Method and system for enabling trust-based authorization over a network
First Claim
1. A method for managing access to a resource over a network, comprising:
- receiving a request for access to the resource;
determining a parameter associated with the request based, in part, on querying a user and performing a scan of a client device associated with the request;
applying an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, proxying the request towards the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and devices are directed to managing access to a resource over a network. Upon receiving a request for access to the resource over the network, a resource controller determines a parameter associated with the request based on a query of the user and a scan of a client device associated with the request. The controller then applies an access control rule based, in part, on the parameter to determine a level of trust. Depending on the type of request, the resource controller may negotiate access to the resource with a resource server on behalf of the user and act as proxy in establishing the connection, if the request is permitted. A level of access to the resource may be determined based on the level of trust.
44 Citations
19 Claims
-
1. A method for managing access to a resource over a network, comprising:
-
receiving a request for access to the resource;
determining a parameter associated with the request based, in part, on querying a user and performing a scan of a client device associated with the request;
applying an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, proxying the request towards the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A server for managing access to a resource over a network, comprising:
-
a transceiver configured to receive a request for access to the resource; and
a processor, coupled to the transceiver, configured to perform actions including;
determining a parameter associated with the request based, in part, querying the user, and performing a scan of a client device associated with the request;
applying an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, instructing the transceiver to proxy the request towards the resource. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for managing access to a resource over a network, comprising:
-
a server including;
a transceiver configured to receive a request for access to the resource; and
a processor, coupled to the transceiver, configured to perform actions including;
determining a parameter associated with the request based, in part, querying the user, and performing a scan of a client device associated with the request;
applying an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, instructing the transceiver to proxy the request towards the resource; and
the client device including;
a transceiver configured to perform actions including;
requesting access to the resource from a server over the network; and
a processor configured to perform actions including;
if a query is received from the server, responding to the query; and
if an instruction for a security scan is received from the server, performing the security scan, and reporting a result of the security scan to the server.
-
-
18. A modulated data signal having computer executable instructions embodied thereon for managing access to a resource over a network, the modulated data signal comprising the actions of:
-
transferring a request for access to the resource from a client device associated with the request to a server;
transferring an instruction for a query and a scan of a client device from the server to the client device;
enabling a determination of a parameter associated with the request based, in part, on the response;
enabling an application of an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, transferring a proxy connection to the resource from the server to the client device.
-
-
19. An apparatus for managing access to a resource over a network, comprising:
-
a means for receiving a request the resource;
a means for querying the user and performing a scan of a client device associated with the request;
a means for determining a parameter associated with the request based, in part, on a result of querying the user and performing the scan of the client device;
a means for applying an access control rule based, in part, on the parameter to determine a level of trust; and
if the level of trust indicates permission for access to the resource, a means for proxying the request towards the resource.
-
Specification