Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the us
Disclosed are various embodiments for controlling access to data on a network. In one embodiment, a proxy service receives a request from a user on a client device to access a quantity of enterprise resources served up by an enterprise device. In response, the proxy service determines whether the user on the client device has been authenticated to access the enterprise resources. The proxy service also determines whether the client device from which the user requested the access is authorized to access the enterprise resources. Responsive to the determination that the user is authentic and that the client device is authorized, the proxy service associates a set of approved enterprise access credentials with the request and facilitates the transmission of the requested enterprise resources to the client device.
대표청구항▼
1. A system, comprising: a proxy server that receives a request from a user of one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, wherein the request comprises a set of user access credentials associated with the user and a
1. A system, comprising: a proxy server that receives a request from a user of one of a plurality of client devices to access at least one enterprise resource provided by an enterprise device on a network, wherein the request comprises a set of user access credentials associated with the user and a device identifier associated with the one of the plurality of client devices, the proxy server being configured to: store a copy of a plurality of device profiles respectively associated with the plurality of client devices,receive periodic updates to the plurality of device profiles from the respectively associated plurality of client devices, andauthenticate the user and the client device to determine whether the user is authorized to access to access the requested at least one enterprise resource from the client device, wherein the proxy server authenticates the user based at least in part on the set of user access credentials associated with the user and authenticates the client device based at least in part on the device identifier associated with the client device;a compliance service that authorizes the client device to communicate with the enterprise device in response to the proxy server authenticating the user and the client device, wherein the compliance service authorizes the client device based at least in part on a determination of whether the periodically updated device profile associated with the client device stored on the proxy server is in compliance with at least one compliance rule; andwherein the proxy server is further configured to: modify the request to remove the user access credentials and insert a set of approved enterprise access credentials,transmit the modified request to the enterprise device if the client device is authorized to communicate with the enterprise device and the user has permission to access the at least one enterprise resource from the client device,receive the at least one enterprise resource provided by the enterprise device; andtransmitting the at least one enterprise resource to the client device. 2. The system of claim 1, wherein the user access credentials provide the user with access to the proxy server. 3. The system of claim 1, wherein the user access credentials are insufficient alone to provide the user with access to the enterprise device. 4. The system of claim 1, wherein the proxy server authenticates the user and the client device by determining whether the user access credentials match at least one of a plurality of approved user access credentials and determining whether the device identifier matches at least one of a plurality of approved identifiers. 5. The system of claim 4, wherein the approved user access credentials and the approved device identifiers are stored in a data store accessible to the proxy server. 6. The system of claim 1, wherein the at least one compliance rule is specific to the at least one enterprise resource. 7. The system of claim 1, wherein the at least one compliance rule comprises at least one of a plurality of hardware restrictions, a plurality of software restrictions, and a plurality of device management restrictions. 8. The system of claim 1, wherein the user access credentials comprise a user name, a password, and biometric data associated with at least one of facial recognition, retina recognition, and fingerprint recognition. 9. A method comprising: receiving a request from a user of a client device to access a quantity of enterprise resources provided by an enterprise device, the request comprising a set of user access credentials associated with the user and a device identifier associated with the client device;authenticating the user based at least in part on the user access credentials and the client device based at least in part on the device identifier;in response to authenticating the user and the client device, determining whether the client device is authorized to access the requested quantity of enterprise resources, wherein determining whether the client device is authorized comprises determining whether a periodically updated device profile associated with the client device is in compliance with at least one compliance rule;modifying the request to remove the user access credentials and insert a set of approved enterprise access credentials;transmitting the modified request to the enterprise device to receive the requested quantity of enterprise resources;receiving the requested quantity of enterprise resources from the enterprise device; andtransmitting the requested quantity of enterprise resources to the client device. 10. The method of claim 9, wherein the user access credentials are insufficient alone to provide the user with access to the enterprise device. 11. The method of claim 9, wherein the at least one compliance rule comprises one of a plurality of compliance rules comprising at least one of a plurality of software restrictions, a plurality of hardware restrictions, and a plurality of device management restrictions. 12. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed, performing a method comprising: receiving a request from a user of a client device to access a quantity of enterprise resources provided by an enterprise device, the request comprising a set of user access credentials associated with the user and a device identifier associated with the client device;authenticating the user based at least in part on the user access credentials and the client device based at least in part on the device identifier;in response to authenticating the user and the client device, determining whether the client device is authorized to access the requested quantity of enterprise resources, wherein determining whether the client device is authorized comprises determining whether a periodically updated device profile associated with the client device is in compliance with at least one compliance rule;modifying the request to remove the user access credentials and insert a set of approved enterprise access credentials;transmitting the modified request to the enterprise device to receive the requested quantity of enterprise resources;receiving the requested quantity of enterprise resources from the enterprise device; andtransmitting the requested quantity of enterprise resources to the client device. 13. The computer readable medium of claim 12, wherein the user access credentials are insufficient alone to provide the user with access to the requested quantity of enterprise resources. 14. The computer readable medium of claim 12, wherein the at least one compliance rule comprises one of a plurality of compliance rules comprising at least one of a plurality of hardware restrictions, a plurality of software restrictions, and a plurality of device management restrictions. 15. The computer readable medium of claim 12, wherein the user access credentials comprise a user name, a password, and biometric data related to at least one of facial recognition, fingerprint recognition, and retina recognition.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (113)
Wood, David L.; Norton, Derk, Access management system and method employing secure credentials.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Administration of protection of data accessible by a mobile device.
