Controlling access to resources on a network

US 9,787,655 B2
Filed: 05/10/2013
Issued: 10/10/2017
Est. Priority Date: 12/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, in a proxy server, a request from a client device to access a remote resource, wherein the request comprises a device identifier and at least one user credential;

determining, by the proxy server, whether the device identifier and the at least one user credential are authentic;

in response to determining that the device identifier and the at least one user credential are authentic, generating, in the proxy server, a request to authorize the client device;

transmitting, from the proxy server over a network, the request to authorize the client device to a compliance server that is separate from the proxy server, the compliance server configured to determine whether the client device complies with a hardware restriction, a software restriction, and a mobile device management restriction, wherein the software restriction identifies whether the client device is permitted to have screen-capture functionality enabled;

receiving, from the compliance server, an indication of whether the client device is authorized based upon whether the client device complies with the hardware restriction, the software restriction, and the mobile device management restriction;

in response to determining, based upon the indication, that the client device is authorized to access the remote resource, associating, by the proxy server, a resource access credential for accessing the remote resource with the client device; and

providing, from the proxy server, the resource access credential to a remote device associated with the remote resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

82 Citations

View as Search Results

17 Claims

1. A method comprising:
- receiving, in a proxy server, a request from a client device to access a remote resource, wherein the request comprises a device identifier and at least one user credential;
  
  determining, by the proxy server, whether the device identifier and the at least one user credential are authentic;
  
  in response to determining that the device identifier and the at least one user credential are authentic, generating, in the proxy server, a request to authorize the client device;
  
  transmitting, from the proxy server over a network, the request to authorize the client device to a compliance server that is separate from the proxy server, the compliance server configured to determine whether the client device complies with a hardware restriction, a software restriction, and a mobile device management restriction, wherein the software restriction identifies whether the client device is permitted to have screen-capture functionality enabled;
  
  receiving, from the compliance server, an indication of whether the client device is authorized based upon whether the client device complies with the hardware restriction, the software restriction, and the mobile device management restriction;
  
  in response to determining, based upon the indication, that the client device is authorized to access the remote resource, associating, by the proxy server, a resource access credential for accessing the remote resource with the client device; and
  
  providing, from the proxy server, the resource access credential to a remote device associated with the remote resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the request to access the remote resource is for modifying the remote resource.
  - 3. The method of claim 1, wherein the remote resource comprises at least one of the following:
    - a database, a file, an application, an e-mail, a voicemail, a software resource, or a hardware resource.
  - 4. The method of claim 1, further comprising determining, by the proxy server, whether a pairing of the device identifier and the at least one user credential is authorized to access the remote resource.
  - 5. The method of claim 4, further comprising:
    - in response to determining that the pairing of the device identifier and the at least one user credential is not authorized to access the remote resource, refusing, by the proxy server, the request to access the remote resource.
  - 6. The method of claim 1, further comprising:
    - receiving, in the proxy server, a second request to access the remote resource, wherein the second request comprises a second device identifier and the at least one user credential; and
      
      determining, in the proxy server, whether a pairing of the second device identifier and the at least one user credential is authorized to access the remote resource.
  - 7. The method of claim 6, further comprising:
    - in response to determining that the pairing of the second device identifier and the at least one user credential is authorized to access the remote resource, obtaining, in the proxy server, a resource credential associated with the remote resource.
  - 8. The method of claim 1, further comprising:
    - removing, by the proxy server, the at least one user credential from the request to access the remote resource; and
      
      inserting, by the proxy server, the resource access credential into the request to access the remote resource.
  - 9. The method of claim 1, wherein the resource access credential comprises an enterprise level credential.
  - 10. The method of claim 1, wherein the resource access credential comprises a user level credential.
  - 11. The method of claim 1, wherein the resource access credential comprises at least one of an enterprise level credential or a user level credential.

12. A system comprising:
- a memory storage comprising a plurality of computer instructions; and
  
  a processing unit coupled to the memory storage, wherein the plurality of computer instructions, upon execution by the processing unit, cause the processing unit to at least;
  
  intercept a request for a client device to access a remote resource, wherein the request to access the remote resource comprises a device identifier and a user credential;
  
  determine whether the device identifier and the user credential are authentic;
  
  in response to determining that the device identifier and the user credential are authentic, generate a request to authorize the client device;
  
  transmit, from a proxy server over a network, the request to authorize the client device to a compliance server, the compliance server configured to determine whether the client device complies with a hardware restriction, a software restriction, and a mobile device management restriction, wherein the software restriction identifies whether the client device is permitted to have screen-capture functionality enabled;
  
  receive, from the compliance server, an indication of whether the client device is authorized based upon whether the client device complies with the hardware restriction, the software restriction, and the mobile device management restriction;
  
  in response to determining, based upon the indication, that the client device is authorized to access the remote resource, associate a resource access credential for accessing the remote resource with the client device; and
  
  providing, from the proxy server, the resource access credential to a remote device associated with the remote resource.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the plurality of instructions, upon execution by the processing unit, further cause the processing unit to at least:
    - determine whether the remote resource comprises a personal resource; and
      
      in response to determining that the remote resource comprises the personal resource, transmit the request to access the resource to the compliance server.
  - 14. The system of claim 12, wherein the plurality of instructions, upon execution by the processing unit, further cause the processing unit to at least determine whether a pairing of a user credential and a device identifier associated with the request to access the resource is authorized to access the remote resource.

15. A non-transitory computer-readable medium comprising a set of instructions that, when executed by a processor, causes the processor to perform a method, comprising:
- receiving a request from a client device to access a remote resource, wherein the request comprises a device identifier and at least one user credential;
  
  determining whether the device identifier and the at least one user credential are authentic;
  
  in response to determining that the device identifier and the user credential are authentic, generate a request to authorize the client device;
  
  transmitting, from a proxy server over a network, the request to authorize the client device to a compliance server that is separate from the proxy server, the compliance server configured to determine whether the client device complies a hardware restriction, a software restriction, and a mobile device management restriction, wherein the software restriction identifies whether the client device is permitted to have screen-capture functionality enabled;
  
  receiving, from the compliance server, an indication of whether the client device is authorized based upon whether the client device complies with the hardware restriction, the software restriction, and the mobile device management restriction;
  
  in response to determining, based upon the indication, that the client device is authorized to access the remote resource, associating a resource access credential for accessing the remote resource with the client device; and
  
  providing, from the proxy server, the resource access credential to a remote device associated with the remote resource.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the mobile device management restriction is specified by a compliance rule for the client device.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the compliance rule is stored in a data store for the compliance server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Marshall, John, Stuntebeck, Erich
Primary Examiner(s)
DO, KHANG D

Application Number

US13/891,612
Publication Number

US 20130247144A1
Time in Patent Office

1,614 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Controlling access to resources on a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Controlling access to resources on a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others