Associating services to perimeters

US 9,402,184 B2
Filed: 10/12/2015
Issued: 07/26/2016
Est. Priority Date: 10/17/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a first device, from an internal application executing on the first device, a request to enable the first device to access a server resource account of an enterprise through a direct wireless connection with a second device and cellular network access between the second device and a cellular network, wherein the first device includes a first set of resources and resources external to the first set of resources, the first set of resources associated with the internal application for accessing the server resource account and a first enterprise identifier;

wirelessly transmitting, to the second device, a request to the second device for a second enterprise identifier assigned to a second set of resources included in the second device and associated with the cellular network access between the second device and the cellular network;

receiving, from the second device, the second enterprise identifier; and

determining whether to grant access to the internal application for accessing the server resource account through the direct wireless connection with the second device and the cellular network access of the second set of resources based on a first enterprise identifier assigned to the first device and the second enterprise identifier assigned to the second device, wherein the determining whether to grant access comprises;

comparing the first enterprise identifier to the second enterprise identifier;

when the first enterprise identifier matches the second enterprise identifier, granting access to the internal application in the first set of resources; and

when the first enterprise identifier does not match the second enterprise identifier, generating a separate set of resources including resources for an unknown user to access an enterprise service.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, a method includes receiving, from a user of a first device, a request to enable access, through a second device, to a server resource account of an enterprise. The first device includes a first enterprise perimeter including an internal resource and a first enterprise identifier and configured to prevent external resources from accessing the internal resource. A request is wirelessly transmit, to the second device, to the second device for a second enterprise identifier assigned to a second enterprise perimeter included in the second device. Whether to grant access to the internal resource is determined based on a first enterprise identifier assigned to the first device and a second enterprise identifier assigned to the second device.

245 Citations

20 Claims

1. A method, comprising:
- receiving, by a first device, from an internal application executing on the first device, a request to enable the first device to access a server resource account of an enterprise through a direct wireless connection with a second device and cellular network access between the second device and a cellular network, wherein the first device includes a first set of resources and resources external to the first set of resources, the first set of resources associated with the internal application for accessing the server resource account and a first enterprise identifier;
  
  wirelessly transmitting, to the second device, a request to the second device for a second enterprise identifier assigned to a second set of resources included in the second device and associated with the cellular network access between the second device and the cellular network;
  
  receiving, from the second device, the second enterprise identifier; and
  
  determining whether to grant access to the internal application for accessing the server resource account through the direct wireless connection with the second device and the cellular network access of the second set of resources based on a first enterprise identifier assigned to the first device and the second enterprise identifier assigned to the second device, wherein the determining whether to grant access comprises;
  
  comparing the first enterprise identifier to the second enterprise identifier;
  
  when the first enterprise identifier matches the second enterprise identifier, granting access to the internal application in the first set of resources; and
  
  when the first enterprise identifier does not match the second enterprise identifier, generating a separate set of resources including resources for an unknown user to access an enterprise service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - transmitting a request to access the server resource account of the enterprise;
      
      receiving information granting access to the server resource account and the first enterprise identifier; and
      
      generating the first set of resources including resources for accessing the server resource account and the first enterprise identifier.
  - 3. The method of claim 1, wherein the first enterprise identifier comprises a first email address, and the second enterprise identifier comprises a second email address.
  - 4. The method of claim 1, further comprising:
    - identifying a first user identifier associated with the first device;
      
      transmitting, to the second device, a request to the second device for a second user identifier associated with the second device; and
      
      wherein determining whether to grant access to the internal application is based on the first enterprise identifier, the first user identifier, the second enterprise identifier, and the second user identifier.
  - 5. The method of claim 1, wherein the first set of resources are configured to prevent resources external to the first set of resources from accessing resources associated with the first set of resources.
  - 6. The method of claim 1, wherein the direct wireless connection comprises a wireless local area network (WLAN) connection and the second device is connected with the cellular network via a cellular radio access technology.
  - 7. The method of claim 1, wherein the enterprise service comprises at least one of a data file or an application.
  - 8. The method of claim 1, further comprising:
    - refraining from generating a separate set of resources when the first enterprise identifier matches the second enterprise identifier.

