SYSTEMS AND METHODS FOR CONTROLLING EMAIL ACCESS
First Claim
1. A method for providing application-specific access to a server, comprising:
- receiving a request for access to the server from a user device, the request including a user authentication credential associated with a user, a device identifier associated with the user device, and an application identifier associated with an application being used to request access;
sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device;
receiving confirmation from the user in response to the out-of-band message;
sending an authentication token to the user device, wherein the authentication token is specific to the user device, the user, and the application being used to request access;
updating a database with information regarding the authentication token and the associated user device, user, and application; and
providing access to the server based on receiving the user authentication credential, device identifier, and authentication token from the user device.
4 Assignments
0 Petitions
Accused Products
Abstract
Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.
-
Citations
20 Claims
-
1. A method for providing application-specific access to a server, comprising:
-
receiving a request for access to the server from a user device, the request including a user authentication credential associated with a user, a device identifier associated with the user device, and an application identifier associated with an application being used to request access; sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; receiving confirmation from the user in response to the out-of-band message; sending an authentication token to the user device, wherein the authentication token is specific to the user device, the user, and the application being used to request access; updating a database with information regarding the authentication token and the associated user device, user, and application; and providing access to the server based on receiving the user authentication credential, device identifier, and authentication token from the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor associated with a computing device, cause the processor to perform stages for providing application-specific access to a server, the stages comprising:
-
receiving a request for access to the server from a user device, the request including a user authentication credential associated with a user, a device identifier associated with the user device, and an application identifier associated with an application being used to request access; sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; receiving confirmation from the user in response to the out-of-band message; sending an authentication token to the user device, wherein the authentication token is specific to the user device, the user, and the application being used to request access; updating a database with information regarding the authentication token and the associated user device, user, and application; and providing access to the server based on receiving the user authentication credential, device identifier, and authentication token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing application-specific access to a gateway, comprising:
-
a gateway that controls access to a mail server, wherein the gateway; receives a request for access to the mail server from a user device, the request including a user authentication credential associated with a user, a device identifier associated with the user device, and an application identifier associated with an application being used to request access; sends an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; receives confirmation from the user in response to the out-of-band message; sends an authentication token to the user device, wherein the authentication token is specific to the user device, the user, and the application being used to request access; updates a database with information regarding the authentication token and the associated user device, user, and application; and provides access to the mail server based on receiving the user authentication credential, device identifier, and authentication token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification