Controlling access to resources on a network

US 9,769,266 B2
Filed: 03/05/2014
Issued: 09/19/2017
Est. Priority Date: 12/09/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying program instructions executable in a client device that, when executed by the client device, cause the client device to:

generate a request on the client device to access an enterprise resource from an enterprise device, the request comprising user access credentials and a device identifier corresponding to the client device;

cause the request to access the enterprise resource to be communicated to a proxy server configured to;

authenticate a user account of the client device by determining that the user access credentials match approved user access credentials stored in a data store;

authenticate the client device by determining that the device identifier matches an approved device identifier stored in the data store;

communicate with a compliance server to determine that the client device complies with at least one compliance rule based at least in part on a device profile generated for the client device;

associate enterprise access credentials with the client device in response to the client device being authorized by the proxy server and the compliance server to access the enterprise resource;

modify the request to generate a subsequent request to access the enterprise resource for transmission to the enterprise device by replacing the user access credentials with the enterprise access credentials in response to the enterprise access credentials being associated with the client device, the subsequent request further comprising the device identifier;

receive the enterprise resource from the enterprise device in response to the subsequent request being received by the enterprise device from the proxy server and the subsequent request being authenticated by the enterprise device using the enterprise access credentials and the device identifier; and

communicate the enterprise resource to the client device; and

access the enterprise resource received at the client device from the proxy server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Control of access to resources on a network may be provided. A request to access enterprise resource(s), the request comprising a set of user access credentials and a device identifier, may be generated. The request to access the at least one enterprise resource and an updated device profile may be provided to an authorization service. A set of enterprise access credentials may be received from the authorization service and used to generate a second request to access the enterprise resource(s).

20 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable medium embodying program instructions executable in a client device that, when executed by the client device, cause the client device to:
- generate a request on the client device to access an enterprise resource from an enterprise device, the request comprising user access credentials and a device identifier corresponding to the client device;
  
  cause the request to access the enterprise resource to be communicated to a proxy server configured to;
  
  authenticate a user account of the client device by determining that the user access credentials match approved user access credentials stored in a data store;
  
  authenticate the client device by determining that the device identifier matches an approved device identifier stored in the data store;
  
  communicate with a compliance server to determine that the client device complies with at least one compliance rule based at least in part on a device profile generated for the client device;
  
  associate enterprise access credentials with the client device in response to the client device being authorized by the proxy server and the compliance server to access the enterprise resource;
  
  modify the request to generate a subsequent request to access the enterprise resource for transmission to the enterprise device by replacing the user access credentials with the enterprise access credentials in response to the enterprise access credentials being associated with the client device, the subsequent request further comprising the device identifier;
  
  receive the enterprise resource from the enterprise device in response to the subsequent request being received by the enterprise device from the proxy server and the subsequent request being authenticated by the enterprise device using the enterprise access credentials and the device identifier; and
  
  communicate the enterprise resource to the client device; and
  
  access the enterprise resource received at the client device from the proxy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the user access credentials further comprise login information provided on the client device.
  - 3. The non-transitory computer-readable medium of claim 2, wherein the login information further comprises a user name, a password, biometric data, or a combination thereof.
  - 4. The non-transitory computer-readable medium of claim 1, further comprising program instructions that, when executed by the client device, cause the client device to provide the device profile to the compliance server on a periodic basis.
  - 5. The non-transitory computer-readable medium of claim 4, further comprising program instructions that, when executed, cause the client device to access a notification received from the proxy server that the device profile failed a compliance check performed by the compliance server.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the request to access the enterprise resource on the client device is initiated on the client device via a network page rendered on a display of the client device.
  - 7. The non-transitory computer-readable medium of claim 1, wherein:
    - the request to access the enterprise resource on the client device is initiated on the client device via an enterprise access application locally executed on the client device, andthe request to access the enterprise resource is communicated to the proxy sever by communicating the request to the enterprise device, wherein the enterprise device is configured to reroute the request from the enterprise device to the proxy server.

