US 12,107,844 B2
Single sign on for a remote user session
Anthony J. Wilkinson, Princess Risborough (GB); Per Olov Larsson, London (GB); Ashley Nuttall, Farnham (GB); Hans Christenson, Huddinge (SE); Tom Elliott, New York, NY (US); Steven Sigel, North Andover, MA (US); and Adam Gross, Palo Alto, CA (US)
Assigned to Omnissa, LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Feb. 23, 2022, as Appl. No. 17/652,191.
Application 17/652,191 is a continuation of application No. 15/488,067, filed on Apr. 14, 2017, abandoned.
Application 15/488,067 is a continuation of application No. 14/587,923, filed on Dec. 31, 2014, granted, now 9,628,469, issued on Apr. 18, 2017.
Application 14/587,923 is a continuation of application No. 12/939,817, filed on Nov. 4, 2010, granted, now 8,955,072, issued on Feb. 10, 2015.
Claims priority of provisional application 61/258,367, filed on Nov. 5, 2009.
Prior Publication US 2022/0255918 A1, Aug. 11, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06F 21/33 (2013.01); G06F 21/34 (2013.01); G06F 21/41 (2013.01); G06F 21/44 (2013.01); H04L 9/32 (2006.01)
CPC H04L 63/0815 (2013.01) [G06F 21/335 (2013.01); G06F 21/34 (2013.01); G06F 21/41 (2013.01); G06F 21/445 (2013.01); H04L 9/3226 (2013.01); H04L 9/3234 (2013.01); H04L 9/3263 (2013.01); H04L 9/3273 (2013.01); H04L 63/0428 (2013.01); H04L 63/0823 (2013.01); H04L 63/083 (2013.01); H04L 63/0853 (2013.01); H04L 63/10 (2013.01); G06F 2009/45587 (2013.01); H04L 63/0807 (2013.01); H04L 63/0884 (2013.01); H04L 2209/56 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A method of authenticating a user to a remote desktop in a system having a connection broker that manages connections to the remote desktop, comprising:
responsive to receiving an input of credentials of the user at a client computing device, authenticating the user to the client computing device;
storing a secret component of the credentials of the user in an internal cache of the client computing device that can only be accessed by an endpoint system service running in the client computing device;
responsive to receiving an input at the client computing device to access the remote desktop using the credentials of the user, authenticating the connection broker to the client computing device; and
responsive to successful authentication of the connection broker to the client computing device, granting a service ticket containing a session key to the connection broker and transmitting an encrypted version of the secret component of the credentials of the user from the client computing device to the connection broker, wherein:
the connection broker, in response to receiving the encrypted version of the secret component of the credentials of the user from the client computing device, decrypts the encrypted version of the secret component of the credentials of the user using the session key and forwards the secret component of the credentials of the user to a virtual machine running the remote desktop; and
the virtual machine, in response to receiving the secret component of the credentials of the user from the connection broker, authenticates the user to the remote desktop using the secret component of the credentials of the user.