Provisioning enterprise services provided by an infrastructure service server

US 10,277,572 B2
Filed: 04/12/2016
Issued: 04/30/2019
Est. Priority Date: 04/12/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at an enterprise mobility management (EMM) server, a first client certificate;

sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server;

receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server;

sending the second client certificate to the IDP;

using a trust relationship between the IDP and the EMM server to establish a secure communication channel;

receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP;

sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and

receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software can be used to share content. In some aspect, an enterprise mobility management (EMM) server receives a command for provisioning a user for an enterprise service at an identity provider (IDP). The EMM server sends a user provisioning request to the IDP. The user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service. The EMM server receives a user provisioning response from the IDP. The user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.

16 Citations

14 Claims

1. A method, comprising:
- receiving, at an enterprise mobility management (EMM) server, a first client certificate;
  
  sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server;
  
  receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server;
  
  sending the second client certificate to the IDP;
  
  using a trust relationship between the IDP and the EMM server to establish a secure communication channel;
  
  receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP;
  
  sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and
  
  receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - sending, from the EMM server to the IDP, a service request, wherein the service request indicates a request to provision the enterprise service at the IDP; and
      
      in response to the service request, receiving a service response from the IDP, wherein the service response indicates the enterprise service to be provisioned at the IDP.
  - 3. The method of claim 1, wherein the user provisioning request is sent using a System for Cross-domain Identity Management (SCIM) message.
  - 4. The method of claim 1, further comprising:
    - obtaining, at the EMM server, the user identity attribute and the user entitlement attribute associated with the user; and
      
      including the user identity attribute and the user entitlement attribute in the user provisioning request.
  - 5. The method of claim 1, further comprising:
    - sending a challenge password to an infrastructure server that is associated with the IDP; and
      
      receiving the first client certificate in response to the challenge password.

6. An enterprise mobility management (EMM) server, comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  receiving, at the EMM server, a first client certificate;
  
  sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server;
  
  receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server;
  
  sending the second client certificate to the IDP;
  
  using a trust relationship between the IDP and the EMM server to establish a secure communication channel;
  
  receive, at the EMM server, a command for provisioning a user for an enterprise service at the IDP;
  
  send, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and
  
  receive, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The EMM server of claim 6, wherein the at least one hardware processor is configured to:
    - send, from the EMM server to the IDP, a service request, wherein the service request indicates a request to provision the enterprise service at the IDP; and
      
      in response to the service request, receive a service response from the IDP, wherein the service response indicates the enterprise service to be provisioned at the IDP.
  - 8. The EMM server of claim 6, wherein the user provisioning request is sent using a System for Cross-domain Identity Management (SCIM) message.
  - 9. The EMM server of claim 6, wherein the at least one hardware processor is configured to:
    - obtain, at the EMM server, the user identity attribute and the user entitlement attribute associated with the user; and
      
      include the user identity attribute and the user entitlement attribute in the user provisioning request.
  - 10. The EMM server of claim 6, wherein the at least one hardware processor is configured to:
    - send a challenge password to an infrastructure server that is associated with the IDP; and
      
      receive the first client certificate in response to the challenge password.

11. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
- receiving, at an enterprise mobility management (EMM) server, a first client certificate;
  
  sending a registration request to an identity provider (IDP), wherein the registration request includes the first client certificate and security credential of the EMM server, and the IDP uses the first client certificate to authenticate the EMM server;
  
  receiving, from the IDP, a request for a second client certificate, wherein the second client certificate will be used to authenticate the IDP at the EMM server in subsequent communications, and the request for the second client certificate includes the security credential of the EMM server;
  
  sending the second client certificate to the IDP;
  
  using a trust relationship between the IDP and the EMM server to establish a secure communication channel;
  
  receiving, at the EMM server, a command for provisioning a user for an enterprise service at the IDP;
  
  sending, from the EMM server to the IDP, a user provisioning request by using the secure communication channel, wherein the user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service; and
  
  receiving, in response to the user provisioning request, at the EMM server and from the IDP, a user provisioning response by using the secure communication channel, wherein the user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer-readable medium of claim 11, the operations further comprising:
    - sending, from the EMM server to the IDP, a service request, wherein the service request indicates a request to provision the enterprise service at the IDP; and
      
      in response to the service request, receiving a service response from the IDP, wherein the service response indicates the enterprise service to be provisioned at the IDP.
  - 13. The non-transitory computer-readable medium of claim 11, wherein the user provisioning request is sent using a System for Cross-domain Identity Management (SCIM) message.
  - 14. The non-transitory computer-readable medium of claim 11, the operations further comprising:
    - obtaining, at the EMM server, the user identity attribute and the user entitlement attribute associated with the user; and
      
      including the user identity attribute and the user entitlement attribute in the user provisioning request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Spencer, Mendel Elliot, Smith, Kirk Douglas, Seel, David Brian, Bowerman, Robert Lorne, Susnjar, Aleksandar, Bozsitz, Calin Marius
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Bucknor, Olanrewaju J.

Application Number

US15/096,677
Publication Number

US 20170295156A1
Time in Patent Office

1,113 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 41/5041   characterised by the time r...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 67/01   Protocols

H04W 4/50   Service provisioning or rec...

Provisioning enterprise services provided by an infrastructure service server

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning enterprise services provided by an infrastructure service server

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links