Systems and methods for controlling network access

US 9,247,432 B2
Filed: 10/19/2012
Issued: 01/26/2016
Est. Priority Date: 10/19/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

one or more processors;

one or more memory devices including program code instructions, the program code instructions being configured to cause the one or more processors to at least;

receive one or more requests to access one or more network beacons from one or more client devices;

access one or more device profiles describing one or more states of the one or more client devices, wherein the one or more device profiles indicate a date of last maintenance of the one or more client devices, and wherein the one or more states of the one or more client devices indicate one or more locations of the one or more client devices and one or more signal strengths of the one or more network beacons;

determine a stringency for one or more authorization rules associated with the one or more network beacons based at least in part on whether the one or more client devices are located within a transmission range of the one or more network beacons, wherein the stringency of the one or more authorization rules is adjusted based at least in part on the one or more states of the one or more client devices;

determine, based at least in part on the one or more states, whether the one or more client devices satisfy the stringency for the one or more authorization rules associated with the one or more network beacons, the one or more authorization rules specifying one or more permitted states associated with an operating system software requirement for the one or more client devices;

responsive to a determination that the one or more client devices satisfy the stringency for the one or more authorization rules associated with the one or more network beacons, authorize the one or more client devices to access the one or more network beacons; and

terminate the authorization of the one or more client devices to access the one or more network beacons by at least causing one or more resources associated with the one or more network beacons to be removed from the one or more client devices in an instance in which the one or more client devices no longer satisfy the one or more authorization rules associated with the one or more network beacons.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for systems and methods for controlling access of networks. In one embodiment, an access control service receives requests to access network beacons from client devices. In response, the access control service determines whether the client devices satisfy authorization rules associated with the network beacons. If the access control service determines that the client devices satisfy the authorization rules associated with the network beacons, the access control service authorizes the client devices to access the network beacons. Subsequently, if the client devices cease to satisfy the authorization rules associated with the network beacons, the access control service terminates the authorization of the client devices to access the network beacons.

191 Citations

19 Claims

1. An apparatus, comprising:
- one or more processors;
  
  one or more memory devices including program code instructions, the program code instructions being configured to cause the one or more processors to at least;
  
  receive one or more requests to access one or more network beacons from one or more client devices;
  
  access one or more device profiles describing one or more states of the one or more client devices, wherein the one or more device profiles indicate a date of last maintenance of the one or more client devices, and wherein the one or more states of the one or more client devices indicate one or more locations of the one or more client devices and one or more signal strengths of the one or more network beacons;
  
  determine a stringency for one or more authorization rules associated with the one or more network beacons based at least in part on whether the one or more client devices are located within a transmission range of the one or more network beacons, wherein the stringency of the one or more authorization rules is adjusted based at least in part on the one or more states of the one or more client devices;
  
  determine, based at least in part on the one or more states, whether the one or more client devices satisfy the stringency for the one or more authorization rules associated with the one or more network beacons, the one or more authorization rules specifying one or more permitted states associated with an operating system software requirement for the one or more client devices;
  
  responsive to a determination that the one or more client devices satisfy the stringency for the one or more authorization rules associated with the one or more network beacons, authorize the one or more client devices to access the one or more network beacons; and
  
  terminate the authorization of the one or more client devices to access the one or more network beacons by at least causing one or more resources associated with the one or more network beacons to be removed from the one or more client devices in an instance in which the one or more client devices no longer satisfy the one or more authorization rules associated with the one or more network beacons.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the one or more requests comprise the one or more device profiles.
  - 3. The apparatus of claim 1, wherein the program code instructions are further configured to cause the one or more processors to at least authorize the one or more client devices to access the one or more network beacons by causing one or more resources associated with the one or more network beacons to be transmitted to the one or more client devices.
  - 4. The apparatus of claim 1, wherein the one or more network beacons are associated with one or more service providers, and the one or more client devices are associated with one or more customers of the one or more service providers.
  - 5. The apparatus of claim 1, wherein the one or more authorization rules comprise one or more environment-related requirements.
  - 6. The apparatus of claim 1, wherein the one or more authorization rules comprise one or more device-related requirements.
  - 7. The apparatus of claim 1, wherein the one or more authorization rules comprise one or more resource-related requirements.
  - 8. The apparatus of claim 1, wherein the stringency for the one or more authorization rules is based at least in part on a signal strength level.

