What technology area does this patent fall under?

Primary CPC classification G06F13/387. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 25 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Employing session level restrictions to limit access to a redirected interface of a composite device

US10331599B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10331599-B2
Application number	US-201615067565-A
Country	US
Kind code	B2
Filing date	Mar 11, 2016
Priority date	Mar 11, 2016
Publication date	Jun 25, 2019
Grant date	Jun 25, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Session level restrictions can be implemented to limit access to a redirected interface of a composite device. These session level restrictions can be defined within a policy of a directory service, such as Active Directory, to facilitate the dynamic application of the restrictions to the appropriate remote sessions. In this way, access restrictions can be applied to individual interfaces of a redirected composite device so that a particular interface will only be accessible from specified remote sessions.

First claim

Opening claim text (preview).

What is claimed: 1. A method, implemented by a server with which a number of client terminals establish remote sessions, for controlling from which remote sessions a redirected USB interface of a USB composite device will be accessible, the method comprising: in response to a USB composite device having a first USB interface and a second USB interface being redirected from a first client terminal to a server over a first remote session, creating a first device access restriction object in a first device stack that governs access to the first redirected USB interface of the USB composite device on the server, the first device access restriction object identifying remote sessions from which the first redirected USB interface of the USB composite device is accessible, and creating a second device access restriction object in a second device stack that governs access to the second redirected USB interface of the USB composite device on the server, the second device access restriction object identifying remote sessions from which the second redirected USB interface of the USB composite device is accessible; receiving a request from a second client terminal to establish a second remote session with the server; in conjunction with establishing the second remote session, identifying one or more policies that are applicable to the second remote session, the one or more policies including a policy setting which defines that the first redirected USB interface of the USB composite device should be accessible and a policy setting which defines that the second redirected USB interface of the USB composite device should not be accessible; and updating the first device access restriction object but not the second device access restriction object to include an identifier of the second remote session thereby causing the first redirected USB interface of the USB composite device to be accessible from the second remote session while preventing the second redirected USB interface of the USB composite device from being accessible from the second remote session. 2. The method of claim 1 , wherein the first USB interface of the USB composite device is a printer interface and the second USB interface of the USB composite device is a scanner interface. 3. The method of claim 1 , wherein the first redirected USB interface of the USB composite device is associated with a first interface class code and the policy setting defines that USB interfaces associated with the first interface class code should be accessible. 4. The method of claim 3 , wherein the first redirected USB interface of the USB composite device is also associated with a first interface subclass code and the policy setting defines that USB interfaces associated with the first interface subclass code should be accessible. 5. The method of claim 1 , further comprising: receiving, at the first device access restriction object, a request to access the first redirected USB interface of the USB composite device, the request being associated with the identifier of the second remote session; determining that the first device access restriction object includes the identifier of the second remote session; and allowing the request. 6. The method of claim 1 , further comprising: receiving, at the first device access restriction object, a request to access the first redirected USB interface of the USB composite device, the request being associated with an identifier of another remote session; determining that the first device access restriction object does not include the identifier of other remote session; and blocking the request. 7. The method of claim 1 , further comprising: for each session identified in the first device access restriction object, adding a symbolic link to the first redirected USB interface of the USB composite device to a local object manager namespace of the session. 8. The method of claim 7 , further comprising one of: removing a symbolic link to the first redirected USB interface of the USB composite device from a global object manager namespace; or preventing a symbolic link to the first redirected USB interface of the USB composite device from being added to a global object manager namespace. 9. The method of claim 1 , further comprising: detecting that the second remote session has been terminated; and removing the identifier of the second remote session from the first device access restriction object. 10. The method of claim 1 , wherein the one or more policies comprise one or more Active Directory group policy objects. 11. One or more non-transitory computer storage media storing computer executable instructions which when executed on a server implement a method for controlling from which remote sessions a redirected USB interface will be accessible, the method comprising: detecting that a USB composite device has been connected to a first client terminal that has established a first remote session with the server, the USB composite device having at least a first USB interface and a second USB interface; redirecting the first USB interface and the second USB interface to the server by creating a first device access restriction object in a first device stack that governs access to the first redirected USB interface of the USB composite device on the server, the first device access restriction object identifying remote sessions from which the first redirected USB interface of the USB composite device is accessible, and creating a second device access restriction object in a second device stack that governs access to the second redirected USB interface of the USB composite device on the server, the second device access restriction object identifying remote sessions from which the second redirected USB interface of the USB composite device is accessible; in response to a second client terminal establishing a second remote session with the server and based on a policy setting of a policy applicable to the second remote session, updating the first device access restriction objects to include an identifier of the second remote session thereby allowing the first redirected USB interface of the USB composite device to be accessed from the second remote session in accordance with the policy setting, but not updating the second device access restriction object to include the identifier of the second remote session thereby preventing the second redirected USB interface of the USB composite device from being accessed from the second remote session in accordance with the policy setting. 12. The computer storage media of claim 11 , wherein the policy comprises an Active Directory group policy object. 13. The computer storage media of claim 11 , wherein the method further comprises: adding a symbolic link to the first redirected USB interface of the USB composite device to a local object manager namespace of the second remote session; and either removing a symbolic link to the first redirected USB interface of the USB composite device from a global object manager namespace or preventing a symbolic link to the first redirected USB interface of the USB composite device from being added to the global object manager namespace. 14. The computer storage media of claim 11 , wherein the method further comprises: detecting that the second remote session has terminated; and removing the identifier of the second remote session from the first device access restriction object. 15. A method, implemented by a server with which a number of client terminals establish remote sessions, for controlling from which remote sessions a redirected USB interface of a USB composite d

Assignees

Dell Products Lp

Inventors

Classifications

G06F13/387Primary
for adaptation of different data processing systems to different peripheral devices, e.g. protocol converters for incompatible systems, open system · CPC title
H04L67/2814
Electricity · mapped topic
G06F21/82
Protecting input, output or interconnection devices · CPC title
H04L67/38
Electricity · mapped topic
H04L67/08
specially adapted for terminal emulation, e.g. Telnet · CPC title

Patent family

Related publications grouped by family.

View patent family 59787365

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10331599B2 cover?: Session level restrictions can be implemented to limit access to a redirected interface of a composite device. These session level restrictions can be defined within a policy of a directory service, such as Active Directory, to facilitate the dynamic application of the restrictions to the appropriate remote sessions. In this way, access restrictions can be applied to individual interfaces of a …
Who is the assignee on this patent?: Dell Products Lp
What technology area does this patent fall under?: Primary CPC classification G06F13/387. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 25 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).