 2007-03-20 Microsoft Corporation Resolving virtual network names
JP2003203140A (en) 2001-10-30 2003-07-18 Asgent Inc Method for grasping situation of information system and device used in the same
US7644151B2 (en) * 2002-01-31 2010-01-05 Lancope, Inc. Network service zone locking
US7050555B2 (en) * 2001-12-20 2006-05-23 Telarix, Inc. System and method for managing interconnect carrier routing
US7174320B2 (en) * 2002-04-04 2007-02-06 Intel Corporation Method of providing adaptive security
JP2003316522A (en) * 2002-04-26 2003-11-07 Hitachi Ltd Computer system and method for controlling the same system
US20040003084A1 (en) * 2002-05-21 2004-01-01 Malik Dale W. Network resource management system
US7103593B2 (en) * 2002-06-14 2006-09-05 Christopher James Dean System and method for retrieving information from disparate information sources in a decentralized manner and integrating the information in accordance with a distributed domain model/ontology
JP3813908B2 (en) 2002-07-25 2006-08-23 日本電信電話株式会社 Private network connection method and gateway control device
US6850943B2 (en) * 2002-10-18 2005-02-01 Check Point Software Technologies, Inc. Security system and methodology for providing indirect access control
US20040078471A1 (en) * 2002-10-18 2004-04-22 Collatus Corporation, A Delaware Corportion Apparatus, method, and computer program product for building virtual networks
US20040148439A1 (en) * 2003-01-14 2004-07-29 Motorola, Inc. Apparatus and method for peer to peer network connectivty
US20040249919A1 (en) * 2003-06-04 2004-12-09 Dirk Mattheis System and method for remote systems management and reporting
US7493380B2 (en) * 2003-12-02 2009-02-17 International Business Machines Corporation Method for determining load balancing weights using application instance topology information
US8661158B2 (en) * 2003-12-10 2014-02-25 Aventail Llc Smart tunneling to resources in a network
US8590032B2 (en) * 2003-12-10 2013-11-19 Aventail Llc Rule-based routing to resources through a network
US7827590B2 (en) * 2003-12-10 2010-11-02 Aventail Llc Controlling access to a set of resources in a network
WO2005059684A2 (en) * 2003-12-10 2005-06-30 Aventail Corporation End point control
JP2006013732A (en) 2004-06-24 2006-01-12 Hitachi Ltd Routing device and authentication method of information processor
US7711835B2 (en) * 2004-09-30 2010-05-04 Citrix Systems, Inc. Method and apparatus for reducing disclosure of proprietary data in a networked environment
WO2006044820A2 (en) * 2004-10-14 2006-04-27 Aventail Corporation Rule-based routing to resources through a network
US7853953B2 (en) * 2005-05-27 2010-12-14 International Business Machines Corporation Methods and apparatus for selective workload off-loading across multiple data centers
CN201629481U (en) * 2010-02-05 2010-11-10 国基电子(上海)有限公司 Electronic equipment

Also Published As

Publication number Publication date
WO2005059684A2 (en) 2005-06-30
US20050144481A1 (en) 2005-06-30
US20100333169A1 (en) 2010-12-30
US20080148364A1 (en) 2008-06-19
US8255973B2 (en) 2012-08-28
US7779469B2 (en) 2010-08-17
US8301769B2 (en) 2012-10-30
WO2005059684A3 (en) 2005-09-29

Similar Documents

Publication Publication Date Title
WO2005059684B1 (en) End point control
US7353282B2 (en) Methods and systems for sharing a network resource with a user without current access
CN107948203B (en) A kind of container login method, application server, system and storage medium
CN112597472B (en) Single sign-on method, device and storage medium
US8701199B1 (en) Establishing a trusted session from a non-web client using adaptive authentication
CN110213215B (en) Resource access method, device, terminal and storage medium
CN110381031B (en) Single sign-on method, device, equipment and computer readable storage medium
US9519777B2 (en) Techniques for controlling authentication
US8997196B2 (en) Flexible end-point compliance and strong authentication for distributed hybrid enterprises
US9826100B2 (en) Usage tracking for software as a service (SaaS) applications
CN110851274B (en) Resource access control method, device, equipment and storage medium
JP5191376B2 (en) Risk-based authentication system, risk information acquisition server, and risk-based authentication method
US9626137B2 (en) Image forming apparatus, server device, information processing method, and computer-readable storage medium
CN109714348B (en) Authority processing method, device, equipment and medium based on block chain
US20110179477A1 (en) System including property-based weighted trust score application tokens for access control and related methods
US20110314558A1 (en) Method and apparatus for context-aware authentication
WO2018188558A1 (en) Method and apparatus for identifying account permission
US20140130142A1 (en) Method and Cloud Security Framework for Implementing Tenant License Verification
CN111614673A (en) Operation method of authority authentication system based on CAS
KR101795592B1 (en) Control method of access to cloud service for business
CN102111406A (en) Authentication method, system and DHCP proxy server
CN107133516B (en) Authority control method and system
US20150180850A1 (en) Method and system to provide additional security mechanism for packaged web applications
JP2003296277A5 (en)
JP2014534515A5 (en)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims

Effective date: 20050905

122 Ep: pct application non-entry in european phase