Application signature authorization
First Claim
Patent Images
1. A method for establishing a connection, the method comprising:
- establishing a connection between a user client device and a server, the user client device having a plurality of applications, wherein the connection is established by the server and the user client device communicating over a computer network;
receiving data from the user client device via the established connection, the received data including authentication information for authenticating a user of the user client device;
classifying the user client device based on an identified device type of the user client device and an identified user type of the authenticated user, wherein the user client device classification is associated with an application control policy that allows application access to specified application data;
receiving application information derived from a requested application of the plurality of applications from the user client device in accordance with the application control policy associated with the user client device classification, wherein the application information derived from the requested application includes a signature generated at the user client device, and the signature is generated from an application certificate corresponding to the requested application; and
comparing the signature included in the application information to authorization information stored at the server, wherein the requested application is approved or denied based on the comparison.
10 Assignments
0 Petitions
Accused Products
Abstract
An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.
-
Citations
36 Claims
-
1. A method for establishing a connection, the method comprising:
-
establishing a connection between a user client device and a server, the user client device having a plurality of applications, wherein the connection is established by the server and the user client device communicating over a computer network; receiving data from the user client device via the established connection, the received data including authentication information for authenticating a user of the user client device; classifying the user client device based on an identified device type of the user client device and an identified user type of the authenticated user, wherein the user client device classification is associated with an application control policy that allows application access to specified application data; receiving application information derived from a requested application of the plurality of applications from the user client device in accordance with the application control policy associated with the user client device classification, wherein the application information derived from the requested application includes a signature generated at the user client device, and the signature is generated from an application certificate corresponding to the requested application; and comparing the signature included in the application information to authorization information stored at the server, wherein the requested application is approved or denied based on the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for establishing a connection, the method comprising:
-
establishing a connection between a user client device and a server, the user client device having a plurality of applications; receiving data from the user client device via the established connection, the received data including authentication information for authenticating a user of the user client device; classifying the user client device based on an identified device type of the user client device and an identified user type of the authenticated user, wherein the user client device classification is associated with an application control policy that allows application access to specified application data; receiving application information derived from a requested application of the plurality of applications from the user client device in accordance with the application control policy associated with the user client device classification, wherein the application information derived from the requested application includes a signature generated at the user client device, and the signature is generated from an application certificate corresponding to the requested application; and comparing the signature included in the application information to authorization information stored at the server, wherein the requested application is approved or denied based on the comparison. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for establishing a connection, the system including:
a server in communication with a user client device, the server including a processor, memory, and one or more applications stored in memory at the server and executable to establish a connection between a user client device and the server, the user client device having a plurality of applications, wherein the server; receives data from the user client device via the established connection, the received data including authentication information for authenticating a user of the user client device; classifies the user client device based on an identified device type of the user client device and an identified user type of the authenticated user, wherein the user client device classification is associated with an application control policy that allows application access to specified application data; receives application information derived from a requested application of the plurality of applications from the user client device in accordance with the application control policy associated with the user client device classification, the application information derived from the requested application includes a signature generated at the user client device, and the signature is generated from an application certificate corresponding to the requested application, and compares the signature included in the application information to authorization information stored at the server, wherein the requested application is approved or denied based on the comparison. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
Specification