Generic server framework for device authentication and management and a generic framework for endpoint command dispatch

US 9,781,098 B2
Filed: 04/17/2015
Issued: 10/03/2017
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method of initializing a user'"'"'s electronic device for secure connection to an enterprise computer network, the method comprising:

sending, to an electronic device, a uniform resource locator (URL) that links to an enterprise computer network;

authenticating a user of the electronic device to the enterprise computer network, the user connecting the electronic device to the enterprise computer network using the URL;

installing a profile on the electronic device in response to the authenticating, the profile associated with the user;

posting, on a server of the enterprise computer network, an enrollment notification for the electronic device;

detecting, on the enterprise computer network, an inquiry for notifications from the electronic device;

pushing, from the enterprise computer network to the electronic device, a secure workspace application and a configuration for the secure workspace application in response to the detecting, the secure workspace application selected based on a device identifier of the electronic device and the profile; and

automatically enrolling the secure workspace application with the enterprise computer network as a child of the electronic device upon the secure workspace application being started on the electronic device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are described for enrolling a user'"'"'s bring-your-own-device for secure connection to a company'"'"'s enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment. The workspace is registered as a child of the parent device, and the lifecycle of the workspace is thus linked to that of the parent.

83 Citations

View as Search Results

20 Claims

1. A method of initializing a user'"'"'s electronic device for secure connection to an enterprise computer network, the method comprising:
- sending, to an electronic device, a uniform resource locator (URL) that links to an enterprise computer network;
  
  authenticating a user of the electronic device to the enterprise computer network, the user connecting the electronic device to the enterprise computer network using the URL;
  
  installing a profile on the electronic device in response to the authenticating, the profile associated with the user;
  
  posting, on a server of the enterprise computer network, an enrollment notification for the electronic device;
  
  detecting, on the enterprise computer network, an inquiry for notifications from the electronic device;
  
  pushing, from the enterprise computer network to the electronic device, a secure workspace application and a configuration for the secure workspace application in response to the detecting, the secure workspace application selected based on a device identifier of the electronic device and the profile; and
  
  automatically enrolling the secure workspace application with the enterprise computer network as a child of the electronic device upon the secure workspace application being started on the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - transmitting data from the enterprise computer network to the electronic device for viewing in an app;
      
      decrypting, by the secure workspace application, the data; and
      
      passing the decrypted data to the app for viewing by the user.
  - 3. The method of claim 1 further comprising:
    - encrypting, by the secure workspace application, data from an app on the electronic device; and
      
      transmitting, from the electronic device to the enterprise computer network, the encrypted data.
  - 4. The method of claim 1 further comprising:
    - determining an operating system (OS) of the electronic device, wherein the secure workspace application is selected based on the determined OS.
  - 5. The method of claim 4 wherein the automatic enrolling is based on the determined OS.
  - 6. The method of claim 5 further comprising:
    - correlating a role of the user with the OS of the electronic device, wherein the enrolling is based upon a pre-approval of the OS correlated with the role.
  - 7. The method of claim 1 wherein the user is associated with a role in the enterprise computer network, the enrolling based upon the role.
  - 8. The method of claim 1 wherein the sending of the URL is through a short message service (SMS) or multimedia messaging service (MMS).
  - 9. The method of claim 1 wherein the sending of the URL is through an email to the user.
  - 10. The method of claim 1 wherein a type of authentication for the authenticating is selected based on a policy in the enterprise computer network.
  - 11. The method of claim 10 wherein the type of authentication includes a username and password on a hypertext transfer protocol (HTTP) web form.

12. A non-transitory computer-readable medium for initializing a user'"'"'s electronic device for secure connection to an enterprise computer network, the medium comprising instructions stored thereon, that when executed on a processor, perform operations comprising:
- sending, to an electronic device, a uniform resource locator (URL) that links to an enterprise computer network;
  
  authenticating a user of the electronic device to the enterprise computer network, the user connecting the electronic device to the enterprise computer network using the URL;
  
  installing a profile on the electronic device in response to the authenticating, the profile associated with the user;
  
  posting, on a server of the enterprise computer network, an enrollment notification for the electronic device;
  
  detecting, on the enterprise computer network, an inquiry for notifications from the electronic device;
  
