Client application based access control in cloud security systems for mobile devices
First Claim
1. A method, implemented by one or more nodes in a cloud-based security system, for enforcing application-based control of network resources, the method comprising:
- receiving a request from a user device for the network resources, wherein the user device is connected to the cloud-based system through a tunnel such that all network traffic is forward thereto, prior to the network resources for inline monitoring;
evaluating the request through the cloud-based security system based on a tunnel protocol of the tunnel and determining an application on the user device performing the request; and
performing, at the one or more nodes in the cloud-based security system external and independent from the user device, one ofdenying the request if the application is unauthorized to access the network resources,redirecting the request to an authorized application on the user device via the tunnel protocol if the application is legitimate but unauthorized to access the network resources, wherein the redirecting has the cloud-based security system utilizes a Uniform Resource Locator (URL) command of REDIRECT to cause the user device to switch the request from the application to the authorized application, andallowing the request if the application is authorized to access the network resources.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods, implemented by one or more nodes in a cloud-based security system, for enforcing application-based control of network resources include receiving a request from a user device for the network resources; evaluating the request through the cloud-based security system and determining an application on the user device performing the request; and performing one of (1) denying the request if the application is unauthorized to access the network resources, (2) redirecting the request to an authorized application on the user device if the application is legitimate but unauthorized to access the network resources, and (3) allowing the request if the application is authorized to access the network resources.
50 Citations
18 Claims
-
1. A method, implemented by one or more nodes in a cloud-based security system, for enforcing application-based control of network resources, the method comprising:
-
receiving a request from a user device for the network resources, wherein the user device is connected to the cloud-based system through a tunnel such that all network traffic is forward thereto, prior to the network resources for inline monitoring; evaluating the request through the cloud-based security system based on a tunnel protocol of the tunnel and determining an application on the user device performing the request; and performing, at the one or more nodes in the cloud-based security system external and independent from the user device, one of denying the request if the application is unauthorized to access the network resources, redirecting the request to an authorized application on the user device via the tunnel protocol if the application is legitimate but unauthorized to access the network resources, wherein the redirecting has the cloud-based security system utilizes a Uniform Resource Locator (URL) command of REDIRECT to cause the user device to switch the request from the application to the authorized application, and allowing the request if the application is authorized to access the network resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A node in a cloud-based security system configured to enforce application-based control of network resources, the node comprising:
-
a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to receive a request from a user device for the network resources, wherein the user device is connected to the cloud-based system through a tunnel such that all network traffic is forward thereto, prior to the network resources for inline monitoring, evaluate the request through the cloud-based security system based on a tunnel protocol of the tunnel and determine an application on the user device performing the request, and perform, in the node in the cloud-based security system external and independent from the user device, one of deny the request if the application is unauthorized to access the network resources, redirect the request to an authorized application on the user device via the tunnel protocol if the application is legitimate but unauthorized to access the network resources, wherein, for the redirect, the node in the cloud-based security system utilizes a Uniform Resource Locator (URL) command of REDIRECT to cause the user device to switch the request from the application to the authorized application, and allow the request if the application is authorized to access the network resources. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A user device configured to access a cloud-based security system which performs application-based control of network resources, the node comprising:
-
a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to provide a request the network resources through an application, wherein the user device is connected to the cloud-based system through a tunnel such that all network traffic is forward thereto, for inline monitoring, responsive to evaluation of the request through the cloud-based security system based on a tunnel protocol of the tunnel, perform one of receive a denial of the request if the application is unauthorized to access the network resources, wherein the request is denied and blocked in the cloud-based security system external and independent from the user device, cause redirection of the request to an authorized application by the cloud-based security system via the tunnel protocol if the application is legitimate but unauthorized to access the network resources, wherein the request redirected in the cloud-based security system external and independent from the user device such that the cloud-based security system utilizes a Uniform Resource Locator (URL) command of REDIRECT to cause the user device to switch the request from the application to the authorized application, and receive a response to the request if the application is authorized to access the network resources, wherein the request is allowed in the cloud-based security system external and independent from the user device. - View Dependent Claims (18)
-
Specification