Certificate based profile confirmation

US 10,560,453 B2
Filed: 11/01/2017
Issued: 02/11/2020
Est. Priority Date: 03/15/2013
Status: Expired

First Claim

Patent Images

1. A method for managing a device, comprising:

sending, to the device from a remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile;

receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate;

verifying that the certificate is valid;

if the certificate is valid, providing the application with access to the resource; and

wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

153 Citations

17 Claims

1. A method for managing a device, comprising:
- sending, to the device from a remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile;
  
  receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate;
  
  verifying that the certificate is valid;
  
  if the certificate is valid, providing the application with access to the resource; and
  
  wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - if the certificate is not valid, denying access to the resource.
  - 3. The method of claim 1, further comprising:
    - if the certificate is not valid, initiating a remedial measure defined by the profile.
  - 4. The method of claim 3, wherein the remedial measure is one of at least:
    - causing the device to delete any resources originally accessed using the certificate;
      
      disabling an enterprise application;
      
      sending an alert to the device alerting a user of the device that access was denied;
      
      sending an alert to an administrator; and
      
      pursuing an alternate validation method.
  - 5. The method of claim 1, wherein the profile is uniquely associated with the application.
  - 6. The method of claim 1, wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device.

7. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a remote server, performs stages for managing a device, the stages comprising:
- sending, to the device from the remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile;
  
  receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate;
  
  verifying that the certificate is valid;
  
  if the certificate is valid, providing the application with access to the resource; and
  
  wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory, computer-readable medium of claim 7, the stages further comprising:
    - if the certificate is not valid, denying access to the resource.
  - 9. The non-transitory, computer-readable medium of claim 7, the stages further comprising:
    - if the certificate is not valid, initiating a remedial measure defined by the profile.
  - 10. The non-transitory, computer-readable medium of claim 9, wherein the remedial measure is one of at least:
    - causing the device to delete any resources originally accessed using the certificate;
      
      disabling an enterprise application;
      
      sending an alert to the device alerting a user of the device that access was denied;
      
      sending an alert to an administrator; and
      
      pursuing an alternate validation method.
  - 11. The non-transitory, computer-readable medium of claim 7, wherein the profile is uniquely associated with the application.
  - 12. The non-transitory, computer-readable medium of claim 7, wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device.

13. A server, comprising:
- a memory storage storing program code; and
  
  a processor coupled to the memory storage, wherein, upon execution, the program code causes the processor to;
  
  send, to a device from the server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile;
  
  receive a request, from the application installed on the device, to access the resource, the request including the certificate;
  
  verify that the certificate is valid;
  
  if the certificate is valid, provide the application with access to the resource; and
  
  wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The server of claim 13, wherein the program code causes the processor to, if the certificate is not valid, deny access to the resource.
  - 15. The server of claim 13, wherein the program code causes the processor to, if the certificate is not valid, initiate a remedial measure defined by the profile.
  - 16. The server of claim 15, wherein the remedial measure is one of at least:
    - causing the device to delete any resources originally accessed using the certificate;
      
      disabling an enterprise application;
      
      sending an alert to the device alerting a user of the device that access was denied;
      
      sending an alert to an administrator; and
      
      pursuing an alternate validation method.
  - 17. The server of claim 13, wherein the profile is uniquely associated with the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Dabbiere, Alan
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/800,224
Publication Number

US 20180054442A1
Time in Patent Office

832 Days
Field of Search

726 3
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 21/50   Monitoring users, programs ...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

H04L 63/10   for controlling access to d...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Certificate based profile confirmation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

153 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Certificate based profile confirmation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links