SYSTEMS AND METHODS FOR CONTROLLING EMAIL ACCESS

US 20190036934A1
Filed: 07/31/2017
Published: 01/31/2019
Est. Priority Date: 07/31/2017
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to an email server, comprising:

receiving, at an identity management server, a communication from the email server, the communication including information regarding a request for access to the email server from a user device;

sending, from the identity management server to a management server at which the user device is enrolled, a request for authorization to access the email server;

determining, at the management server, whether the user device is authorized to access the email server; and

in response to determining that the user device is authorized to access the email server, sending an authentication token from the management server to the user device, and sending, from the management server to the email server, an instruction to provide the user device with access to the email server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.

38 Citations

View as Search Results

20 Claims

1. A method for providing access to an email server, comprising:
- receiving, at an identity management server, a communication from the email server, the communication including information regarding a request for access to the email server from a user device;
  
  sending, from the identity management server to a management server at which the user device is enrolled, a request for authorization to access the email server;
  
  determining, at the management server, whether the user device is authorized to access the email server; and
  
  in response to determining that the user device is authorized to access the email server, sending an authentication token from the management server to the user device, and sending, from the management server to the email server, an instruction to provide the user device with access to the email server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the identity management server is identified based on the email address associated with the user device.
  - 3. The method of claim 1, wherein determining whether the user device is authorized to access the email server comprises confirming that the user device is compliant with a compliance rule enforced at the management server.
  - 4. The method of claim 1, wherein the information regarding the request for access to the email server from the user device includes an identification of an application on the user device used to request access to the email server.
  - 5. The method of claim 1, wherein the information regarding the request for authorization to access the email server includes the identification of the application used to request access to the email server, and wherein determining whether the user device is authorized comprises determining, at the management server, whether the identified application is approved to access the email server.
  - 6. The method of claim 1, wherein determining whether the user device is authorized to access the email server comprises:
    - sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; and
      
      receiving confirmation from the user in response to the out-of-band message.
  - 7. The method of claim 1, wherein sending an instruction to the email server to provide the user device with access further comprises sending an instruction to the email server to request the authentication token from the user device, wherein access is contingent upon the authentication token being received at the email server.

8. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor associated with a computing device, cause the processor to perform stages for providing access to an email server, the stages comprising:
- receiving, at an identity management server, a communication from the email server, the communication including information regarding a request for access to the email server from a user device;
  
  sending, from the identity management server to a management server at which the user device is enrolled, a request for authorization to access the email server;
  
  determining, at the management server, whether the user device is authorized to access the email server; and
  
  in response to determining that the user device is authorized to access the email server, sending an authentication token from the management server to the user device, and sending, from the management server to the email server, an instruction to provide the user device with access to the email server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable medium of claim 8, wherein the identity management server is identified based on the email address associated with the user device.
  - 10. The non-transitory, computer-readable medium of claim 8, wherein determining whether the user device is authorized to access the email server comprises confirming that the user device is compliant with a compliance rule enforced at the management server.
  - 11. The non-transitory, computer-readable medium of claim 8, wherein the information regarding the request for access to the email server from the user device includes an identification of an application on the user device used to request access to the email server.
  - 12. The non-transitory, computer-readable medium of claim 8, wherein the information regarding the request for authorization to access the email server includes the identification of the application used to request access to the email server, and wherein determining whether the user device is authorized comprises determining, at the management server, whether the identified application is approved to access the email server.
  - 13. The non-transitory, computer-readable medium of claim 8, wherein determining whether the user device is authorized to access the email server comprises:
    - sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; and
      
      receiving confirmation from the user in response to the out-of-band message.
  - 14. The non-transitory, computer-readable medium of claim 8, wherein determining whether the user device is authorized to access the email server further comprises sending an authentication token to the user device, and wherein sending an instruction to the email server to provide the user device with access further comprises sending an instruction to the email server to request the authentication token from the user device, wherein access is contingent upon the authentication token being received at the email server.

15. A system for providing access to an email server, comprising:
- an identity management server; and
  
  a management server at which a user device is enrolled, wherein;
  
  the management server receives a communication from the email server, the communication including information regarding a request for access to the email server from the user device,the identity management server sends, to a management server at which the user device is enrolled, a request for authorization to access the email server,the management server determines whether the user device is authorized to access the email server, andin response to determining that the user device is authorized to access the email server, the management server sends an authentication token to the user device, and sends, to the email server, an instruction to provide the user device with access to the email server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the identity management server is identified based on the email address associated with the user device.
  - 17. The system of claim 15, wherein determining whether the user device is authorized to access the email server comprises confirming that the user device is compliant with a compliance rule enforced at the management server
  - 18. The system of claim 15, wherein the information regarding the request for access to the email server from the user device includes an identification of an application on the user device used to request access to the email server
  - 19. The system of claim 15, wherein the management server determines whether the user device is authorized to access the email server by:
    - sending an out-of-band message to the user, the message requesting confirmation from the user regarding the request for access from the user device; and
      
      receiving confirmation from the user in response to the out-of-band message
  - 20. The system of claim 15, wherein sending an instruction to the email server to provide the user device with access further comprises sending an instruction to the email server to request the authentication token from the user device, wherein access is contingent upon the authentication token being received at the email server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Pitchaimani, Saravanan, Kodaganallur, Vijay Pitchumani, Newell, Craig

Granted Patent

US 10,491,596 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 63/18   using different networks or...

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/146   Markers for unambiguous ide...

H04L 67/53   using third party service p...

H04W 12/084   using delegated authorisati...

H04W 12/37   Managing security policies ...

SYSTEMS AND METHODS FOR CONTROLLING EMAIL ACCESS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CONTROLLING EMAIL ACCESS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links