Delegating authorization to applications on a client device in a networked environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/33
출원번호
US-0662373
(2015-03-19)
등록번호
US-9686287
(2017-06-20)
발명자
/ 주소
Manton, John Joseph
Kommireddy, Sridhara Babu
Rykowski, Adam Stephen
출원인 / 주소
AirWatch, LLC
대리인 / 주소
Thomas | Horstemeyer, LLP
인용정보
피인용 횟수 :
2인용 특허 :
114
초록▼
Disclosed are various embodiments for delegating security authorization to at least one application executed on a client device. A computing device is employed to send to a remote server, from an agent application, a request for a first access credential. The first access credential is received from
Disclosed are various embodiments for delegating security authorization to at least one application executed on a client device. A computing device is employed to send to a remote server, from an agent application, a request for a first access credential. The first access credential is received from the remote server and a determination is made by the agent application in communication with a managed application, that the managed application requires a second access credential. In response to the determination being made that the managed application requires the second access credential, the second access credential is sent to the managed application, from the agent application. An indication that the agent is authorized to be in communication with managed applications regarding a need for access credentials is stored and the agent application determines where at least one of the managed applications requires an access credential.
대표청구항▼
1. A non-transitory computer-readable medium for delegating security authorization to an agent application executable on a computing device embodying program instructions executable in the computing device that, when executed by the computing device, cause the computing device to: send, by the agent
1. A non-transitory computer-readable medium for delegating security authorization to an agent application executable on a computing device embodying program instructions executable in the computing device that, when executed by the computing device, cause the computing device to: send, by the agent application executable on the computing device, a request over a network to a remote server requesting that the agent application be permitted to control access to at least one network resource on behalf of the remote server for a plurality of managed applications, the request comprising a device profile describing at least one characteristic of the computing device, the remote server being configured to permit the agent application to control access to the at least one resource for the plurality of managed applications based at least in part on an analysis of the at least one characteristic and a compliance rule;in response to the remote server permitting the agent application to control access to the at least one resource for the plurality of managed applications, store, by the agent application, an indication that the agent application is authorized to communicate access credentials to the plurality of managed applications on behalf of the remote server;determine, by the agent application, that a first one of the plurality of managed applications requires a first access credential;send, by the agent application, a request for the first access credential to the remote server;receive, by the agent application, the first access credential from the remote server;make, by the agent application being in communication with the plurality of managed applications, a determination that a second one of the plurality of managed applications requires a second access credential; andin response to the determination that the second one of the managed applications requires the second access credential, receive the second access credential from the remote server and provide the second access credential to the second one of the plurality of managed applications. 2. The non-transitory computer-readable medium of claim 1, further comprising program instructions that, when executed by the computing device, cause the computing device to: send, by the agent application, a request for the second access credential to the remote server; andreceive, by the agent application, the second access credential from the remote server. 3. The non-transitory computer-readable medium of claim 1, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises receiving, by the agent application, a request for the second access credential from the second one of the plurality of managed applications. 4. The non-transitory computer-readable medium of claim 1, further comprising program instructions that, when executed by the computing device, cause the computing device to: access, by the agent application, at least one compliance rule received from the remote server; anddetermine, by the agent application, that the device profile for the computing device complies with the at least one compliance rule prior to sending the second access credential to the second one of the plurality of managed applications. 5. The non-transitory computer-readable medium of claim 1, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises determining, by the agent application, that the second one of the plurality of managed applications communicated with a resource server. 6. The non-transitory computer-readable medium of claim 1, further comprising program instructions that, when executed by the computing device, causes the computing device to cause a revocation of the second access credential to be sent to the second one of the plurality of managed applications from the agent application. 