Flexible end-point compliance and strong authentication for distributed hybrid enterprises
First Claim
1. A method for use by a client computer to access at least one resource hosted by at least one server controlled by at least one service provider, comprising:
- sending, from the client computer, to an access control gateway controlled by at least one enterprise different from the at least one service provider, authentication information associated with a user of the client computer and a statement of health regarding the client computer;
sending a request for the security token to the access control gateway;
receiving at least one security challenge from the access control gateway, wherein the access control gateway sends the at least one security challenge in response to the request for the security token, and wherein the client computer sends the authorization information and the statement of health in response to the at least one security challenge;
receiving, at the client computer, a security token from the access control gateway prior to attempting to access the at least one server hosting the at least one resource;
sending, by the client computer, to the at least one server hosting the at least one resource, the security token received from the access control gateway; and
accessing the at least one resource from the at least one server without further authentication processes.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise'"'"'s managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.
28 Citations
16 Claims
-
1. A method for use by a client computer to access at least one resource hosted by at least one server controlled by at least one service provider, comprising:
-
sending, from the client computer, to an access control gateway controlled by at least one enterprise different from the at least one service provider, authentication information associated with a user of the client computer and a statement of health regarding the client computer; sending a request for the security token to the access control gateway; receiving at least one security challenge from the access control gateway, wherein the access control gateway sends the at least one security challenge in response to the request for the security token, and wherein the client computer sends the authorization information and the statement of health in response to the at least one security challenge; receiving, at the client computer, a security token from the access control gateway prior to attempting to access the at least one server hosting the at least one resource; sending, by the client computer, to the at least one server hosting the at least one resource, the security token received from the access control gateway; and accessing the at least one resource from the at least one server without further authentication processes. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A client computer for accessing at least one resource hosted by at least one server controlled by at least one service provider, comprising at least one processor programmed to:
-
send, from the client computer to an access control gateway controlled by at least one enterprise different from the at least one service provider, access request information purporting to indicate that the client computer is authorized to access the at least one resource; send a request for the security token to the access control gateway;
receive at least one security challenge from the access control gateway, wherein the access control gateway sends the at least one security challenge in response to the request for the security token, and wherein the at least one processor is programmed to send the access request information in response to the at least one security challenge;receive a security token from the access control gateway at the client computer prior to attempting to access the at least one server hosting the at least one resource; send, from the client computer, to the at least one server hosting the at least one resource, the security token received from the access control gateway; access the at least one resource from the at least one server; and wherein the client computer includes at least one hardware processor. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. At least one non-transitory computer-readable medium having encoded thereon instructions that, when executed by at least one processor, perform a method for use by an access gateway controlled by at least one enterprise, the method comprising:
-
receiving, from a client computer, access request information purporting to indicate that the client computer is authorized to access at least one resource hosted by at least one server controlled by at least one service provider different from the at least one enterprise prior to the client computer attempting to access the at least one resource; receiving a request for the security token from the client computer;
in response to the request for the security token, sending at least one security challenge to the client computer, wherein the client computer sends the access request information in response to the at least one security challenge;determining, based at least in part on the access request information, whether the client computer is authorized to access the at least one resource by forwarding at least some of the access request information comprising configuration information regarding the client computer to a health policy server controlled by the least one enterprise; and if it is determined that the client computer is authorized to access the at least one resource, sending a security token to the client computer to be presented to the at least one server to obtain access to the at least one resource. - View Dependent Claims (13, 14, 15, 16)
-
Specification