POLICY COMPLIANCE-BASED SECURE DATA ACCESS
First Claim
1. A method of verifying client compliance with a set of security policies in order to grant access to secure data, the method comprising:
- under control of one or more computer systems configured with executable instructions,receiving, from a mobile device, a request for an authentication seed that includes security information from which an authentication code may be derived;
in response to the request, sending a request for a set of parameter values corresponding to a set of security policies to the mobile device in order to determine whether the mobile device complies with the set of security policies;
receiving the set of parameter values from the mobile device;
determining whether the set of parameter values indicates that the mobile device is in compliance with the set of security policies; and
sending the authentication seed to the mobile device to enable the mobile device to generate the authentication code when the set of parameter values indicates that the mobile device is in compliance with the set of security policies, the authentication code capable of being generated based at least in part on the authentication seed.
1 Assignment
0 Petitions
Accused Products
Abstract
Access control techniques relate to verifying compliance with security policies before enabling access to the computing resources. An application is provided on a client that generates verification codes using an authentication seed. Prior to granting the client the authentication seed necessary to generate a verification code, a server may perform a policy check on the client. Some embodiments ensure that the client complies with security policies imposed by an authenticating party by retrieving a number of parameter values from the client and then determining whether those parameter values comply with the security policies. Upon determining that the client complies, the authentication seed is issued to the client. In some embodiments, the authentication seed is provided such that a policy check is performed upon the generation of a verification code. The client is given access to secure information when the client is determined to comply with the security policies.
-
Citations
39 Claims
-
1. A method of verifying client compliance with a set of security policies in order to grant access to secure data, the method comprising:
under control of one or more computer systems configured with executable instructions, receiving, from a mobile device, a request for an authentication seed that includes security information from which an authentication code may be derived; in response to the request, sending a request for a set of parameter values corresponding to a set of security policies to the mobile device in order to determine whether the mobile device complies with the set of security policies; receiving the set of parameter values from the mobile device; determining whether the set of parameter values indicates that the mobile device is in compliance with the set of security policies; and sending the authentication seed to the mobile device to enable the mobile device to generate the authentication code when the set of parameter values indicates that the mobile device is in compliance with the set of security policies, the authentication code capable of being generated based at least in part on the authentication seed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method of authenticating a client by a server, the method comprising:
under control of one or more computer systems configured with executable instructions, receiving a request for access to secure information from the client, the request including at least a response code generated based at least in part on an authentication seed accessible to the client and the server; receiving a set of security parameter values from the client in order to determine whether security settings of the client comply with a set of security policies; determining whether the set of security parameter values indicate that the client complies with the set of security policies; and enabling the client to access secure information upon determining that the client complies with the set of security policies. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
20. A method of obtaining access to secure information through compliance with security policies, the method comprising:
under control of one or more computer systems configured with executable instructions, activating an application that provides access to secure information; generating an authentication code based at least in part on a seed value; sending a request for access to secure information to a server, the request including at least the authentication code; providing a set of parameter values to the server that is configured to determine whether the client complies with a set of security policies; and obtaining access to the secure information when the client is determined to comply with the set of security policies. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
27. A non-transitory computer-readable storage medium including instructions for obtaining access to secure information using at least an authentication code, the instructions when executed by at least one processor of a computing system causing the computing system to:
-
send a request for an authentication seed to a server; provide a set of values to the server that is configured to determine whether the client device complies with a set of security policies using the set of values; receive an error message when the client device is determined to not comply with the set of security policies; and receive the authentication seed when the client device is determined to comply with the set of security policies, wherein the client device is capable of obtaining access to secure information using the authentication code generated using the authentication seed. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for verifying client compliance with a set of security policies in order to grant client access to secure data, the system comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the system to; receive a request for an authentication seed; sending, to the client, a request for a response corresponding to a set of security policies; receive the response from the client; determining whether the response indicates that the client is in compliance with the set of security policies; send the authentication seed to the client upon determining that the response indicates that the client is in compliance with the set of security policies; and generate the authentication code based at least in part on the authentication seed, wherein the client is capable of obtaining access to sensitive information using at least the authentication code. - View Dependent Claims (38, 39)
-
Specification