8. A system, comprising:
- a user device comprising a local data store; and
  
  program code executable in the user device that, when executed, causes the user device to;
  
  generate a request to access an enterprise resource from an enterprise device on the user device, the request comprising user access credentials and a device identifier corresponding to the user device; and
  
  cause the request to access the enterprise resource to be communicated to a proxy server configured to;
  
  authenticate a user account of the user device by determining that the user access credentials matches approved user access credentials stored in memory;
  
  authenticate the user device by determining that the device identifier matches an approved device identifier stored in the memory;
  
  communicate with a compliance server to determine that the user device complies with at least one compliance rule based at least in part on a device profile generated for the user device;
  
  associate enterprise access credentials with the user device in response to the user device being authorized by the proxy server and the compliance server to access the enterprise resource;
  
  modify the request to generate a subsequent request to access the enterprise resource for transmission to the enterprise device by replacing the user access credentials with the enterprise access credentials in response to the enterprise access credentials being associated with the user device, the subsequent request further comprising the device identifier;
  
  receive the enterprise resource from the enterprise device in response to the subsequent request being received by the enterprise device from the proxy server and the subsequent request being authenticated by the enterprise device using the enterprise access credentials and the device identifier; and
  
  communicate the enterprise resource to the user device; and
  
  access the enterprise resource received at the user device from the proxy server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the user access credentials further comprise login information provided on the user device.
  - 10. The system of claim 9, wherein the login information further comprises a user name, a password, biometric data, or a combination thereof.
  - 11. The system of claim 8, further comprising program code that causes the user device to provide the device profile to the compliance server on a periodic basis.
  - 12. The system of claim 11, further comprising program code that causes the user device to receive a notification from the proxy server that the device profile failed a compliance check performed by the compliance server.
  - 13. The system of claim 8, wherein the request to access the enterprise resource on the user device is initiated on the user device via a network page rendered on a display of the user device.
  - 14. The system of claim 8, wherein:
    - the request to access the enterprise resource on the user device is initiated on the user device via an enterprise access application locally executed on the user device, andthe request to access the enterprise resource is provided to the proxy sever by communicating the request to the enterprise device, wherein the enterprise device is configured to reroute the request from the enterprise device to the proxy server.

15. A method, comprising:
- generating, by a client device in data communication with a proxy server over a network, a request to access an enterprise resource from an enterprise device on the client device, the request comprising user access credentials and a device identifier corresponding to the client device; and
  
  causing, by the client device, the request to access the enterprise resource to be provided to the proxy server, the proxy server being configured to;
  
  authenticate a user account of the client device by determining that the user access credentials match approved user access credentials stored in a data store;
  
  authenticate the client device by determining that the device identifier matches an approved device identifier stored in the data store; and
  
  communicate with a compliance server to determine that the client device complies with at least one compliance rule based at least in part on a device profile generated for the client device;
  
  associate enterprise access credentials with the client device in response to the client device being authorized by the proxy server and the compliance server to access the enterprise resource;
  
  modify the request to generate a subsequent request to access the enterprise resource for transmission to the enterprise device by replacing the user access credentials with the enterprise access credentials in response to the enterprise access credentials being associated with the user device, the subsequent request further comprising the device identifier;
  
  receive the enterprise resource from the enterprise device in response to the subsequent request being received by the enterprise device from the proxy server and the subsequent request being authenticated by the enterprise device using the enterprise access credentials and the device identifier; and
  
  communicate the enterprise resource to the client device; and
  
  accessing, by the client device, the enterprise resource received from the proxy server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the user access credentials further comprise login information provided on the client device.
  - 17. The method of claim 16, wherein the login information further comprises a user name, a password, biometric data, or a combination thereof.
  - 18. The method of claim 15, further comprising causing, by the client device, the device profile to be provided to the compliance server on a periodic basis.
  - 19. The method of claim 15, wherein the request to access the enterprise resource on the client device is initiated on the client device via a network page rendered on a display of the client device.
  - 20. The method of claim 15, wherein:
    - the request to access the enterprise resource on the client device is initiated on the client device via an enterprise access application locally executed on the client device, andthe request to access the enterprise resource is provided to the proxy server by communicating the request to the enterprise device, wherein the enterprise device is configured to reroute the request from the enterprise device to the proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich
Primary Examiner(s)
DO, KHANG D

Application Number

US14/197,385
Publication Number

US 20140189119A1
Time in Patent Office

1,294 Days
Field of Search

726 4
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/51   Discovery or management the...

H04W 12/37   Managing security policies ...

Controlling access to resources on a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to resources on a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links