SECURITY SERVICE FOR AN UNMANAGED DEVICE

US 20200137060A1
Filed: 12/23/2019
Published: 04/30/2020
Est. Priority Date: 06/30/2015
Status: Active Grant

First Claim

Patent Images

1-25. -25. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for a network element that can be configured to receive, from an electronic device, a request to access a network service. In response to the request, the network element can send data related to the network service to the electronic device and add a test link to the data related to the network service. The network element can also be configured to determine if the test link was successfully executed and classify the electronic device as untrusted if the test link was not successfully executed.

Citations

45 Claims

1-25. -25. (canceled)

26. A non-transitory machine readable medium comprising one or more instructions that when executed by a processor, cause the processor to:
- receive, from an electronic device, a request to access a network service;
  
  send, to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed to a pre-defined network element in the network service;
  
  determine whether the new request was routed to the pre-defined network element in the network service; and
  
  allow access to the network service based on a determination that the new request was routed to the pre-defined network element;
  
  orblock access to the network service based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The non-transitory machine readable medium of claim 26, wherein the request to access the network service is received by a reverse proxy module.
  - 28. The non-transitory machine readable medium of claim 26, further comprising one or more instructions that when executed by the processor, further cause the processor to:
    - classify the electronic device as trusted based on the determination that the new request was routed to the pre-defined network element.
  - 29. The non-transitory machine readable medium of claim 26, further comprising one or more instructions that when executed by the processor, further cause the processor to:
    - classify the electronic device as untrusted based on the determination that the new request was not routed to the pre-defined network element.
  - 30. The non-transitory machine readable medium of claim 26, further comprising one or more instructions that when executed by the processor, further cause the processor to:
    - communicate instructions to the electronic device as to how the electronic device could be allowed access to the network service.
  - 31. The non-transitory machine readable medium of claim 26, wherein the electronic device is an unmanaged device.

32. An apparatus comprising:
- a network services platform configured to;
  
  receive, from an electronic device, a request to access a network service;
  
  send, to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed to a pre-defined network element in the network service;
  
  determine whether the new request was routed to the pre-defined network element in the network service; and
  
  allow access to the network service based on a determination that the new request was routed to the pre-defined network element;
  
  orblock access to the network service based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The apparatus of claim 32, wherein the request to access the network service is received by a reverse proxy module.
  - 34. The apparatus of claim 32, wherein the network services platform is further configured to:
    - classify the electronic device as trusted based on the determination that the new request was routed to the pre-defined network element.
  - 35. The apparatus of claim 32, wherein the network services platform is further configured to:
    - classify the electronic device as untrusted based on the determination that the new request was not routed to the pre-defined network element.
  - 36. The apparatus of claim 32, wherein the network services platform is further configured to:
    - communicate instructions to the electronic device as to how the electronic device could be allowed access to the network service.
  - 37. The apparatus of claim 32, wherein credentials to access the requested network service are obtained from an identity provider.
  - 38. The apparatus of claim 32, wherein the embedded code is not readily identifiable by a user of the electronic device.
  - 39. The apparatus of claim 32, wherein the electronic device is an unmanaged device.

40. A method comprising:
- receiving, from an electronic device, a request to access a network service;
  
  sending, to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed to a pre-defined network element in the network service;
  
  determining whether the new request was routed to the pre-defined network element in the network service; and
  
  allowing access to the network service based on a determination that the new request was routed to the pre-defined network element;
  
  orblocking access to the network service based on a determination that the new request was not routed to the pre-defined network element.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The method of claim 40, wherein the request to access the network service is received by a reverse proxy module.
  - 42. The method of claim 40, further comprising:
    - classifying the electronic device as trusted based on the determination that the new request was routed to the pre-defined network element.
  - 43. The method of claim 40, further comprising:
    - classifying the electronic device as untrusted based on the determination that the new request was not routed to the pre-defined network element.
  - 44. The method of claim 43, further comprising:
    - communicating instructions to the electronic device as to how the electronic device could be allowed access to the network service.
  - 45. The method of claim 42, wherein the embedded code is not readily identifiable by a user of the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
McAfee, LLC
Inventors
Stecher, Martin, Sabban, Andre

Granted Patent

US 11,128,626 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/65   Updates security arrangemen...

H04L 43/50   Testing arrangements

H04L 63/0281   Proxies

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

H04W 12/37   Managing security policies ...

SECURITY SERVICE FOR AN UNMANAGED DEVICE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY SERVICE FOR AN UNMANAGED DEVICE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links