CLIENT APPLICATION BASED ACCESS CONTROL IN CLOUD SECURITY SYSTEMS FOR MOBILE DEVICES

US 20180316684A1
Filed: 07/07/2018
Published: 11/01/2018
Est. Priority Date: 01/29/2016
Status: Active Grant

First Claim

Patent Images

1. A cloud-based security system enforcing application-based control of network resources comprising:

a plurality of nodes communicatively coupled to the Internet; and

one or more authority nodes communicatively coupled to the plurality of nodes;

wherein a node of the plurality of nodes is communicatively coupled to a user device via the Internet, andwherein the node is configured to receive a request from a user device for network resources on the Internet or in an external network, to evaluate the request to determine an application on the user device associated with the request, and to provide application-based control of the request based on the determined application and the network resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud-based security system enforcing application-based control of network resources includes a plurality of nodes communicatively coupled to the Internet; and one or more authority nodes communicatively coupled to the plurality of nodes; wherein a node of the plurality of nodes is communicatively coupled to a user device via the Internet, and wherein the node is configured to receive a request from a user device for network resources on the Internet or in an external network, to evaluate the request to determine an application on the user device associated with the request, and to provide application-based control of the request based on the determined application and the network resources.

14 Citations

20 Claims

1. A cloud-based security system enforcing application-based control of network resources comprising:
- a plurality of nodes communicatively coupled to the Internet; and
  
  one or more authority nodes communicatively coupled to the plurality of nodes;
  
  wherein a node of the plurality of nodes is communicatively coupled to a user device via the Internet, andwherein the node is configured to receive a request from a user device for network resources on the Internet or in an external network, to evaluate the request to determine an application on the user device associated with the request, and to provide application-based control of the request based on the determined application and the network resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The cloud-based security system of claim 1, wherein the application-based control limits which applications on the user device are able to access the network resources.
  - 3. The cloud-based security system of claim 1, wherein the application-based control comprises one of:
    - denial of the request thereby blocking the request from the network resources if the application is unauthorized,allowance of the request if the application is authorized, orredirection of the request to an authorized application on the user device.
  - 4. The cloud-based security system of claim 1, wherein the application-based control comprises redirection of the request to an authorized application on the user device is legitimate but unauthorized to access the network resource.
  - 5. The cloud-based security system of claim 4, wherein the redirection utilizes a response from the node to the user device with a location header pointing to the custom Uniform Resource Locator (URL) of the application being redirected.
  - 6. The cloud-based security system of claim 1, wherein the node is configured to determine the application through analysis of a request body of the request and the request utilizes Hypertext Transfer Protocol (HTTP).
  - 7. The cloud-based security system of claim 1, wherein policies for applications are defined through the one or more authority nodes and for associated network resources.
  - 8. The cloud-based security system of claim 7, wherein the policies comprise i) blocking the network resources from specific types of applications, ii) redirecting the request to a different application, iii) blocking specific network resources from all applications, and iv) cautioning if the application does not match a specific application for the network resources.
  - 9. The cloud-based security system of claim 1, wherein the user device is connected to the node using one of a proxy and a tunnel and the node is configured to monitor all traffic between the user device and the Internet.

10. A user device comprising:
- a network interface configured to connect to the Internet via a cloud-based security system;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing computer-readable instructions configured to cause the processor to execute an application,wherein the application is configured to request network resources via the cloud-based security system which determines a type of the application by evaluation of the request and which provides application-based control of the request based on the determined application and the network resources.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The user device of claim 10, wherein the application-based control limits which applications on the user device are able to access the network resources.
  - 12. The user device of claim 10, wherein the application-based control comprises one of:
    - denial of the request thereby blocking the request from the network resources if the application is unauthorized,allowance of the request if the application is authorized, orredirection of the request to an authorized application on the user device.
  - 13. The user device of claim 10, wherein the application-based control comprises redirection of the request to an authorized application on the user device is legitimate but unauthorized to access the network resource.
  - 14. The user device of claim 10, wherein the request utilizes Hypertext Transfer Protocol (HTTP) such that the cloud-based security system determines the application through analysis of a request body of the request.
  - 15. The user device of claim 10, wherein the user device is connected to the cloud-based security system using one of a proxy and a tunnel and the node is configured to monitor all traffic between the user device and the Internet.

16. A method comprising:
- in a cloud-based security system comprising a plurality of nodes communicatively coupled to the Internet, receiving a request for network resources from a user device;
  
  evaluating the request to determine an application on the user device associated with the request; and
  
  responsive to pre-defined policies, providing application-based control of the request based on the determined application and the network resources which limits which applications on the user device are able to access the network resources.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the application-based control comprises one of:
    - denying the request thereby blocking the request from the network resources if the application is unauthorized,allowing the request if the application is authorized, orredirecting the request to an authorized application on the user device.
  - 18. The method of claim 16, wherein the application-based control comprises redirection of the request to an authorized application on the user device is legitimate but unauthorized to access the network resource.
  - 19. The method of claim 16, further comprising:
    - receiving defined policies for applications and associated network resources.
  - 20. The method of claim 19, wherein the policies comprise i) blocking the network resources from specific types of applications, ii) redirecting the request to a different application, iii) blocking specific network resources from all applications, and iv) cautioning if the application does not match a specific application for the network resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
DESAI, Purvi, BANSAL, Abhinav

Granted Patent

US 10,728,252 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/101   Access control lists [ACL]

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/563   Data redirection of data ne...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

CLIENT APPLICATION BASED ACCESS CONTROL IN CLOUD SECURITY SYSTEMS FOR MOBILE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CLIENT APPLICATION BASED ACCESS CONTROL IN CLOUD SECURITY SYSTEMS FOR MOBILE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links