Bhaskaran,Harikrishnan, Communication system and method for compressing information sent by a communication device to a target portable communication device.
Johnson, David Nephi; Nielson, Dustin Lance; Griffis, Jr., Jerry E.; Beus, David Kent; Jensen, Nathan Blaine; Street, William; Sherman, Paul Erik; Cook, Michael William; Carter, Stephen R, Credential mapping.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R. Stanley, Global server for authenticating access to remote services.
Shai Mohaban ; Itzhak Parnafes ; Yoram Ramberg IL; Yoram Snir IL; John Strassner, Method and apparatus of storing policies for policy-based management of quality of service treatments of network data traffic flows.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Maurya, Sanjiv; Tse, Benson Wei-Ming; VanZile, Frank; Bonham, Larry Dean; Peterson, Phil; Friend, John, Method and system for distributing and updating software in wireless devices.
Bruton, III, David Aro; Overby, Jr., Linwood H.; Rodriguez, Adolfo Francisco, Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources.
Farris Robert D. ; Flaherty Stephen J. ; Goodman William D., Mobile data/message/electronic mail download system utilizing network-centric protocol such as Java.
Marolia,Sunil; Chia,Teck; Dinh,John D. V.; Soberano,Vincent P.; Hamasaki, Jr.,Glenn; Gustafson,James P.; Pakarinen,Toni; Jacobi,Sidney A., Mobile services network for update of firmware/software in mobile handsets.
Wittstein Alan D. (Westport CT) Ciocca Giacomo A. (Thomaston CT), Mobile telephone device for storing a plurality of changable charge rates and time limit data.
Laird,David; Jones,Martin Kelly, Notification systems and methods enabling user entry of notification trigger information based upon monitored mobile vehicle location.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Phillips John C. ; Hayes ; Jr. John J., Recyclable cellular telephone and method and apparatus for supporting the use of a recyclable cellular telephone within.
Mann, Dwayne R.; Heard, Robert W.; Burchett, Christopher D.; Gordon, Ian R., Server, computer memory, and method to support security policy maintenance and distribution.
Wolovitz, Lionel; Collins, Tim, Service management system and associated methodology of providing service related message prioritization in a mobile client.
Ng, Mason; Mendez, Daniel J.; Quinlan, Sean Michael, System and method for automatically forwarding email and email events via a computer network to a server computer.
Heard, Robert W.; Mann, Dwayne R.; Burchett, Christopher D.; Gordon, Ian R., System and method for distribution of security policies for mobile devices.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Mendez,Daniel J.; Riggins,Mark D.; Wagle,Prasad; Bui,Hong Q.; Ng,Mason; Quinlan,Sean Michael; Ying,Christine C.; Zuleeg,Christopher R.; Cowan,David J.; Aptekar Strober,Joanna A.; Bailes,R. Stanley, System and method for globally and securely accessing unified information in a computer network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for synchronizing electronic mail between a client site and a central site.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Piccionelli, Greg A.; Rittmaster, Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
Clark Ted H. ; Malisewski Steven C. ; Cooper Patrick R. ; Crosswy William Caldwell ; Crochet Larry J., System for automatic synchronization of common file between portable computer and host computer via communication channe.
Nagamatsu Jun (Kawasaki JPX) Terashima Masaki (Yokohama JPX) Yamada Jun (Yokohama JPX), System for preventing unauthorized use of a micro cellular system operating in coexistence with a cellular system.
Boebert William E. ; Rogers Clyde O. ; Andreas Glenn ; Hammond Scott W. ; Gooderum Mark P., System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting.
Kim, Jin Pil; Thomas, C. Gomer, Virtual channel table for a broadcast protocol and method of broadcasting and receiving broadcast signals using the same.
Schatzberg, Uri; Amizur, Yuval; Banin, Leor; Sirotkin, Alexander Sasha, Wireless time of flight security, user authentication, and variable QoS position accuracy protocol.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.