Controlling Access to Resources on a Network

US 20140189119A1
Filed: 03/05/2014
Published: 07/03/2014
Est. Priority Date: 12/09/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory storage; and

a processor coupled to the memory storage, the processor configured to;

generate a request to access at least one enterprise resource, wherein the request comprises a set of user access credentials, and a device identifier associated with the system,cause the request to access the at least one enterprise resource to be provided to an authorization service,provide an updated device profile to the authorization service,determine whether the authorization service has provided a set of enterprise access credentials, andin response to determining that the authorization service has provided the set of enterprise access credentials, generate a second request to access the at least one enterprise resource, wherein the second request comprises the set of enterprise access credentials and the device identifier associated with the system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Control of access to resources on a network may be provided. A request to access enterprise resource(s), the request comprising a set of user access credentials and a device identifier, may be generated. The request to access the at least one enterprise resource and an updated device profile may be provided to an authorization service. A set of enterprise access credentials may be received from the authorization service and used to generate a second request to access the enterprise resource(s).

18 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory storage; and
  
  a processor coupled to the memory storage, the processor configured to;
  
  generate a request to access at least one enterprise resource, wherein the request comprises a set of user access credentials, and a device identifier associated with the system,cause the request to access the at least one enterprise resource to be provided to an authorization service,provide an updated device profile to the authorization service,determine whether the authorization service has provided a set of enterprise access credentials, andin response to determining that the authorization service has provided the set of enterprise access credentials, generate a second request to access the at least one enterprise resource, wherein the second request comprises the set of enterprise access credentials and the device identifier associated with the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the processor being configured to generate the request to access at least one enterprise resource comprises the processor being configured to manipulate a network page rendered on a display associated with the system.
  - 3. The system of claim 1, wherein the processor being configured to generate the request to access at least one enterprise resource comprises the processor being configured to receive a user manipulation of a user interface generated by an application executed by the processor.
  - 4. The system of claim 1, wherein the set of user access credentials comprises a user input of login information.
  - 5. The system of claim 1, wherein the processor is further configured to provide the updated device profile to the authorization service on a periodic basis.
  - 6. The system of claim 5, wherein the processor is further configured to receive a notification from the authorization service that the updated device profile failed a compliance check.
  - 7. The system of claim 6, wherein the processor is further configured to attempt to comply with a failed restriction associated with the compliance check.
  - 8. The system of claim 6, wherein the failed restriction is specific to the at least one enterprise resource.
  - 9. The system of claim 1, wherein the processor is further configured to:
    - in response to determining that the authorization service has not provided the set of enterprise access credentials, display a failure notification to a user of the system.
  - 10. The system of claim 1, wherein the processor is further configured to:
    - in response to determining that the authorization service has not provided the set of enterprise access credentials;
      
      attempt to comply with a failed compliance restriction,provide a second updated device profile to the authorization service, andcause the request to access the at least one enterprise resource to be re-provided to the authorization service.

11. A method comprising:
- receiving a request from a client device to access at least one enterprise resource, wherein the request comprises a set of user access credentials and a device identifier associated with the client device;
  
  determining whether the user access credentials are authorized to request access to the at least one enterprise resource; and
  
  in response to determining that the user access credentials are authorized to request access to the at least one enterprise resource;
  
  authenticating the client device based at least in part on the device identifier,determining whether the client device is authorized to access the requested quantity of enterprise resources, wherein determining whether the client device is authorized comprises determining whether a periodically updated device profile associated with the client device is in compliance with at least one compliance rule,generating a second request for the at least one enterprise resource comprising a set of enterprise access credentials and the device identifier, andtransmitting the second request to an enterprise device to receive the requested quantity of enterprise resources.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising:
    - receiving the at least one enterprise resource from the enterprise device; and
      
      transmitting the at least one enterprise resource to the client device.
  - 13. The method of claim 11, further comprising:
    - causing the enterprise device to transmit the at least one enterprise resource to the client device.
  - 14. The method of claim 11, wherein the at least one compliance rule comprises one of a plurality of compliance rules comprising at least one of a plurality of software restrictions, a plurality of hardware restrictions, and a plurality of device management restrictions.

15. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed, performing a method comprising:
- receiving, from a proxy service, a request to authorize a client device to access at least one enterprise resource, wherein the request comprises a device identifier associated with the client device;
  
  determining, according to a device profile associated with the device identifier, whether the client device is in compliance with a plurality of compliance rules; and
  
  in response to determining that the client device is in compliance with the plurality of compliance rules, causing the client device to be authorized to access the at least one enterprise resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, the method further comprising:
    - in response to determining that the client device is not in compliance with the plurality of compliance rules;
      
      receiving an updated device profile from the client device; and
      
      determining, according to the updated device profile associated with the client device, whether the client device is now in compliance with the plurality of compliance rules.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the updated device profile is received as a periodic update from the client device.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the updated device profile is received in response to a request for the updated device profile.
  - 19. The non-transitory computer-readable medium of claim 15, the method further comprising:
    - in response to determining that the client device is not in compliance with the plurality of compliance rules, notifying the proxy service that the client device is not authorized to access the at least one enterprise resource.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the plurality of compliance rules are specifically associated with the at least one enterprise resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
Skysocket LLC
Inventors
Stuntebeck, Erich

Granted Patent

US 9,769,266 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/51   Discovery or management the...

H04W 12/37   Managing security policies ...

Controlling Access to Resources on a Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling Access to Resources on a Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links