Security service for an unmanaged device

US 10,554,662 B2
Filed: 09/25/2015
Issued: 02/04/2020
Est. Priority Date: 06/30/2015
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

receive, from an electronic device, a request to access a network service;

send, to the electronic device in response to the request, data related to the network service that includes a test link, wherein the test link causes the electronic device to execute a new request routed via a specified pathway to a pre-defined network element in the network service;

determine whether the new request was routed via the specified pathway to the pre-defined network element in the network service; and

classify the electronic device as untrusted based on a determination that the new request was not routed to the pre-defined network element.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for a network element that can be configured to receive, from an electronic device, a request to access a network service. In response to the request, the network element can send data related to the network service to the electronic device and add a test link to the data related to the network service. The network element can also be configured to determine if the test link was successfully executed and classify the electronic device as untrusted if the test link was not successfully executed.

16 Citations

25 Claims

1. At least one non-transitory machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
- receive, from an electronic device, a request to access a network service;
  
  send, to the electronic device in response to the request, data related to the network service that includes a test link, wherein the test link causes the electronic device to execute a new request routed via a specified pathway to a pre-defined network element in the network service;
  
  determine whether the new request was routed via the specified pathway to the pre-defined network element in the network service; and
  
  classify the electronic device as untrusted based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The at least one non-transitory machine readable medium of claim 1, wherein the request to access the network service is received by a reverse proxy module.
  - 3. The at least one non-transitory machine readable medium of claim 1, wherein credentials to access the requested network service are obtained from an identity provider.
  - 4. The at least one non-transitory machine readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to:
    - communicate instructions to the electronic device as to how the electronic device could be classified as trusted.
  - 5. The at least one non-transitory machine readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to:
    - classify the electronic device as trusted based on a determination that the new request was routed to the pre-defined network element.
  - 6. The at least one non-transitory machine readable medium of claim 1, further comprising one or more instructions that when executed by at least one processor, further cause the at least one processor to:
    - block access to the network service based on the electronic device being classified as untrusted.
  - 7. The at least one non-transitory machine readable medium of claim 1, wherein the test link is not readily identifiable by a user of the electronic device.
  - 8. The at least one non-transitory machine readable medium of claim 1, wherein the electronic device is an unmanaged device.

9. An apparatus comprising:
- a network services platform configured to;
  
  receive, from an electronic device, a request to access a network service;
  
  send, to the electronic device in response to the request, data related to the network service that includes a test link, wherein the test link causes the electronic device to issue a new request routed via a specified pathway to a pre-defined network element in the network service;
  
  determine whether the new request was routed via the specified pathway to the pre-defined network element in the network service; and
  
  classify the electronic device as untrusted based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the request to access the network service is received by a reverse proxy module.
  - 11. The apparatus of claim 9, wherein credentials to access the requested network service are obtained from an identity provider.
  - 12. The apparatus of claim 9, wherein the network services platform is further configured to:
    - communicate instructions to the electronic device as to how the electronic device could be classified as trusted.
  - 13. The apparatus of claim 9, wherein the network services platform is further configured to:
    - classify the electronic device as trusted based on a determination that the new request was routed to the pre-defined network element.
  - 14. The apparatus of claim 9, wherein the network services platform is further configured to:
    - block access to the network service based on the electronic device being classified as untrusted.
  - 15. The apparatus of claim 9, wherein the test link is not readily identifiable by a user of the electronic device.
  - 16. The apparatus of claim 9, wherein the electronic device is an unmanaged device.

17. A method comprising:
- receiving, from an electronic device, a request to access a network service;
  
  sending, to the electronic device in response to the request, data related to the network service that includes a test link, wherein the test link causes the electronic device to execute a new request routed via a specified pathway to a pre-defined network element in the network service;
  
  determining whether the new request was routed via the specified pathway to the pre-defined network element in the network service; and
  
  classifying the electronic device as untrusted based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, wherein the request to access the network service is received by a reverse proxy module.
  - 19. The method of claim 17, wherein credentials to access the requested network service are obtained from an identity provider.
  - 20. The method of claim 17, further comprising:
    - communicating instructions to the electronic device as to how the device could be classified as trusted.
  - 21. The method of claim 17, further comprising:
    - classifying the device as trusted based on the determination that the new request was routed to the pre-defined network element.
  - 22. The method of claim 17, further comprising:
    - blocking access to the network service based on the electronic device being classified as untrusted.
  - 23. The method of claim 17, wherein the test link is not readily identifiable by a user of the electronic device.

24. A system for providing a security service for an unmanaged device, the system comprising:
- a network services platform configured for;
  
  receiving, from an electronic device, a request to access a network service;
  
  sending, to the electronic device in response to the request, data related to the network service that includes a test link, wherein the test link causes the electronic device to execute a new request routed via a specified pathway to a pre-defined network element in the network service;
  
  determining whether the new request was routed via the specified pathway to the pre-defined network element in the network service; and
  
  classifying the electronic device as untrusted based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein credentials to access the requested network service are obtained from an identity provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
McAfee, LLC
Inventors
Stecher, Martin, Sabban, Andre
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Torres-Diaz, Lizbeth

Application Number

US14/866,800
Publication Number

US 20170006033A1
Time in Patent Office

1,593 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/65   Updates security arrangemen...

H04L 43/50   Testing arrangements

H04L 63/0281   Proxies

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

H04W 12/37   Managing security policies ...

Security service for an unmanaged device

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security service for an unmanaged device

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links