  pushing, from the enterprise computer network to the electronic device, a secure workspace application and a configuration for the secure workspace application in response to the detecting, the secure workspace application selected based on a device identifier of the electronic device and the profile; and
  
  automatically enrolling the secure workspace application with the enterprise computer network as a child of the electronic device upon the secure workspace application being started on the electronic device.
- View Dependent Claims (13, 14, 15)
- - 13. The medium of claim 12 further comprising operations for:
    - transmitting data from the enterprise computer network to the electronic device for viewing in an app;
      
      decrypting, by the secure workspace application, the data; and
      
      passing the decrypted data to the app for viewing by the user.
  - 14. The medium of claim 12 further comprising operations for:
    - encrypting, by the secure workspace application, data from an app on the electronic device; and
      
      transmitting, from the electronic device to the enterprise computer network, the encrypted data.
  - 15. The medium of claim 12 further comprising operations for:
    - determining an operating system (OS) of the electronic device, wherein the secure workspace application is selected based on the determined OS.

16. A computer system executing instructions for initializing a user'"'"'s electronic device for secure connection to an enterprise computer network, the computer system comprising:
- at least one processor; and
  
  a memory operatively coupled with the at least one processor, the processor executing a computer program including;
  
  program code for sending, to an electronic device, a uniform resource locator (URL) that links to an enterprise computer network;
  
  program code for authenticating a user of the electronic device to the enterprise computer network, the user connecting the electronic device to the enterprise computer network using the URL;
  
  program code for installing a profile on the electronic device in response to the authenticating, the profile associated with the user;
  
  program code for posting, on a server of the enterprise computer network, an enrollment notification for the electronic device;
  
  program code for detecting, on the enterprise computer network, an inquiry for notifications from the electronic device;
  
  program code for pushing, from the enterprise computer network to the electronic device, a secure workspace application and a configuration for the secure workspace application in response to the detecting, the secure workspace application selected based on a device identifier of the electronic device and the profile; and
  
  program code for automatically enrolling the secure workspace application with the enterprise computer network as a child of the electronic device upon the secure workspace application being started on the electronic device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 further comprising:
    - program code for transmitting data from the enterprise computer network to the electronic device for viewing in an app;
      
      program code for decrypting, by the secure workspace application, the data; and
      
      program code for passing the decrypted data to the app for viewing by the user.
  - 18. The system of claim 16 further comprising:
    - program code for encrypting, by the secure workspace application, data from an app on the electronic device; and
      
      program code for transmitting, from the electronic device to the enterprise computer network, the encrypted data.
  - 19. The system of claim 16 further comprising:
    - program code for determining an operating system (OS) of the electronic device, wherein the secure workspace application is selected based on the determined OS.
  - 20. The system of claim 19 further comprising:
    - program code for correlating a role of the user with the OS of the electronic device, wherein the enrolling is based upon a pre-approval of the OS correlated with the role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mohamad Abdul, Mohamad Raja Gani, Jayanti Venkata, Bhagavati Kumar, Gopalan, Krithiga, Maheshwari, Harsh, Pattar, Nagaraj, Verma, Ravi
Primary Examiner(s)
Song, Hosuk

Application Number

US14/689,983
Publication Number

US 20160087955A1
Time in Patent Office

900 Days
Field of Search

713168-170, 713193, 726 2- 7, 726 26- 30
US Class Current
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 8/71   Version control security ar...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 41/082   the condition being updates...

H04L 41/0895   Configuration of virtualise...

H04L 41/20   Network management software...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 41/5096   wherein the managed service...

H04L 47/125   by balancing the load, e.g....

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/20 : for managing network securi...

H04L 63/205 : involving negotiation or de...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/12 : specially adapted for propr...

H04L 67/306 : User profiles

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

H04L 9/3268 : using certificate validatio...

H04W 12/06 : Authentication

H04W 12/33 : using wearable devices, e.g...

H04W 16/06 : Hybrid resource partitionin...

H04W 4/08 : User group management

H04W 4/50 : Service provisioning or rec...

H04W 4/60 : Subscription-based services...

H04W 4/70 : Services for machine-to-mac...

View All

Generic server framework for device authentication and management and a generic framework for endpoint command dispatch

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Generic server framework for device authentication and management and a generic framework for endpoint command dispatch

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others