9. A mobile device, comprising:
- one or more processors configured to;
  
  receive, by a first device, from an internal application executing on the first device, a request to enable the first device to access a server resource account of an enterprise through a direct wireless connection with a second device and cellular network access between the second device and a cellular network, wherein the first device includes a first set of resources and resources external to the first set of resources, the first set of resources associated with the internal application for accessing the server resource account and a first enterprise identifier;
  
  wirelessly transmit, to the second device, a request to the second device for a second enterprise identifier assigned to a second set of resources included in the second device and associated with the cellular network access between the second device and the cellular network;
  
  receive, from the second device, the second enterprise identifier; and
  
  determine whether to grant access to the internal application for accessing the server resource account through the direct wireless connection with the second device and the cellular network access of the second set of resources based on a first enterprise identifier assigned to the first device and the second enterprise identifier assigned to the second device, wherein the determining whether to grant access comprises;
  
  compare the first enterprise identifier to the second enterprise identifier;
  
  when the first enterprise identifier matches the second enterprise identifier, grant access to the internal application in the first set of resources; and
  
  when the first enterprise identifier does not match the second enterprise identifier, generate a separate set of resources including resources for an unknown user to access an enterprise service.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The mobile device of claim 9, the one or more processors being further configured to:
    - transmit a request to access the server resource account of the enterprise;
      
      receive information granting access to the server resource account and the first enterprise identifier; and
      
      generate the first set of resources including resources for accessing the server resource account and the first enterprise identifier.
  - 11. The mobile device of claim 9, wherein the first enterprise identifier comprises a first email address, and the second enterprise identifier comprises a second email address.
  - 12. The mobile device of claim 9, the one or more processors being further configured to:
    - identify a first user identifier associated with the first device;
      
      transmit, to the second device, a request to the second device for a second user identifier associated with the second device; and
      
      wherein determining whether to grant access to the internal application is based on the first enterprise identifier, the first user identifier, the second enterprise identifier, and the second user identifier.
  - 13. The mobile device of claim 9, wherein the first set of resources are configured to prevent resources external to the first set of resources from accessing resources associated with the first set of resources.
  - 14. The mobile device of claim 9, wherein the direct wireless connection comprises a wireless local area network (WLAN) connection and the second device is connected with the cellular network via a cellular radio access technology.
  - 15. The mobile device of claim 9, wherein the enterprise service comprises at least one of a data file or an application.
  - 16. The mobile device of claim 9, the one or more processors being further configured to:
    - refrain from generating a separate set of resources when the first enterprise identifier matches the second enterprise identifier.

17. A computer program product encoded on a tangible, non-transitory storage medium, the product comprising computer readable instructions for causing one or more processors to perform operations comprising:
- receiving, by a first device, from an internal application executing on the first device, a request to enable the first device to access a server resource account of an enterprise through a direct wireless connection with a second device and cellular network access between the second device and a cellular network, wherein the first device includes a first set of resources and resources external to the first set of resources, the first set of resources associated with the internal application for accessing the server resource account and a first enterprise identifier;
  
  wirelessly transmitting, to the second device, a request to the second device for a second enterprise identifier assigned to a second set of resources included in the second device and associated with the cellular network access between the second device and the cellular network;
  
  receiving, from the second device, the second enterprise identifier; and
  
  determining whether to grant access to the internal application for accessing the server resource account through the direct wireless connection with the second device and the cellular network access of the second set of resources based on a first enterprise identifier assigned to the first device and the second enterprise identifier assigned to the second device, wherein the determining whether to grant access comprises;
  
  comparing the first enterprise identifier to the second enterprise identifier;
  
  when the first enterprise identifier matches the second enterprise identifier, granting access to the internal application in the first set of resources; and
  
  when the first enterprise identifier does not match the second enterprise identifier, generating a separate set of resources including resources for an unknown user to access an enterprise service.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, instructions for causing one or more processors to further perform operations comprising:
    - transmitting a request to access the server resource account of the enterprise;
      
      receiving information granting access to the server resource account and the first enterprise identifier; and
      
      generating the first set of resources including resources for accessing the server resource account and the first enterprise identifier.
  - 19. The computer program product of claim 17, wherein the first enterprise identifier comprises a first email address, and the second enterprise identifier comprises a second email address.
  - 20. The computer program product of claim 17, instructions for causing one or more processors to further perform operations comprising:
    - identifying a first user identifier associated with the first device;
      
      transmitting, to the second device, a request to the second device for a second user identifier associated with the second device; and
      
      wherein determining whether to grant access to the internal application is based on the first enterprise identifier, the first user identifier, the second enterprise identifier, and the second user identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher Lyle, Russell, Graham, Silvanovich, Natalie Michelle
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
Abedin, Normin

Application Number

US14/880,319
Publication Number

US 20160037348A1
Time in Patent Office

288 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/102   Entity profiles

H04L 67/12   specially adapted for propr...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 76/14   Direct-mode setup

H04W 84/12   WLAN [Wireless Local Area N...

Associating services to perimeters

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Associating services to perimeters

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others