Policy-based compliance management and remediation of devices in an enterprise system
US-2016088021-A1 · Mar 24, 2016 · US
Systems and methods for endpoint management
US12432205B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12432205-B2 |
| Application number | US-202318476896-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 28, 2023 |
| Priority date | Jun 29, 2016 |
| Publication date | Sep 30, 2025 |
| Grant date | Sep 30, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: detecting an authentication request on behalf of a user from an endpoint computing device associated with the user for accessing a computer resource; in response to detecting the authentication request, authenticating the user using a first authentication process; wherein the authenticating the user further comprises accessing a policy defining whether access to the computer resource requires determination of a management status of the endpoint computing device, the management status indicating whether a software management agent of a device management platform is installed on the endpoint computing device that is accessible to the endpoint computing device and that enforces one or more device management policies associated with an enterprise network; wherein the authenticating the user further comprises collecting management status indicia that comprise data usable to determine the management status of the endpoint computing device, wherein the management status indicia is based on a digital certificate identifying the endpoint computing device, wherein the digital certificate is received from a device management platform corresponding to the enterprise network and installed on the endpoint computing device; identifying the management status of the endpoint computing device based on the collected management status indicia; controlling access to the computer resource based on the identified management status of the endpoint computing device, wherein the controlling access to the computer resource comprises determining whether to initiate a secondary authentication of the user in addition to the first authentication process, based on the identified management status of the endpoint computing device; initiating the secondary authentication if the management status of the endpoint computing device is determined to be unmanaged; and allowing the endpoint computing device access to the computer resource without initiating secondary authentication, if the management status of the endpoint computing device is determined to be managed. 2. The method of claim 1 wherein the first authentication process comprises receiving login credentials from the user and validating the login credentials. 3. The method of claim 1 wherein the secondary authentication comprises biometric authentication. 4. The method of claim 1 wherein the controlling access to the computer resource comprises initiating a workflow that configures the endpoint computing device as a managed device. 5. The method of claim 1 wherein the collected management status indicia comprise a remote attestation. 6. The method of claim 1 wherein the collected management status indicia comprises cryptographically signed data. 7. The method of claim 6 wherein the cryptographically signed data is generated using a shared secret. 8. One or more non-transitory computer readable storage media encoded with instructions that, when executed by one or more processors of a remote computer security platform, causes the one or more processors to perform operations including: detecting an authentication request on behalf of a user from an endpoint computing device associated with the user for accessing a computer resource; in response to detecting the authentication request, authenticating the user using a first authentication process; wherein the authenticating the user comprises accessing a policy defining whether access to the computer resource requires determination of a management status of the endpoint computing device, the management status indicating whether a software management agent of a device management platform is installed on the endpoint computing device that is accessible to the endpoint computing device and that enforces one or more device management policies associated with an enterprise network; wherein the authenticating the user further comprises collecting management status indicia that comprise data usable to determine the management status of the endpoint computing device, wherein the management status indicia is based on a digital certificate identifying the endpoint computing device, wherein the digital certificate is received from a device management platform corresponding to the enterprise network and installed on the endpoint computing device; identifying the management status of the endpoint computing device based on the management status indicia; controlling access to the computer resource based on the identified management status of the endpoint computing device, wherein the controlling access to the computer resource comprises determining whether to initiate a secondary authentication of the user in addition to the first authentication process, based on the identified management status of the endpoint computing device; initiating the secondary authentication if the management status of the endpoint computing device is determined to be unmanaged; and allowing the endpoint computing device access to the computer resource without initiating secondary authentication, if the management status of the endpoint computing device is determined to be managed. 9. The one or more non-transitory computer readable storage media of claim 8 wherein the first authentication process comprises receiving login credentials from the user and validating the login credentials. 10. The one or more non-transitory computer readable storage media of claim 9 wherein the secondary authentication comprises biometric authentication. 11. The one or more non-transitory computer readable storage media of claim 8 wherein the controlling access to the computer resource comprises initiating a workflow that configures the endpoint computing device as a managed device. 12. The one or more non-transitory computer readable storage media of claim 8 wherein the collected management status indicia comprise a remote attestation. 13. The one or more non-transitory computer readable storage media of claim 8 wherein the collected management status indicia comprises cryptographically signed data. 14. The one or more non-transitory computer readable storage media of claim 13 wherein the cryptographically signed data is generated using a shared secret. 15. A system comprising: an endpoint computing device; and a remote computer security platform comprising one or more servers, the remote computer security platform configured to perform operations including: detecting an authentication request on behalf of a user from the endpoint computing device associated with the user for accessing a computer resource; in response to detecting the authentication request, authenticating the user using a first authentication process; wherein the authenticating the user comprises accessing a policy defining whether access to the computer resource requires determination of a management status of the endpoint computing device, the management status indicating whether a software management agent of a device management platform is installed on the endpoint computing device that is accessible to the endpoint computing device and that enforces one or more device management policies associated with an enterprise network; wherein the authenticating the user further comprises collecting management status indicia that comprise data usable to determine the management status of the endpoint computing device, wherein the management status indicia is based on a digital certificate identifying the endpoint computing device, wherein the digital certificate is received from a device management platform corresponding to the enterprise network and installed on the endpoint co
Assignees
Inventors
Classifications
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Authentication · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Access security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12432205B2 cover?
- A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting ma…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).