9. A method, comprising:
- accessing at least one device profile describing at least one state of at least one client device, wherein the at least one device profile indicates a date of last maintenance of the at least one client, and wherein the at least one state of the at least one client device indicates at least one location of the at least one client device and at least one signal strength of one or more network beacons;
  
  causing one or more requests to access the one or more network beacons to be transmitted from the at least one client device;
  
  receiving, at the at least one client device, one or more resources associated with the one or more network beacons;
  
  accessing the one or more network beacons from the at least one client device in an instance in which a determination has been made that the at least one client device satisfies a stringency for one or more authorization rules associated with an operating system software requirement for the at least one client device, wherein the stringency of the one or more authorization rules is adjusted based at least in part on the at least one state of the at least one client device, wherein the stringency for the one or more authorization rules is determined based at least in part on whether the at least one client device is located within a transmission range of the one or more network beacons,wherein the determination of whether the at least one client device satisfies the stringency for the one or more authorization rules is made based at least in part on the at least one state of the at least one client device, and further wherein the one or more authorization rules specify one or more permitted states; and
  
  ceasing an authorization to access the one or more network beacons from the at least one client device by causing one or more resources associated with the one or more beacons to be removed from the one or more client devices.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the one or more resources comprise a key configured to permit the at least one client device to access one or more networks associated with the one or more network beacons.
  - 11. The method of claim 9, further comprising:
    - ceasing the authorization to access the one or more network beacons from the at least one client device in response to the at least one client device failing to satisfy the one or more authorization rules.
  - 12. The method of claim 9, further comprising:
    - removing the one or more resources from the at least one client device in response to the at least one client device failing to satisfy the one or more authorization rules.
  - 13. The method of claim 9, wherein the one or more network beacons are associated with one or more service providers, and the at least one client device is associated with at least one customer of the one or more service providers.

14. A non-transitory computer-readable medium embodying one or more programs executable in one or more computing devices, the one or more programs comprising code that, when executed, directs the one or more computing devices to at least:
- identify at least one client device located within one or more transmission ranges of one or more network beacons;
  
  access at least one device profile describing at least one state of the at least one client device, wherein the one or more device profiles indicate a date of last maintenance of the one or more client devices, and wherein the one or more states of the one or more client devices indicate one or more locations of the one or more client devices and one or more signal strengths of the one or more network beacons;
  
  determine a stringency for one or more authorization rules associated with the one or more network beacons based at least in part on whether the at least one client device is located within the one or more transmission ranges of the one or more network beacons;
  
  determine, based at least in part on the at least one state, whether the at least one client device satisfies the stringency for the one or more authorization rules associated with the one or more network beacons, the one or more authorization rules specifying one or more permitted states associated with an operating system software requirement for the at least one client device, wherein the stringency of the one or more authorization rules is adjusted based at least in part on the at least one state of the at least one client device;
  
  responsive to a determination that the at least one client device satisfies the stringency for the one or more authorization rules associated with the one or more network beacons, cause one or more resources associated with the one or more network beacons to be transmitted to the at least one client device; and
  
  terminate the authorization of the at least one client device to access the one or more network beacons by at least causing one or more resources associated with the one or more network beacons to be removed from the at least one client device in an instance in which the at least one client device no longer satisfies the one or more authorization rules associated with the one or more network beacons.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-readable medium of claim 14, wherein the one or more computing devices are directed to identify the at least one client device located within the one or more transmission ranges of the one or more network beacons by receiving one or more requests to access the one or more network beacons from the at least one client device.
  - 16. The computer-readable medium of claim 14, wherein the one or more computing devices are further directed to at least:
    - responsive to the determination that the at least one client device satisfies the one or more authorization rules associated with the one or more network beacons, authorize the at least one client device to access the one or more network beacons.
  - 17. The computer-readable medium of claim 14, wherein the one or more resources comprise a key configured to permit the at least one client device to access one or more networks associated with the one or more network beacons.
  - 18. The computer-readable medium of claim 14, wherein the one or more network beacons are associated with one or more service providers and the at least one client device is associated with at least one customer of the one or more service providers.
  - 19. The non-transitory computer-readable medium of claim 14, wherein the stringency for the one or more authorization rules is based at least in part on a signal strength level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich, Burnett, Michelle
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LYNCH, SHARON S

Application Number

US13/656,046
Publication Number

US 20140115668A1
Time in Patent Office

1,194 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 12/64   using geofenced areas

Systems and methods for controlling network access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

191 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling network access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links