CONTROLLING ACCESS TO RESOURCES ON A NETWORK

US 20130152169A1
Filed: 12/09/2011
Published: 06/13/2013
Est. Priority Date: 12/09/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a proxy server that receives a plurality of requests from a user on one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, the proxy server being configured to authenticate the user and the client device to determine whether the user has permission to access the at least one enterprise resource from the client device; and

a compliance server that authorizes the client device to communicate with the enterprise device, wherein the proxy server transmits at least one of the requests from the client device to the enterprise device if the client device is authorized to communicate with the enterprise device and the user has permission to access the at least one enterprise resource from the client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the user on the client device has been authenticated to access the enterprise resources. The proxy service also determines whether the client device from which the user requested the access is authorized to access the enterprise resources. Responsive to the determination that the user is authentic and that the client device is authorized, the proxy service associates a set of approved enterprise access credentials with the request and facilitates the transmission of the requested enterprise resources to the client device.

131 Citations

20 Claims

1. A system, comprising:
- a proxy server that receives a plurality of requests from a user on one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, the proxy server being configured to authenticate the user and the client device to determine whether the user has permission to access the at least one enterprise resource from the client device; and
  
  a compliance server that authorizes the client device to communicate with the enterprise device, wherein the proxy server transmits at least one of the requests from the client device to the enterprise device if the client device is authorized to communicate with the enterprise device and the user has permission to access the at least one enterprise resource from the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein at least one of the requests comprises a request for accessing a quantity of enterprise resources, a set of user access credentials of the user, and a device identifier of the client device.
  - 3. The system of claim 2, wherein the user access credentials provide the user with access to the proxy server.
  - 4. The system of claim 2, wherein the user access credentials are insufficient to provide the user with access to the enterprise device.
  - 5. The system of claim 2, wherein the proxy server authenticates each one of the client devices to determine whether to provide access to the enterprise resources on the enterprise device by determining whether the user access credentials match at least one of a plurality of approved user access credentials and determining whether the device identifier match at least one of a plurality of approved device identifiers.
  - 6. The system of claim 5, wherein the approved user access credentials and the approved identifiers are stored in a data store accessible to the proxy server.
  - 7. The system of claim 2, wherein the compliance server authorizes each one of the client devices by determining whether a plurality of device characteristics of each of the client devices comply with a plurality of compliance rules.
  - 8. The system of claim 7, wherein the plurality of compliance rules comprise at least one of a plurality of hardware restrictions, a plurality of software restrictions, and a plurality of device management restrictions.
  - 9. The system of claim 2, wherein the user access credentials comprise a user name, a password, and biometric data associated with one of facial recognition, retina recognition, and fingerprint recognition.
  - 10. The system of claim 1, wherein the proxy server associates at least one set of approved enterprise access credentials with at least one of the requests that is transmitted to the enterprise device.

11. A method comprising:
- receiving, from one of a plurality of client devices, a request to access a quantity of enterprise resources provided by at least one enterprise device, wherein the request comprises at least one of a plurality of user access credentials and at least one of a plurality of device identifiers associated with the device;
  
  authenticating, in the proxy server, the request from the client device by determining whether the set of user access credentials match at least one set of a plurality of approved user access credentials and the device identifier matches one of a plurality of approved device identifiers,authorizing, in a compliance server, the client device by determining whether the client device complies with a plurality of compliance rules;
  
  modifying, in the proxy server, the request to insert at least one of a plurality of approved enterprise access credentials; and
  
  transmitting, from the proxy server, the modified request to the enterprise device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, comprising the additional steps of:
    - receiving, in the proxy server, the requested quantity of enterprise resources from the enterprise device; and
      
      communicating, from the proxy server, the requested quantity of enterprise resources to the client device.
  - 13. The method of claim 11, comprising the additional step of:
    - communicating, from the enterprise device, the requested quantity of enterprise resources to the client device.
  - 14. The method of claim 11, wherein the user access credentials are insufficient to access to the enterprise device.
  - 15. The method of claim 11, wherein the compliance rules comprise a plurality of software restrictions, a plurality of hardware restrictions, and a plurality of device management restrictions.
  - 16. The method of claim 11, comprising the additional step of:
    - modifying, in the proxy server, the request to remove the set of user access credentials.

17. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed, performing a method comprising:
- receiving a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device, the request comprising a set of user credentials of the user and a device identifier of the client device;
  
  determining whether the user is authentic based on the user access credentials and the device identifier;
  
  determining whether the client device is authorized based on a plurality of device characteristics associated with the client device;
  
  responsive to a determination that the user is authentic and the client device is authorized, modifying the request to remove the user credentials and insert a set of approved enterprise access credentials;
  
  transmitting the modified request to the enterprise device to receive the requested quantity of enterprise resources;
  
  receiving the requested quantity of enterprise resources from the enterprise device; and
  
  transmitting the requested quantity of enterprise resources to the client device.
- View Dependent Claims (18, 19, 20)
- - 18. The computer readable medium of claim 17, wherein the user access credentials are insufficient to access the quantity of enterprise resources.
  - 19. The computer readable medium of claim 17, wherein determining whether the client device is authorized comprises determining whether the device characteristics comply with a plurality of compliance rules, the compliance rules comprising a plurality of hardware restrictions, a plurality of software restrictions, and a plurality of device management restrictions.
  - 20. The computer readable medium of claim 17, wherein the user access credentials comprise a user name, a password, and biometric data related to facial recognition, fingerprint recognition, and retina recognition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich

Granted Patent

US 8,713,646 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/51   Discovery or management the...

H04W 12/37   Managing security policies ...

CONTROLLING ACCESS TO RESOURCES ON A NETWORK

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROLLING ACCESS TO RESOURCES ON A NETWORK

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links