FLEXIBLE END-POINT COMPLIANCE AND STRONG AUTHENTICATION FOR DISTRIBUTED HYBRID ENTERPRISES
First Claim
1. A method for use by a client computer to access at least one resource hosted by at least one server controlled by at least one service provider, comprising:
- sending, to an access control gateway controlled by at least one enterprise different from the at least one service provider, authentication information associated with a user of the client computer and a statement of health regarding the client computer;
receiving a security token from the access control gateway;
sending, to the at least one server hosting the at least one resource, the security token received from the access control gateway; and
accessing the at least one resource from the at least one server.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise'"'"'s managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.
180 Citations
20 Claims
-
1. A method for use by a client computer to access at least one resource hosted by at least one server controlled by at least one service provider, comprising:
-
sending, to an access control gateway controlled by at least one enterprise different from the at least one service provider, authentication information associated with a user of the client computer and a statement of health regarding the client computer; receiving a security token from the access control gateway; sending, to the at least one server hosting the at least one resource, the security token received from the access control gateway; and accessing the at least one resource from the at least one server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A client computer for accessing at least one resource hosted by at least one server controlled by at least one service provider, comprising at least one processor programmed to:
-
send, to an access control gateway controlled by at least one enterprise different from the at least one service provider, access request information purporting to indicate that the client computer is authorized to access the at least one resource; receive a security token from the access control gateway; send, to the at least one server hosting the at least one resource, the security token received from the access control gateway; and access the at least one resource from the at least one server. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. At least one non-transitory computer-readable medium having encoded thereon instructions that, when executed by at least one processor, perform a method for use by an access gateway controlled by at least one enterprise, the method comprising:
-
receiving, from a client computer, access request information purporting to indicate that the client computer is authorized to access at least one resource hosted by at least one server controlled by at least one service provider different from the at least one enterprise; determining, based at least in part on the access request information, whether the client computer is authorized to access the at least one resource; and if it is determined that the client computer is authorized to access the at least one resource, sending a security token to the client computer to be presented to the at least one server to obtain access to the at least one resource. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification