Rule based device enrollment

US 9,813,407 B2
Filed: 11/09/2016
Issued: 11/07/2017
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

memory configured to store computer-executable instructions; and

at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least;

detect a gateway device connected to one or more electronic devices in a communication network;

enroll the gateway device;

receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system;

authenticate the electronic device, the computer-executable instructions to authenticate the electronic device comprising instructions to;

receive, from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and

verify the fingerprint information associated with the electronic device;

identify an enrollment policy associated with the electronic device;

enroll the electronic device in accordance with the enrollment policy; and

transmit, to the gateway device, information that enables the electronic device to access resources of the system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

86 Citations

View as Search Results

18 Claims

1. A system comprising:
- memory configured to store computer-executable instructions; and
  
  at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least;
  
  detect a gateway device connected to one or more electronic devices in a communication network;
  
  enroll the gateway device;
  
  receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system;
  
  authenticate the electronic device, the computer-executable instructions to authenticate the electronic device comprising instructions to;
  
  receive, from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and
  
  verify the fingerprint information associated with the electronic device;
  
  identify an enrollment policy associated with the electronic device;
  
  enroll the electronic device in accordance with the enrollment policy; and
  
  transmit, to the gateway device, information that enables the electronic device to access resources of the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the computer-executable instructions to authenticate the electronic device further comprise instructions to:
    - transmit the enrollment request to the electronic device;
      
      receive credential information from the electronic device in response to the enrollment request; and
      
      authenticate the electronic device based on the credential information.
  - 3. The system of claim 1, wherein the computer-executable instructions to authenticate the electronic device further comprise instructions to:
    - determine that the electronic device is pre-registered with the system based on a shared secret and an identifier associated with the one or more electronic devices;
      
      receive an encrypted identifier from the electronic device;
      
      decrypt the encrypted identifier with the shared secret; and
      
      transmit a digital certificate to the electronic device based on the decrypting.
  - 4. The system of claim 1, wherein the computer-executable instructions further comprise instructions to:
    - apply a set of enrollment rules defined by the enrollment policy to the electronic device; and
      
      enroll the electronic device in accordance with the set of enrollment rules.
  - 5. The system of claim 4, wherein the set of enrollment rules specify at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system.
  - 6. The system of claim 4, wherein the set of enrollment rules specify information related to authenticating the electronic device for enrolling the electronic device with the system.
  - 7. The system of claim 4, wherein the set of enrollment rules specify information related to a geo-location of the electronic device.
  - 8. The system of claim 1, wherein the one or more electronic devices comprise a headless device, the headless device comprising at least one of a printer, a scanner, a facsimile machine, video conference equipment, or a Voice Over IP (VoIP) telephone.
  - 9. The system of claim 1, wherein the one or more electronic devices comprise a temperature sensor, an oxygen sensor, an Electrocardiography (EKG) sensor, a camera, or medical sensing equipment.
  - 10. The system of claim 1, wherein the enrollment policy is identified based at least in part on a trusted connection through the gateway device.

11. A method comprising:
- receiving, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system;
  
  authenticating the electronic device, the authenticating comprising;
  
  receiving from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and
  
  verifying the fingerprint information associated with the electronic device;
  
  identifying an enrollment policy associated with the electronic device;
  
  applying a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system;
  
  enrolling the electronic device in accordance with the set of enrollment rules; and
  
  transmitting, to the gateway device, information that enables the electronic device to access resources of the system.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein authenticating the electronic device comprises:
    - transmitting the enrollment request to the electronic device;
      
      receiving credential information from the electronic device in response to the enrollment request; and
      
      authenticating the electronic device based on the credential information.
  - 13. The method of claim 11, wherein the set of enrollment rules specify information related to a geo-location of the electronic device.

14. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to receive, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system;
  
  instructions that cause the one or more processors to authenticate the electronic device, the instructions to authenticate the electronic device further comprising instructions that cause the one or more processors to;
  
  receive from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and
  
  verify the fingerprint information associated with the electronic device;
  
  instructions that cause the one or more processors to identify an enrollment policy associated with the electronic device;
  
  instructions that cause the one or more processors to apply a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system;
  
  instructions that cause the one or more processors to enroll the electronic device in accordance with the set of enrollment rules; and
  
  instructions that cause the one or more processors to transmit, to the gateway device, information that enables the electronic device to access resources of the system.
- View Dependent Claims (15, 16)
- - 15. The computer-readable media of claim 14, wherein the instructions that cause the one or more processors to authenticate the electronic device comprise instructions to:
    - transmit the enrollment request to the electronic device;
      
      receive credential information from the electronic device in response to the enrollment request; and
      
      authenticate the electronic device based on the credential information.
  - 16. The computer-readable media of claim 14, wherein the one or more electronic devices comprise a temperature sensor, an oxygen sensor, an Electrocardiography (EKG) sensor, a camera, or medical sensing equipment.

17. A method comprising:
- receiving, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system;
  
  authenticating the electronic device, the authenticating comprising;
  
  determining that the electronic device is pre-registered with the system based on a shared secret and an identifier associated with the one or more electronic devices;
  
  receiving an encrypted identifier from the electronic device;
  
  decrypting the encrypted identifier with the shared secret; and
  
  transmitting a digital certificate to the electronic device based on the decrypting;
  
  identifying an enrollment policy associated with the electronic device;
  
  applying a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system;
  
  enrolling the electronic device in accordance with the set of enrollment rules; and
  
  transmitting, to the gateway device, information that enables the electronic device to access resources of the system.

18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to receive, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system;
  
  instructions that cause the one or more processors to authenticate the electronic device, the instructions to authenticate the electronic device further comprising instructions that cause the one or more processors to;
  
  determine that the electronic device is pre-registered with the system based on a shared secret and an identifier associated with the one or more electronic devices;
  
  receive an encrypted identifier from the electronic device;
  
  decrypt the encrypted identifier with the shared secret; and
  
  transmit a digital certificate to the electronic device based on the instructions to decrypt;
  
  instructions that cause the one or more processors to identify an enrollment policy associated with the electronic device;
  
  instructions that cause the one or more processors to apply a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system;
  
  instructions that cause the one or more processors to enroll the electronic device in accordance with the set of enrollment rules; and
  
  instructions that cause the one or more processors to transmit, to the gateway device, information that enables the electronic device to access resources of the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mohamad Abdul, Mohamad Raja Gani, Jayanti Venkata, Bhagavati Kumar, Maheshwari, Harsh, Pattar, Nagaraj, Verma, Ravi
Primary Examiner(s)
Song, Hosuk

Application Number

US15/347,152
Publication Number

US 20170063846A1
Time in Patent Office

363 Days
Field of Search

726 1- 7, 726 10, 726 12, 713150, 713153, 713168-170, 713173
US Class Current
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 8/71   Version control security ar...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 41/082   the condition being updates...

H04L 41/0895   Configuration of virtualise...

H04L 41/20   Network management software...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 41/5096   wherein the managed service...

H04L 47/125   by balancing the load, e.g....

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/20 : for managing network securi...

H04L 63/205 : involving negotiation or de...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/12 : specially adapted for propr...

H04L 67/306 : User profiles

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

H04L 9/3268 : using certificate validatio...

H04W 12/06 : Authentication

H04W 12/33 : using wearable devices, e.g...

H04W 16/06 : Hybrid resource partitionin...

H04W 4/08 : User group management

H04W 4/50 : Service provisioning or rec...

H04W 4/60 : Subscription-based services...

H04W 4/70 : Services for machine-to-mac...

View All

Rule based device enrollment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

86 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Rule based device enrollment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links