Use of device risk evaluation to manage access to services
First Claim
Patent Images
1. A method, comprising:
- receiving data in a communication from a computing device of an identity provider;
subsequent to receiving the data, receiving, by a second computing device, a request from a first computing device, the request for access by the first computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the first computing device;
in response to the request, performing, by the second computing device, an evaluation of a configuration of the first computing device, wherein the evaluation comprises determining a risk level, and wherein the evaluation is based at least in part on the received data from the identity provider;
performing, by the second computing device, an action based on the evaluation, wherein the action comprises sending a first communication to the computing device of the identity provider, the first communication indicating the risk level, wherein the identity provider is of record with the second computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication;
determining whether the software component is installed on the first computing device; and
in response to determining that the software component is not installed on the first computing device;
creating a fingerprint of the first computing device, the fingerprint including data extracted from at least one communication from the first computing device; and
determining whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the second computing device.
7 Assignments
0 Petitions
Accused Products
Abstract
A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation of the first computing device; and performing, by the second computing device, an action (e.g., authorizing access to the service) based on the evaluation.
715 Citations
19 Claims
-
1. A method, comprising:
-
receiving data in a communication from a computing device of an identity provider; subsequent to receiving the data, receiving, by a second computing device, a request from a first computing device, the request for access by the first computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the first computing device; in response to the request, performing, by the second computing device, an evaluation of a configuration of the first computing device, wherein the evaluation comprises determining a risk level, and wherein the evaluation is based at least in part on the received data from the identity provider; performing, by the second computing device, an action based on the evaluation, wherein the action comprises sending a first communication to the computing device of the identity provider, the first communication indicating the risk level, wherein the identity provider is of record with the second computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication; determining whether the software component is installed on the first computing device; and in response to determining that the software component is not installed on the first computing device; creating a fingerprint of the first computing device, the fingerprint including data extracted from at least one communication from the first computing device; and determining whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a first computing device to:
-
receive data in a communication from a computing device of an identity provider; subsequent to receiving the data, receive a request from a second computing device, the request for access by the second computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the second computing device; in response to the request, perform an evaluation of the second computing device, wherein the evaluation is based at least in part on the received data from the identity provider; perform, by at least one processor, an action based on the evaluation, the action comprising sending a first communication to the computing device of the identity provider, wherein the identity provider is of record with the first computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication; determine whether the software component is installed on the second computing device; and in response to determining that the software component is not installed on the second computing device; create a fingerprint of the second computing device, the fingerprint including data extracted from at least one communication from the second computing device; and determine whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the first computing device. - View Dependent Claims (16)
-
-
17. A system, comprising:
-
at least one processor of a first computing device; and memory storing instructions configured to instruct the at least one processor to; receive data in a communication from a computing device of an identity provider; subsequent to receiving the data, receive a request from a second computing device, the request for access by the second computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the second computing device; in response to the request, perform an evaluation of the second computing device, wherein the evaluation is based at least in part on the received data from the identity provider; perform an action based on the evaluation, the action comprising sending a first communication to the computing device of the identity provider, wherein the identity provider is of record with the first computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication; determine whether the software component is installed on the second computing device; and in response to determining that the software component is not installed on the second computing device; create a fingerprint of the second computing device, the fingerprint including data extracted from at least one communication from the second computing device; and determine whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the first computing device. - View Dependent Claims (18, 19)
-
Specification