7. A system for delegating security authorization to an agent application executable on a computing device, comprising: a computing device comprising at least one hardware processor; andprogram instructions executable in the computing device that, when executed, cause the computing device to: send, by the agent application executable on the computing device, a request over a network to a remote server requesting that the agent application be permitted to control access to at least one network resource on behalf of the remote server for a plurality of managed applications, the request comprising a device profile describing at least one characteristic of the computing device, the remote server being configured to permit the agent application to control access to the at least one resource for the plurality of managed applications based at least in part on an analysis of the at least one characteristic and a compliance rule;in response to the remote server permitting the agent application to control access to the at least one resource for the plurality of managed applications, store, by the agent application, an indication that the agent application is authorized to communicate access credentials to the plurality of managed applications on behalf of the remote server;determine, by the agent application, that a first one of the plurality of managed applications requires a first access credential;send, by the agent application, a request for the first access credential to the remote server;receive, by the agent application, the first access credential from the remote server;make, by the agent application being in communication with the plurality of managed applications, a determination that a second one of the plurality of managed applications requires a second access credential; andin response to the determination that the second one of the plurality of managed applications requires the second access credential, receive the second access credential from the remote server and provide the second access credential to the second one of the plurality of managed applications. 8. The system of claim 7, further comprising program instructions that, when executed, cause the computing device to: send, by the agent application, a request for the second access credential to the remote server; andreceive, by the agent application, the second access credential from the remote server. 9. The system of claim 7, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises receiving, by the agent application, a request for the second access credential from the second one of the plurality of managed applications. 10. The system of claim 7, further comprising program instructions that, when executed, cause the computing device to: access, by the agent application, at least one compliance rule received from the remote server; anddetermine, by the agent application, that the device profile for the computing device complies with the at least one compliance rule prior to sending the second access credential to the second one of the plurality of managed applications. 11. The system of claim 7, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises determining that the second one of the plurality of managed applications communicated with a resource server. 12. The system of claim 7, further comprising program instructions that, when executed, cause the computing device to cause a revocation of the second access credential to be sent to the second one of the plurality of managed applications from the agent application. 13. The system of claim 7, wherein the request for the first access credential comprises at least one of: a device identifier, a user credential, or device profile information. 14. A computer-implemented method for delegating security authorization to an agent application executable on a computing device, comprising: sending, by the agent application, a request over a network to a remote server requesting that the agent application be permitted to control access to at least one network resource on behalf of the remote server for a plurality of managed applications, the request comprising a device profile describing at least one characteristic of the computing device, the remote server being configured to permit the agent application to control access to the at least one resource for the plurality of managed applications based at least in part on an analysis of the at least one characteristic and a compliance rule;in response to the remote server permitting the agent application to control access to the at least one resource for the plurality of managed applications, storing, by the agent application, an indication that the agent application is authorized to communicate access credentials to the plurality of managed applications on behalf of the remote server;determining, by the agent application, that a first one of the plurality of managed applications requires a first access credential;sending, by the agent application, a request for the first access credential to the remote server;receiving, by the agent application, the first access credential from the remote server;making, by the agent application being in communication with the plurality of managed applications, a determination that a second one of the plurality of managed applications requires a second access credential; andin response to the determination that the second one of the plurality of managed applications requires the second access credential, receiving the second access credential from the remote server and providing the second access credential to the second one of the plurality of managed applications. 15. The computer-implemented method of claim 14, further comprising: sending, by the agent application, a request for the second access credential to the remote server; andreceiving, by the agent application, the second access credential from the remote server. 16. The computer-implemented method of claim 14, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises receiving, by the agent application, a request for the second access credential from the second one of the plurality of managed applications. 17. The computer-implemented method of claim 14, further comprising: accessing, by the agent application, at least one compliance rule received from the remote server; anddetermining, by the agent application, that a device profile for the computing device complies with the at least one compliance rule prior to sending the second access credential to the second one of the plurality of managed applications. 18. The computer-implemented method of claim 14, wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises determining that the second one of the plurality of managed applications communicated with a resource server. 19. The computer-implemented method of claim 14, further comprising causing, by the agent application, a revocation of the second access credential to be sent to the second one of the plurality of managed applications from the agent application. 20. The computer-implemented method of claim 14, wherein the request for the first access credential comprises at least one of: a device identifier, a user credential, or device profile information.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (114)
Wood, David L.; Norton, Derk, Access management system and method employing secure credentials.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Administration of protection of data accessible by a mobile device.
