Federated mobile device management

US 10,326,671 B2
Filed: 10/18/2016
Issued: 06/18/2019
Est. Priority Date: 10/18/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying program code executable in at least one computing device, the program code, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:

cause a client device to be managed by a first management service based on first device management data;

verify an identity certificate associated with a second management service to authenticate the second management service for federated device management;

identify a request for the client device to be managed by the second management service;

cause device identification data for the client device to be accessible to the second management service;

identify second device management data received from the second management service for federated device management of the client device; and

cause the client device to be managed based at least in part on the second device management data received from the second management service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example of federated mobile device management, a first management server federates with a second management server based on an exchange of one or more identity authentication certificates between them. After the first and second management servers have federated or affiliated, they can exchange mobile device management data, including compliance policies, rules, resources, etc., with each other. Based on a request from a client device for affiliated mobile device management, the first management server can request and receive device management data from the second management device. The first management server can evaluate the device management data received from the second management device for conformity with a baseline management policy. If it conforms, the first management server can use the device management data from the second management server, at least in part, to manage the client device.

12 Citations

20 Claims

1. A non-transitory computer-readable medium embodying program code executable in at least one computing device, the program code, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:
- cause a client device to be managed by a first management service based on first device management data;
  
  verify an identity certificate associated with a second management service to authenticate the second management service for federated device management;
  
  identify a request for the client device to be managed by the second management service;
  
  cause device identification data for the client device to be accessible to the second management service;
  
  identify second device management data received from the second management service for federated device management of the client device; and
  
  cause the client device to be managed based at least in part on the second device management data received from the second management service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium according to claim 1, wherein the program code is further configured to cause the at least one computing device to at least:
    - evaluate the second device management data for conformity with a baseline management policy of the first management service;
      
      in an instance in which the second device management data is in conformity with the baseline management policy, assimilate at least a portion of the second device management data into federated management data for management of the client device; and
      
      notify the client device to check in for a device management update.
  - 3. The non-transitory computer-readable medium according to claim 2, wherein the federated management data comprises a combination of device management data from the first device management data and device management data from the second device management data.
  - 4. The non-transitory computer-readable medium according to claim 2, wherein the device management update includes the federated management data for management of the client device.
  - 5. The non-transitory computer-readable medium according to claim 1, wherein:
    - the program code is further configured to cause the at least one computing device to redirect the client device to the second management service for authentication in response to the request for the client device to be managed by the second management service; and
      
      the second management service issues an authentication token associated with the client device based on the authentication.
  - 6. The non-transitory computer-readable medium according to claim 1, wherein the program code is further configured to cause the at least one computing device to at least:
    - evaluate the second device management data for conformity with a baseline management policy of the first management service; and
      
      in an instance in which the second device management data is not in conformity with the baseline management policy, notify the second management service that the second device management data is not in conformity.
  - 7. The non-transitory computer-readable medium according to claim 1, wherein the program code is further configured to cause the at least one computing device to at least:
    - monitor the client device for non-compliance with at least one policy of the second device management data; and
      
      notify the second management service of the non-compliance.
  - 8. The non-transitory computer-readable medium according to claim 1, wherein the program code is further configured to cause the at least one computing device to at least:
    - identify a change in affiliation associated with at least one of the client device or the second management service; and
      
      notify the client device to check in for a second device management update based on the change in affiliation.

9. A method, comprising:
- causing, by a first management computing device, a client device to be managed by the first management computing device based on first device management data;
  
  verifying, by the first management computing device, an identity certificate associated with a second management computing device to authenticate the second management computing device for federated device management;
  
  identifying, by the first management computing device, a request from the client device for affiliated device management by the second management computing device;
  
  causing, by the first management computing device, device identification data for the client device to be accessible to the second management computing device;
  
  receiving, by the first management computing device, second device management data from the second management computing device for federated device management of the client device; and
  
  notifying, by the first management computing device, the client device to check in for a device management update based at least in part on the second device management data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method according to claim 9, further comprising:
    - evaluating, by the first management computing device, the second device management data for conformity with a baseline management policy; and
      
      in an instance in which the second device management data is in conformity with the baseline management policy, assimilating, by the first management computing device, at least a portion of the second device management data into federated management data for the device management update.
  - 11. The method according to claim 10, wherein the federated management data comprises a combination of device management data from the first device management data and device management data from the second device management data.
  - 12. The method according to claim 10, wherein the mobile device management update includes the federated management data for client device.
  - 13. The method according to claim 9, further comprising:
    - redirecting, by the first management computing device, the client device to the second management computing device for authentication in response to identifying the request from the client device for affiliated device management, whereinthe second management computing device issues an authentication token associated with the client device based on the authentication.
  - 14. The method according to claim 9, further comprising:
    - evaluating, by the first management computing device, the second device management data for conformity with a baseline management policy; and
      
      in an instance in which the second device management data is not in conformity with the baseline management policy, notifying, by the first management computing device, the second management computing device that the second device management data is not in conformity.
  - 15. The method according to claim 9, further comprising:
    - monitoring, by the first management computing device, the client device for non-compliance with at least one policy of the second device management data; and
      
      notifying, by the first management computing device, the second management computing device of the non-compliance.
  - 16. The method according to claim 9, further comprising:
    - identifying, by the first management computing device, a change in affiliation associated with at least one of the client device or the second management computing device; and
      
      notifying, by the first management computing device, the client device to check in for a second device management update based on the change in affiliation.

17. A method, comprising:
- federating, by a first management computing device, with a second management computing device based on an exchange of at least one identity certificate;
  
  receiving, by the first management computing device, a request from a client device for affiliated device management associated with the second management computing device;
  
  requesting and receiving, by the first management computing device, device management data for federated device management of the client device from the second management computing device; and
  
  evaluating, by the first management computing device, the device management data for conformity with a baseline management policy.
- View Dependent Claims (18, 19, 20)
- - 18. The method according to claim 17, further comprising:
    - in an instance in which the device management data is in conformity with the baseline management policy, assimilating, by the first management computing device, at least a portion of the device management data into federated management data for a device management update; and
      
      notifying, by the first management computing device, the client device to check in for the federated management data.
  - 19. The method according to claim 18, wherein the federated management data comprises a combination of device management policies from the first management computing device and the second management computing device.
  - 20. The method according to claim 18, further comprising:
    - monitoring, by the first management computing device, the client device for non-compliance with at least one policy of the device management data; and
      
      notifying, by the first management computing device, the second management computing device of the non-compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Quintas, Daniel, Kueh, Anthony
Primary Examiner(s)
Do, Khang
Assistant Examiner(s)
Almaghayreh, Khalid M

Application Number

US15/296,295
Publication Number

US 20180109430A1
Time in Patent Office

973 Days
Field of Search

709202, 709224, 709225, 709229, 713172, 713155, 713156, 726 1- 10, 726 18, 726 22, 726 27
US Class Current
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/28   Restricting access to netwo...

H04L 43/04   Processing captured monitor...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Federated mobile device management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Federated mobile device management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links