Controlling access to resources on a network
First Claim
1. A system, comprising:
- a proxy server that receives a request from a user of one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, wherein the request comprises a set of user access credentials associated with the user and a device identifier associated with the one of the plurality of client devices, the proxy server being configured to;
store a copy of a plurality of device profiles respectively associated with the plurality of client devices,receive periodic updates to the plurality of device profiles from the respectively associated plurality of client devices, andauthenticate the user and the client device to determine whether the user is authorized to access to access the requested at least one enterprise resource from the client device, wherein the proxy server authenticates the user based at least in part on the set of user access credentials associated with the user and authenticates the client device based at least in part on the device identifier associated with the client device;
a compliance service that authorizes the client device to communicate with the enterprise device in response to the proxy server authenticating the user and the client device, wherein the compliance service authorizes the client device based at least in part on a determination of whether the periodically updated device profile associated with the client device stored on the proxy server is in compliance with at least one compliance rule; and
wherein the proxy server is further configured to;
modify the request to remove the user access credentials and insert a set of approved enterprise access credentials,transmit the modified request to the enterprise device if the client device is authorized to communicate with the enterprise device and the user has permission to access the at least one enterprise resource from the client device,receive the at least one enterprise resource provided by the enterprise device; and
transmitting the at least one enterprise resource to the client device.
5 Assignments
1 Petition
Accused Products
Abstract
Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the user on the client device has been authenticated to access the enterprise resources. The proxy service also determines whether the client device from which the user requested the access is authorized to access the enterprise resources. Responsive to the determination that the user is authentic and that the client device is authorized, the proxy service associates a set of approved enterprise access credentials with the request and facilitates the transmission of the requested enterprise resources to the client device.
-
Citations
15 Claims
-
1. A system, comprising:
-
a proxy server that receives a request from a user of one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, wherein the request comprises a set of user access credentials associated with the user and a device identifier associated with the one of the plurality of client devices, the proxy server being configured to; store a copy of a plurality of device profiles respectively associated with the plurality of client devices, receive periodic updates to the plurality of device profiles from the respectively associated plurality of client devices, and authenticate the user and the client device to determine whether the user is authorized to access to access the requested at least one enterprise resource from the client device, wherein the proxy server authenticates the user based at least in part on the set of user access credentials associated with the user and authenticates the client device based at least in part on the device identifier associated with the client device; a compliance service that authorizes the client device to communicate with the enterprise device in response to the proxy server authenticating the user and the client device, wherein the compliance service authorizes the client device based at least in part on a determination of whether the periodically updated device profile associated with the client device stored on the proxy server is in compliance with at least one compliance rule; and wherein the proxy server is further configured to; modify the request to remove the user access credentials and insert a set of approved enterprise access credentials, transmit the modified request to the enterprise device if the client device is authorized to communicate with the enterprise device and the user has permission to access the at least one enterprise resource from the client device, receive the at least one enterprise resource provided by the enterprise device; and transmitting the at least one enterprise resource to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a request from a user of a client device to access a quantity of enterprise resources provided by an enterprise device, the request comprising a set of user access credentials associated with the user and a device identifier associated with the client device; authenticating the user based at least in part on the user access credentials and the client device based at least in part on the device identifier; in response to authenticating the user and the client device, determining whether the client device is authorized to access the requested quantity of enterprise resources, wherein determining whether the client device is authorized comprises determining whether a periodically updated device profile associated with the client device is in compliance with at least one compliance rule; modifying the request to remove the user access credentials and insert a set of approved enterprise access credentials; transmitting the modified request to the enterprise device to receive the requested quantity of enterprise resources; receiving the requested quantity of enterprise resources from the enterprise device; and transmitting the requested quantity of enterprise resources to the client device. - View Dependent Claims (10, 11)
-
-
12. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed, performing a method comprising:
-
receiving a request from a user of a client device to access a quantity of enterprise resources provided by an enterprise device, the request comprising a set of user access credentials associated with the user and a device identifier associated with the client device; authenticating the user based at least in part on the user access credentials and the client device based at least in part on the device identifier; in response to authenticating the user and the client device, determining whether the client device is authorized to access the requested quantity of enterprise resources, wherein determining whether the client device is authorized comprises determining whether a periodically updated device profile associated with the client device is in compliance with at least one compliance rule; modifying the request to remove the user access credentials and insert a set of approved enterprise access credentials; transmitting the modified request to the enterprise device to receive the requested quantity of enterprise resources; receiving the requested quantity of enterprise resources from the enterprise device; and transmitting the requested quantity of enterprise resources to the client device. - View Dependent Claims (13, 14, 15)
-
Specification