×

Conditional access to services based on device claims

  • US 9,444,848 B2
  • Filed: 09/19/2014
  • Issued: 09/13/2016
  • Est. Priority Date: 09/19/2014
  • Status: Active Grant
First Claim
Patent Images

1. In a computing environment, a method of providing access to one or more resources to a user device, the method comprising:

  • at a user device, registering with an identity service to obtain an identity credential which omits a claim that the user device is a managed device;

    the user device sending the identity credential to a service endpoint where it is determined that the identity credential omits the claim that the user device is a managed device;

    at the user device, registering with a policy management service by at least presenting the identity credential to the policy management service, the user device registering with the policy management service in response to the user device being redirected to the policy management service from the service endpoint in response to the user device presenting the identity credential to the service endpoint that was determined to omit the claim that the user device is a managed device;

    at the user device, receiving a compliance policy listing corresponding to a compliance policy required for managed devices, the compliance policy listing identifying one or more items of interest, the one or more items of interest including at least (a) one or more changes to be made at the user device for the user device to be compliant with the compliance policy or (b) one or more states of the user device required for compliance;

    at the user device, performing at least one of providing a notification to the policy management service that indicates (a) the one or more states of the user device required for compliance or (b) the user device taking a remedial action that includes the one or more changes required for the user device to be compliant, wherein the notification triggers the transmission of a compliance state setting to the identity service;

    at the user device, receiving a token from the identity service that indicates a compliance state of the user device and a claim that the user device is a managed device, the token being based on the identity service receiving the compliance state setting from the policy management service; and

    the user device transmitting the token to the service endpoint with the claim that the user device is a managed device.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×