Adaptive network security using zero trust microsegmentation
US-2024356980-A1 · Oct 24, 2024 · US
System and method for providing selective access to a redirected device
US9467458B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9467458-B2 |
| Application number | US-201414449859-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 1, 2014 |
| Priority date | Aug 1, 2014 |
| Publication date | Oct 11, 2016 |
| Grant date | Oct 11, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a method includes, by a computing device, receiving identifiers of one or more sessions, users, or groups selected to have access to a particular redirected device. The computing device stores the identifiers in a database, receives a request associated with a session, user, or group to access the particular redirected device, and determines whether an identifier for the session, user, or group associated with the request is stored in the database. If the identifier is stored in the database, then the computing device grants access to the redirected device, or if the identifier is not stored in the database, then the computing device blocks the session, user, or group from accessing the redirected device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: registering a device access restriction (DAR) driver with an operating system of a computing device for one or more classes of devices as an upper filter driver for the one or more classes of devices; receiving a redirection of a device associated with the one or more classes of devices; by the computing device, creating a DAR object at a top of a device stack associated with the redirected device, wherein the device stack comprises a virtual disk driver associated with the redirected device; storing device configuration data for the redirected device, wherein the device configuration data comprises one or more access restriction settings for the redirected device; by a computing device, determining one or more identifiers of one or more sessions, users, or groups selected to have access to the redirected device based, at least in part, on the one or more access restriction settings; by the computing device, receiving a request associated with a session, user, or group to access the redirected device; by the computing device, comparing an identifier for the session, user, or group associated with the request with the one or more identifiers; and by a filter driver of the computing device, granting a level of access to the redirected device based, at least in part on the comparison, wherein the level of access comprises at least one of blocked access, restricted access, or unrestricted access, wherein the granting the level of access to the redirected device comprises moving symbolic links to the redirected device from a global namespace to a local namespace associated with the session, user or group associated with the request. 2. The method of claim 1 , wherein the redirected device comprises a USB device. 3. The method of claim 1 , wherein the computing device is a server computing device. 4. The method of claim 1 , wherein a user of the redirected device specifies the one or more sessions, users, or groups selected to have access to the redirected device. 5. The method of claim 1 , wherein the filter driver is associated with a particular class of redirected devices. 6. One or more computer-readable non-transitory storage media embodying software that is operable when executed to: register a device access restriction (DAR) driver with an operating system of a computing device for one or more classes of devices as an upper filter driver for the one or more classes of devices; receive a redirection of a device associated with the one or more classes of devices; create a DAR object at a top of a device stack associated with the redirected device, wherein the device stack comprises a virtual disk driver associated with the redirected device; store device configuration data for the redirected device, wherein the device configuration data comprises one or more access restriction settings for the redirected device determine one or more identifiers of one or more sessions, users, or groups selected to have access to the redirected device based, at least in part, on the one or more access restriction settings; receive a request associated with a session, user, or group to access the redirected device; compare an identifier for the session, user, or group associated with the request with one or more identifiers; and grant a level of access by a filter driver to the redirected device based, at least in part on the comparison, wherein the level of access comprises at least one of blocked access, restricted access, or unrestricted access, and wherein granting the level of access by the filter driver to the redirected device comprises moving symbolic links to the redirected device from a global namespace to a local namespace associated with the session, user or group associated with the request. 7. The media of claim 6 , wherein the redirected device comprises a USB device. 8. The media of claim 6 , wherein a server computing device comprises the media. 9. The media of claim 6 , wherein a user of the redirected device specifies the one or more sessions, users, or groups selected to have access to the redirected device. 10. The media of claim 6 , wherein the filter driver is associated with a particular class of redirected devices. 11. A system comprising: one or more processors; and a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to: register a device access restriction (DAR) driver with an operating system of a computing device for one or more classes of devices as an upper filter driver for the one or more classes of devices; receive a redirection of a device associated with the one or more classes of devices; creating a DAR object at a top of a device stack associated with the redirected device, wherein the device stack comprises a virtual disk driver associated with the redirected device; store device configuration data for the redirected device, wherein the device configuration data comprises one or more access restriction settings for the redirected device; determine one or more identifiers of one or more sessions, users, or groups selected to have access to the redirected device based, at least in part, on the one or more access restriction settings; receive a request associated with a session, user, or group to access the redirected device; compare an identifier for the session, user, or group associated with the request with the one or more identifiers; and grant a level of access, by a filter driver, to the redirected device based, at least in part on the comparison, wherein the level of access comprises at least one of blocked access, restricted access, or unrestricted access, and wherein the granting the level of access, by a filter driver, to the redirected device comprises moving symbolic links to the redirected device from a global namespace to a local namespace associated with the session, user or group associated with the request. 12. The system of claim 11 , wherein the redirected device comprises a USB device. 13. The system of claim 11 , wherein a user of the redirected device specifies the one or more sessions, users, or groups selected to have access to the redirected device. 14. The system of claim 11 , wherein the filter driver is associated with a particular class of redirected devices.
Assignees
Inventors
Classifications
- H04L63/104Primary
Grouping of entities · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9467458B2 cover?
- In one embodiment, a method includes, by a computing device, receiving identifiers of one or more sessions, users, or groups selected to have access to a particular redirected device. The computing device stores the identifiers in a database, receives a request associated with a session, user, or group to access the particular redirected device, and determines whether an identifier for the sess…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 11 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).