Device enrollment in a cloud service using an authenticated application
First Claim
1. A method for negotiating machine access to a cloud-based application using an edge manager device;
- the method comprising;
establishing, at an edge manager device in a cloud computing environment, a first client corresponding to a first application that is executed externally to the cloud computing environment, the first application configured to register identification information about one or more external devices with the edge manager device using the first client, to permit later data access to the edge manager device by the one or more external devices;
using the edge manager device, providing a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client;
receiving the client identification and client secret information at the edge manager device from the authorization service application via the first network, wherein the client identification and client secret information are selected by the authorization service application to permit later data access to the edge manager device by the first client; and
using the edge manager device, providing the client identification and client secret information to the first client via a second network.
2 Assignments
0 Petitions
Accused Products
Abstract
In various example embodiments, systems and methods for administering machine access to a cloud service are presented. An edge manager device in a cloud computing environment can establish a first client for a first application that is executed externally to the cloud computing environment. The edge manager device can provide a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client. The edge manager device can receive the client identification and client secret information from the authorization service application via the first network. The client identification and client secret information can be selected by the authorization service application to permit later data access to the edge manager device by the first client. The edge manager device can provide the client identification and client secret information to the first client via a second network.
-
Citations
20 Claims
-
1. A method for negotiating machine access to a cloud-based application using an edge manager device;
- the method comprising;
establishing, at an edge manager device in a cloud computing environment, a first client corresponding to a first application that is executed externally to the cloud computing environment, the first application configured to register identification information about one or more external devices with the edge manager device using the first client, to permit later data access to the edge manager device by the one or more external devices; using the edge manager device, providing a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client; receiving the client identification and client secret information at the edge manager device from the authorization service application via the first network, wherein the client identification and client secret information are selected by the authorization service application to permit later data access to the edge manager device by the first client; and using the edge manager device, providing the client identification and client secret information to the first client via a second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- the method comprising;
-
17. A method for administering machine access to a cloud service application, the method comprising:
-
using an authenticated application outside of a cloud environment, assigning first identification information for use by a first machine, including providing the first identification information to the first machine and to a cloud-based enrollment service application via separate networks; receiving, via a network and at the enrollment service application, an enrollment request from the first machine, the enrollment request including the assigned first identification information corresponding to the first machine; and determining, using the enrollment service application, whether the received first identification information corresponds to valid identification information based on a comparison of the received first identification information and previously-known valid identification information, wherein when the received first identification information is determined to correspond to the previously-known valid identification information, returning a certificate from the enrollment service application to the first machine, the certificate for use by the first machine to obtain data access to one or more cloud-based applications. - View Dependent Claims (18, 19)
-
-
20. A method for using a device-based authentication certificate to obtain data access to a cloud-based destination application, the method comprising:
-
using an edge manager device, receiving, via a first network, a first token and first data access request from a first machine wherein the first machine is outside of the cloud, the edge manager device configured to administer data access for the first machine to one or more cloud-based applications; using the edge manager device, querying a device registry database via a second network to determine whether an authentication certificate associated with the first token is previously known to correspond with the first machine; receiving an indication via the second network whether the authentication certificate is previously known to correspond with the first machine and, when the authentication certificate is previously known to correspond with the first machine, using the edge manager device, providing the first token and information about the first machine from the edge manager device to a cloud-based authorization service application via a third network; using the cloud-based authorization service application, verifying the first token against a cloud-based device registry, generating an OAuth2 token for use by the first machine when the first token is verified, and providing the OAuth2 token to the edge manager device via the third network; and using the edge manager device, providing the OAuth2 token to the first machine via the first network.
-
Specification