Bhaskaran,Harikrishnan, Communication system and method for compressing information sent by a communication device to a target portable communication device.
Johnson, David Nephi; Nielson, Dustin Lance; Griffis, Jr., Jerry E.; Beus, David Kent; Jensen, Nathan Blaine; Street, William; Sherman, Paul Erik; Cook, Michael William; Carter, Stephen R, Credential mapping.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R. Stanley, Global server for authenticating access to remote services.
Shai Mohaban ; Itzhak Parnafes ; Yoram Ramberg IL; Yoram Snir IL; John Strassner, Method and apparatus of storing policies for policy-based management of quality of service treatments of network data traffic flows.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Maurya, Sanjiv; Tse, Benson Wei-Ming; VanZile, Frank; Bonham, Larry Dean; Peterson, Phil; Friend, John, Method and system for distributing and updating software in wireless devices.
Bruton, III, David Aro; Overby, Jr., Linwood H.; Rodriguez, Adolfo Francisco, Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources.
Farris Robert D. ; Flaherty Stephen J. ; Goodman William D., Mobile data/message/electronic mail download system utilizing network-centric protocol such as Java.
Marolia,Sunil; Chia,Teck; Dinh,John D. V.; Soberano,Vincent P.; Hamasaki, Jr.,Glenn; Gustafson,James P.; Pakarinen,Toni; Jacobi,Sidney A., Mobile services network for update of firmware/software in mobile handsets.
Wittstein Alan D. (Westport CT) Ciocca Giacomo A. (Thomaston CT), Mobile telephone device for storing a plurality of changable charge rates and time limit data.
Laird,David; Jones,Martin Kelly, Notification systems and methods enabling user entry of notification trigger information based upon monitored mobile vehicle location.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Phillips John C. ; Hayes ; Jr. John J., Recyclable cellular telephone and method and apparatus for supporting the use of a recyclable cellular telephone within.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Mann, Dwayne R.; Heard, Robert W.; Burchett, Christopher D.; Gordon, Ian R., Server, computer memory, and method to support security policy maintenance and distribution.
Wolovitz, Lionel; Collins, Tim, Service management system and associated methodology of providing service related message prioritization in a mobile client.
Ng, Mason; Mendez, Daniel J.; Quinlan, Sean Michael, System and method for automatically forwarding email and email events via a computer network to a server computer.
Heard, Robert W.; Mann, Dwayne R.; Burchett, Christopher D.; Gordon, Ian R., System and method for distribution of security policies for mobile devices.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Mendez,Daniel J.; Riggins,Mark D.; Wagle,Prasad; Bui,Hong Q.; Ng,Mason; Quinlan,Sean Michael; Ying,Christine C.; Zuleeg,Christopher R.; Cowan,David J.; Aptekar Strober,Joanna A.; Bailes,R. Stanley, System and method for globally and securely accessing unified information in a computer network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for synchronizing electronic mail between a client site and a central site.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Piccionelli, Greg A.; Rittmaster, Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
Clark Ted H. ; Malisewski Steven C. ; Cooper Patrick R. ; Crosswy William Caldwell ; Crochet Larry J., System for automatic synchronization of common file between portable computer and host computer via communication channe.
Nagamatsu Jun (Kawasaki JPX) Terashima Masaki (Yokohama JPX) Yamada Jun (Yokohama JPX), System for preventing unauthorized use of a micro cellular system operating in coexistence with a cellular system.
Boebert William E. ; Rogers Clyde O. ; Andreas Glenn ; Hammond Scott W. ; Gooderum Mark P., System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.