Context-based authentication of mobile devices

CAFC
  • US 9,426,182 B1
  • Filed: 01/07/2014
  • Issued: 08/23/2016
  • Est. Priority Date: 01/07/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • storing, by an access control system, action control policies for a plurality of enterprises, wherein the access control system is external to each of the plurality of enterprises;

    storing, by the access control system, action control policies for the plurality of enterprises as a mapping from contexts of requests to the action control policies, each context specifying one or more attributes describing a request received from a client device, wherein the request is for an action performed by an application hosted by a software as a services (SaaS) hosting system, each action control policy identifying actions that the client device is allowed in a given context;

    receiving, by the access control system, from a first client device, a first request for interacting with the application hosted by the SaaS hosting system, the first request providing information describing a first context;

    identifying a first enterprise from the plurality of enterprises, the first enterprise associated with the first client device;

    determining, by the access control system, a first action control policy associated with the first enterprise for the first context based on the mapping, the first action control policy allowing a first set of actions supported by the application;

    sending information describing the first action control policy to the first client device for enforcement of the first action control policy by an agent executing on the first client device;

    receiving from a second client device, a second request for interacting with the application hosted by the SaaS hosting system, the second request providing information describing a second context;

    identifying a second enterprise from the plurality of enterprises, the second enterprise associated with the second client device;

    determining a second action control policy associated with the second enterprise for the second context based on the mapping, the second action control policy allowing a second set of actions supported by the application; and

    sending information describing the second action control policy to the second client device for enforcement of the second action control policy by the agent executing on the second client device.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×