Secondary device as key for authorizing access to resources

US 9,401,915 B2
Filed: 11/19/2013
Issued: 07/26/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, from a device, a request to an authorization service for access to at least one resource;

receiving from the authorization service an indication that the device must comply with a distribution rule associated with the at least one resource, wherein the distribution rule requires a specified secondary device to be in proximity to the device as a prerequisite to accessing the at least one resource;

transmitting an indication that the device is in proximity to the secondary device;

receiving an authorization indication at the device in response to transmitting the indication that the device is in proximity to the secondary device;

creating a registration key based on the authorization indication, a user identifier, and a property of the device;

determining whether access to at least one resource is permitted according to the registration key;

obtaining an authorization credential from the secondary device, the authorization credential being associated with the at least one resource; and

in response to determining that access to the at least one resource is permitted according to the registration key and receiving the authentication credential, permitting the device to access the at least one resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secondary device may be used to provide access to resources to a primary device. Upon receiving an authorization indication at a device, a registration key based on the authorization indication, a user identifier, and a property of the device may be created. Upon determining whether access to at least one resource is permitted according to the registration key the device may be permitted to access the at least one resource.

240 Citations

19 Claims

1. A method comprising:
- transmitting, from a device, a request to an authorization service for access to at least one resource;
  
  receiving from the authorization service an indication that the device must comply with a distribution rule associated with the at least one resource, wherein the distribution rule requires a specified secondary device to be in proximity to the device as a prerequisite to accessing the at least one resource;
  
  transmitting an indication that the device is in proximity to the secondary device;
  
  receiving an authorization indication at the device in response to transmitting the indication that the device is in proximity to the secondary device;
  
  creating a registration key based on the authorization indication, a user identifier, and a property of the device;
  
  determining whether access to at least one resource is permitted according to the registration key;
  
  obtaining an authorization credential from the secondary device, the authorization credential being associated with the at least one resource; and
  
  in response to determining that access to the at least one resource is permitted according to the registration key and receiving the authentication credential, permitting the device to access the at least one resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the authorization indication is received in response to a user-initiated action.
  - 3. The method of claim 1, wherein the authorization indication is received from a second device operative to transmit the authorization indication.
  - 4. The method of claim 1, further comprising:
    - receiving the authorization indication in response to determining that a compliance rule associated with the authorization indication has been satisfied.
  - 5. The method of claim 1, wherein determining whether access to the at least one resource is permitted according to the registration key comprises:
    - retrieving an identifier associated with the at least one resource;
      
      submitting the registration key and the identifier associated with the at least one resource to a verification service; and
      
      determining whether an access key for the at least one resource has been received from the verification service.
  - 6. The method of claim 1, wherein the authorization indication comprises a unique identifier associated with the device.
  - 7. The method of claim 1, wherein the registration key is associated with a plurality of compliance rules.
  - 8. The method of claim 7, wherein at least one of the plurality of compliance rules comprises a required proximity between the device and at least one second device.
  - 9. The method of claim 7, wherein at least one of the plurality of compliance rules comprises an expiration time for the registration key.
  - 10. The method of claim 1, further comprising:
    - displaying an indication on a user interface of the device associated with the registration key.

11. An apparatus comprising:
- a memory storage; and
  
  a processor coupled to the memory storage operative to execute instructions for;
  
  obtaining a request for an indication associated with access to a resource from a user device,determining whether the resource is associated with a distribution rule, the distribution rule specifying that the user device be in proximity to a secondary device as a prerequisite for accessing the resource,obtaining an indication that the user device is in proximity to the secondary device,providing an authorization indication to the user device, the authorization indication authorizing access to the resource,receiving a registration key from the user device and an authorization credential provided by the secondary device, the registration key being generated by the user device based upon the authorization indication and the authorization credential obtained from the secondary device by the user device,creating a profile for the user device according to the registration key,associating a plurality of compliance rules with the profile for the user device,receiving a request to access a resource from the user device,determining whether the user device is in compliance with the plurality of compliance rules, andin response to determining that the user device is in compliance with the plurality of compliance rules, providing access to the resource to the user device.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, wherein the processor is further operative to execute instructions for:
    - detecting an arrival of the user device within a geographic location served by the apparatus; and
      
      providing the authorization indication to the user device automatically.
  - 13. The apparatus of claim 11, wherein the processor is further operative to execute instructions for:
    - receiving a request from the user device; and
      
      providing the authorization indication to the user device in response to the request.
  - 14. The apparatus of claim 11, wherein the processor is further operative to execute instructions for:
    - providing at least one restriction on the resource to the user device.

15. A client device comprising:
- a network connectivity interface for enabling communication between the client device and an authorization service via a network;
  
  a memory for storing a client side application; and
  
  a processor communicatively coupled to the memory for executing said client side application, wherein said client side application comprises executable instructions for;
  
  transmitting a request to an authorization service for access to at least one resource;
  
  receiving from the authorization service an indication that the client device must comply with a distribution rule associated with the resource, wherein the distribution rule requires a second device to be in proximity to the client device as a prerequisite to accessing the at least one resource;
  
  obtaining an authorization credential from the second device;
  
  transmitting to the authorization service an indication that the client device is in proximity to the second device and the authorization credential;
  
  receiving an authorization indication associated with a geographic location from the second device located within the geographic location in response to transmitting the indication that the device is in proximity to the second device;
  
  creating a registration key based on the authorization indication, a user identifier, and a property of the client device;
  
  providing the registration key to the second device;
  
  determining whether the second device approved the registration key; and
  
  in response to determining that the second device approved the registration key, requesting access to the at least one resource.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The client device of claim 15, wherein requesting access to the at least one resource comprises providing the authorization credential to the authorization service associated with the at least one resource.
  - 17. The client device of claim 15, wherein the authorization credential comprises at least one compliance restriction.
  - 18. The client device of claim 15, wherein the authorization indication is received as a broadcast signal from the second device.
  - 19. The client device of claim 15, wherein the property of the client device comprises a unique identifier associated with the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
DeWeese, William, Stuntebeck, Erich
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/083,718
Publication Number

US 20140282846A1
Time in Patent Office

980 Days
Field of Search

726/1, 726/4, 380/44
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04W 12/068   using credential vaults, e....

Secondary device as key for authorizing access to resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

240 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Secondary device as key for authorizing access to resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

240 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others