Securely authorizing access to remote resources

US 10,257,180 B2
Filed: 09/19/2017
Issued: 04/09/2019
Est. Priority Date: 09/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing access to a cloud-based content repository, comprising:

receiving, based on a determination that a mobile device complies with one or more compliance policies provided by a management service, a management identifier;

transmitting an access request including the management identifier to the content repository; and

receiving access to the content repository based on a determination that the management identifier is valid, wherein the step of receiving access to the content repository is preconditioned on bringing the mobile device into compliance with an encryption policy, wherein bringing the mobile device into compliance can include enabling encryption based on a configuration profile from the management service, and wherein the compliance is checked at the time of receiving the access request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server. The method yet further includes providing a response indicating that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server.

81 Citations

View as Search Results

18 Claims

1. A method for authorizing access to a cloud-based content repository, comprising:
- receiving, based on a determination that a mobile device complies with one or more compliance policies provided by a management service, a management identifier;
  
  transmitting an access request including the management identifier to the content repository; and
  
  receiving access to the content repository based on a determination that the management identifier is valid, wherein the step of receiving access to the content repository is preconditioned on bringing the mobile device into compliance with an encryption policy, wherein bringing the mobile device into compliance can include enabling encryption based on a configuration profile from the management service, and wherein the compliance is checked at the time of receiving the access request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the management identifier comprises a certificate.
  - 3. The method of claim 1, wherein:
    - transmitting the request further comprises transmitting, in addition to the management identifier, authentication credentials for accessing the content repository.
  - 4. The method of claim 1, wherein receiving access further comprises determining, at the time of the access request, whether the mobile device continues to comply with the one or more compliance policies.
  - 5. The method of claim 4, further comprising:
    - determining a subset of content for which access should be granted based on the management identifier and evaluation of compliance with the one or more compliance policies.
  - 6. The method of claim 1, wherein the access request further comprises an address of a management server.
  - 7. The method of claim 6, further comprising providing, from the content repository to the management server, the management identifier, wherein the management server performs the step of determining whether the management identifier is valid.

8. A non-transitory computer-readable medium comprising instructions which, when executed by a processor, perform a method for authorizing access to a cloud-based content repository, comprising:
- receiving, based on a determination that a mobile device complies with one or more compliance policies provided by a management service, a management identifier;
  
  transmitting an access request including the management identifier to the content repository; and
  
  receiving access to the content repository based on a determination that the management identifier is valid, wherein the step of receiving access to the content repository is preconditioned on bringing the mobile device into compliance with an encryption policy, wherein bringing the mobile device into compliance can include enabling encryption based on a configuration profile from the management service, and wherein the compliance is checked at the time of receiving the access request.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the management identifier comprises a certificate.
  - 10. The non-transitory computer-readable medium of claim 8, wherein transmitting the request further comprises transmitting, in addition to the management identifier, authentication credentials for accessing the content repository.
  - 11. The non-transitory computer-readable medium of claim 8, wherein the step of receiving access further comprises determining, at the time of the access request, whether the mobile device continues to comply with the one or more compliance policies.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the method further comprises:
    - determining a subset of content for which access should be granted based on the management identifier and evaluation of compliance with the one or more compliance policies.
  - 13. The non-transitory computer-readable medium of claim 8, wherein:
    - the access request further comprises an address of a management server, andthe method further comprises providing, from the content repository to the management server, the management identifier, wherein the management server performs the step of determining whether the management identifier is valid.

14. A system for authorizing access to a cloud-based content repository, comprising:
- a mobile device;
  
  a content repository; and
  
  a management server, wherein;
  
  the mobile device provides a request to access the cloud-based content repository, the request including a management identifier;
  
  the management server receives the management identifier from the cloud-based content repository;
  
  the management server determines whether the management identifier is valid and, if so, returns a message to the cloud-based content repository; and
  
  the mobile device receives access to the cloud-based content repository, wherein the step of receiving access to the content repository is preconditioned on bringing the mobile device into compliance with an encryption policy, wherein bringing the mobile device into compliance can include enabling encryption based on a configuration profile from the management service, and wherein the compliance is checked at the time of receiving the access request.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the management identifier comprises a certificate.
  - 16. The system of claim 14, wherein:
    - the mobile device further provides authentication credentials for accessing the cloud-based content repository, andthe mobile device receives the access to the cloud-based content repository when the authentication credentials are validated.
  - 17. The system of claim 14, wherein at least one of the management server or the mobile device further:
    - evaluates, upon generating the request, whether the mobile device continues to comply with the one or more compliance policies.
  - 18. The system of claim 14, wherein:
    - the management server further determines a subset of content for which access should be granted based on the management identifier and evaluation of compliance with the one or more compliance policies, andthe mobile devices receive access to the subset of content in the cloud-based content repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Brannon, Jonathan Blake
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/708,136
Publication Number

US 20180026957A1
Time in Patent Office

567 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04W 12/088   using filters or firewalls

Securely authorizing access to remote resources

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Securely authorizing access to remote resources

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links