Rule based device enrollment
First Claim
1. A system comprising:
- memory configured to store computer-executable instructions; and
at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least;
detect a gateway device connected to one or more electronic devices in a communication network;
enroll the gateway device;
receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system;
authenticate the electronic device, the computer-executable instructions to authenticate the electronic device comprising instructions to;
receive, from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and
verify the fingerprint information associated with the electronic device;
identify an enrollment policy associated with the electronic device;
enroll the electronic device in accordance with the enrollment policy; and
transmit, to the gateway device, information that enables the electronic device to access resources of the system.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.
86 Citations
18 Claims
-
1. A system comprising:
-
memory configured to store computer-executable instructions; and at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least; detect a gateway device connected to one or more electronic devices in a communication network; enroll the gateway device; receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system; authenticate the electronic device, the computer-executable instructions to authenticate the electronic device comprising instructions to; receive, from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and verify the fingerprint information associated with the electronic device; identify an enrollment policy associated with the electronic device; enroll the electronic device in accordance with the enrollment policy; and transmit, to the gateway device, information that enables the electronic device to access resources of the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system; authenticating the electronic device, the authenticating comprising; receiving from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and verifying the fingerprint information associated with the electronic device; identifying an enrollment policy associated with the electronic device; applying a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system; enrolling the electronic device in accordance with the set of enrollment rules; and transmitting, to the gateway device, information that enables the electronic device to access resources of the system. - View Dependent Claims (12, 13)
-
-
14. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to receive, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system; instructions that cause the one or more processors to authenticate the electronic device, the instructions to authenticate the electronic device further comprising instructions that cause the one or more processors to; receive from the gateway device, fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device; and verify the fingerprint information associated with the electronic device; instructions that cause the one or more processors to identify an enrollment policy associated with the electronic device; instructions that cause the one or more processors to apply a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system; instructions that cause the one or more processors to enroll the electronic device in accordance with the set of enrollment rules; and instructions that cause the one or more processors to transmit, to the gateway device, information that enables the electronic device to access resources of the system. - View Dependent Claims (15, 16)
-
-
17. A method comprising:
-
receiving, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system; authenticating the electronic device, the authenticating comprising; determining that the electronic device is pre-registered with the system based on a shared secret and an identifier associated with the one or more electronic devices; receiving an encrypted identifier from the electronic device; decrypting the encrypted identifier with the shared secret; and transmitting a digital certificate to the electronic device based on the decrypting; identifying an enrollment policy associated with the electronic device; applying a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system; enrolling the electronic device in accordance with the set of enrollment rules; and transmitting, to the gateway device, information that enables the electronic device to access resources of the system.
-
-
18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to receive, from a gateway device connected to one or more electronic devices in a communication network, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with a system; instructions that cause the one or more processors to authenticate the electronic device, the instructions to authenticate the electronic device further comprising instructions that cause the one or more processors to; determine that the electronic device is pre-registered with the system based on a shared secret and an identifier associated with the one or more electronic devices; receive an encrypted identifier from the electronic device; decrypt the encrypted identifier with the shared secret; and transmit a digital certificate to the electronic device based on the instructions to decrypt; instructions that cause the one or more processors to identify an enrollment policy associated with the electronic device; instructions that cause the one or more processors to apply a set of enrollment rules defined by the enrollment policy to the electronic device, the set of enrollment rules specifying at least one of information related to users in the system who can enroll the electronic device, types of devices that can be enrolled by the one or more users of the system, or a maximum number of the devices that can be enrolled by the one or more users with the system; instructions that cause the one or more processors to enroll the electronic device in accordance with the set of enrollment rules; and instructions that cause the one or more processors to transmit, to the gateway device, information that enables the electronic device to access resources of the system.
-
Specification