Delegating authorization to applications on a client device in a networked environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
G06F-021/33
G06F-007/04
H04L-029/06
출원번호
US-0840595
(2013-03-15)
등록번호
US-8997187
(2015-03-31)
발명자
/ 주소
Manton, John Joseph
출원인 / 주소
AirWatch LLC
대리인 / 주소
AirWatch LLC
인용정보
피인용 횟수 :
0인용 특허 :
116
초록▼
A computer-readable medium encoded with software for execution. When executed, the software may be operable to send to a remote server, from an agent application, a request for a first access credential. The software may also be operable to receive from the remote server, the first access credential
A computer-readable medium encoded with software for execution. When executed, the software may be operable to send to a remote server, from an agent application, a request for a first access credential. The software may also be operable to receive from the remote server, the first access credential. The software may further be operable to determine, by the agent application monitoring a managed application, that the managed application requires a second access credential. The software may additionally be operable to, in response to the determination that the managed application requires the second access credential, sending to the managed application, from the agent application, the second access credential.
대표청구항▼
1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to: send to a remote server, from an agent application, a request for a first access credential;receive from the remote server, the first access credential;determine, by the agent applicatio
1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to: send to a remote server, from an agent application, a request for a first access credential;receive from the remote server, the first access credential;determine, by the agent application monitoring a managed application, that the managed application requires a second access credential;in response to the determination that the managed application requires the second access credential, sending to the managed application, from the agent application, the second access credential;store, by the agent application, an identification of a plurality of managed applications to be monitored for a need of the second access credential; andmonitor, by the agent application, the plurality of managed applications for the need of the second access credential. 2. The non-transitory computer-readable medium of claim 1, wherein the software is further operable to: receive at least one compliance rule; anddetermine if a device profile complies with the at least one compliance rule prior to sending the second access credential. 3. The non-transitory computer-readable medium of claim 1, wherein the software is further operable to: determine, by the agent application monitoring the plurality of managed applications, that at least one of the plurality of managed applications requires the second access credential. 4. The non-transitory computer-readable medium of claim 1, wherein: determining that the managed application requires the second access credential comprises receiving, at the agent application, a request for the second access credential from the managed application. 5. The non-transitory computer-readable medium of claim 1, wherein: determining that the managed application requires the second access credential comprises monitoring, with the agent application, whether the managed application communicated with a resource server. 6. The non-transitory computer-readable medium of claim 1, wherein: the request comprises: a device identifier;a user credential; anddevice profile information. 7. The non-transitory computer-readable medium of claim 1, wherein: the request comprises a designation of at least the managed application as an intended delegate. 8. The non-transitory computer-readable medium of claim 1, wherein the software is further operable to: receive from the remote server a designation of at least the managed application as an allowable delegate. 9. The non-transitory computer-readable medium of claim 1, wherein the software is further operable to: send, to the managed application, from the agent application, a revocation of the second access credential. 10. The non-transitory computer-readable medium of claim 9, wherein the software is further operable to: receive instructions, from the remote server, to revoke a delegation of the second access credential. 11. The non-transitory computer-readable medium of claim 9, wherein the software is further operable to: receive instructions to revoke a delegation of the second access credential from a user. 12. The non-transitory computer-readable medium of claim 1, wherein: the second access credential comprises a token. 13. The non-transitory computer-readable medium of claim 12, wherein: the token is transmittable by the managed application to a resource server so as to provide access to the managed application to resources on the resource server. 14. A method comprising: sending to a remote server, from an agent application, a request for: a first access credential; andauthority to delegate the first access credential by granting at least a second access credential to at least one managed application;receiving from the remote server, the first access credential and an authority to delegate;determining that at least one managed application requires the second access credential;sending to the at least one managed application, from the agent application, the second access credential;store an identification of a plurality of managed applications to be monitored for a need of the second access credential; andmonitor the plurality of managed applications for the need of the second access credential. 15. The method of claim 14, wherein the method further comprises: receiving from the remote server at least one compliance rule associated with the first access credential; anddetermining if a device profile complies with the at least one compliance rule prior to sending the second access credential. 16. The method of claim 14, wherein the method further comprises: receiving from the remote server at least one compliance rule associated with the authority to delegate; anddetermining if a device profile complies with the at least one compliance rule prior to sending the second access credential. 17. A system comprising: a remote server configured to: receive, from an agent application on a client device, a request for a first authorization to access at least one resource on a resource server;determine whether the request should be granted; andsend, to the agent application on the client device, in response to a determination that the request should be granted, the first authorization and a second authorization to delegate the first authorization to at least a managed application;initiate storage in the agent application of an identification of a plurality of managed applications to be monitored for a need of a second authorization; andinitiate monitoring by the agent application of the plurality of managed applications for the need of the second authorization. 18. The system of claim 17, wherein: the remote server is further configured to: receive, from the agent application on the client device, a designation of at least the managed application; anddetermine if the managed application is an approved application.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (116)
Wood, David L.; Norton, Derk, Access management system and method employing secure credentials.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Administration of protection of data accessible by a mobile device.
Bhaskaran,Harikrishnan, Communication system and method for compressing information sent by a communication device to a target portable communication device.
Johnson, David Nephi; Nielson, Dustin Lance; Griffis, Jr., Jerry E.; Beus, David Kent; Jensen, Nathan Blaine; Street, William; Sherman, Paul Erik; Cook, Michael William; Carter, Stephen R, Credential mapping.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R. Stanley, Global server for authenticating access to remote services.
Shai Mohaban ; Itzhak Parnafes ; Yoram Ramberg IL; Yoram Snir IL; John Strassner, Method and apparatus of storing policies for policy-based management of quality of service treatments of network data traffic flows.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Maurya, Sanjiv; Tse, Benson Wei-Ming; VanZile, Frank; Bonham, Larry Dean; Peterson, Phil; Friend, John, Method and system for distributing and updating software in wireless devices.
Bruton, III, David Aro; Overby, Jr., Linwood H.; Rodriguez, Adolfo Francisco, Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources.
Farris Robert D. ; Flaherty Stephen J. ; Goodman William D., Mobile data/message/electronic mail download system utilizing network-centric protocol such as Java.
Marolia,Sunil; Chia,Teck; Dinh,John D. V.; Soberano,Vincent P.; Hamasaki, Jr.,Glenn; Gustafson,James P.; Pakarinen,Toni; Jacobi,Sidney A., Mobile services network for update of firmware/software in mobile handsets.
Wittstein Alan D. (Westport CT) Ciocca Giacomo A. (Thomaston CT), Mobile telephone device for storing a plurality of changable charge rates and time limit data.
Laird,David; Jones,Martin Kelly, Notification systems and methods enabling user entry of notification trigger information based upon monitored mobile vehicle location.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Phillips John C. ; Hayes ; Jr. John J., Recyclable cellular telephone and method and apparatus for supporting the use of a recyclable cellular telephone within.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Mann, Dwayne R.; Heard, Robert W.; Burchett, Christopher D.; Gordon, Ian R., Server, computer memory, and method to support security policy maintenance and distribution.
Wolovitz, Lionel; Collins, Tim, Service management system and associated methodology of providing service related message prioritization in a mobile client.
Ng, Mason; Mendez, Daniel J.; Quinlan, Sean Michael, System and method for automatically forwarding email and email events via a computer network to a server computer.
Heard, Robert W.; Mann, Dwayne R.; Burchett, Christopher D.; Gordon, Ian R., System and method for distribution of security policies for mobile devices.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Mendez,Daniel J.; Riggins,Mark D.; Wagle,Prasad; Bui,Hong Q.; Ng,Mason; Quinlan,Sean Michael; Ying,Christine C.; Zuleeg,Christopher R.; Cowan,David J.; Aptekar Strober,Joanna A.; Bailes,R. Stanley, System and method for globally and securely accessing unified information in a computer network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for synchronizing electronic mail between a client site and a central site.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Piccionelli, Greg A.; Rittmaster, Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
Clark Ted H. ; Malisewski Steven C. ; Cooper Patrick R. ; Crosswy William Caldwell ; Crochet Larry J., System for automatic synchronization of common file between portable computer and host computer via communication channe.
Nagamatsu Jun (Kawasaki JPX) Terashima Masaki (Yokohama JPX) Yamada Jun (Yokohama JPX), System for preventing unauthorized use of a micro cellular system operating in coexistence with a cellular system.
Boebert William E. ; Rogers Clyde O. ; Andreas Glenn ; Hammond Scott W. ; Gooderum Mark P., System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.