What technology area does this patent fall under?

Primary CPC classification H04L63/10. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 20 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Delegating authorization to applications on a client device in a networked environment

US9686287B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9686287-B2
Application number	US-201514662373-A
Country	US
Kind code	B2
Filing date	Mar 19, 2015
Priority date	Mar 15, 2013
Publication date	Jun 20, 2017
Grant date	Jun 20, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed are various embodiments for delegating security authorization to at least one application executed on a client device. A computing device is employed to send to a remote server, from an agent application, a request for a first access credential. The first access credential is received from the remote server and a determination is made by the agent application in communication with a managed application, that the managed application requires a second access credential. In response to the determination being made that the managed application requires the second access credential, the second access credential is sent to the managed application, from the agent application. An indication that the agent is authorized to be in communication with managed applications regarding a need for access credentials is stored and the agent application determines where at least one of the managed applications requires an access credential.

First claim

Opening claim text (preview).

Therefore, the following is claimed: 1. A non-transitory computer-readable medium for delegating security authorization to an agent application executable on a computing device embodying program instructions executable in the computing device that, when executed by the computing device, cause the computing device to: send, by the agent application executable on the computing device, a request over a network to a remote server requesting that the agent application be permitted to control access to at least one network resource on behalf of the remote server for a plurality of managed applications, the request comprising a device profile describing at least one characteristic of the computing device, the remote server being configured to permit the agent application to control access to the at least one resource for the plurality of managed applications based at least in part on an analysis of the at least one characteristic and a compliance rule; in response to the remote server permitting the agent application to control access to the at least one resource for the plurality of managed applications, store, by the agent application, an indication that the agent application is authorized to communicate access credentials to the plurality of managed applications on behalf of the remote server; determine, by the agent application, that a first one of the plurality of managed applications requires a first access credential; send, by the agent application, a request for the first access credential to the remote server; receive, by the agent application, the first access credential from the remote server; make, by the agent application being in communication with the plurality of managed applications, a determination that a second one of the plurality of managed applications requires a second access credential; and in response to the determination that the second one of the managed applications requires the second access credential, receive the second access credential from the remote server and provide the second access credential to the second one of the plurality of managed applications. 2. The non-transitory computer-readable medium of claim 1 , further comprising program instructions that, when executed by the computing device, cause the computing device to: send, by the agent application, a request for the second access credential to the remote server; and receive, by the agent application, the second access credential from the remote server. 3. The non-transitory computer-readable medium of claim 1 , wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises receiving, by the agent application, a request for the second access credential from the second one of the plurality of managed applications. 4. The non-transitory computer-readable medium of claim 1 , further comprising program instructions that, when executed by the computing device, cause the computing device to: access, by the agent application, at least one compliance rule received from the remote server; and determine, by the agent application, that the device profile for the computing device complies with the at least one compliance rule prior to sending the second access credential to the second one of the plurality of managed applications. 5. The non-transitory computer-readable medium of claim 1 , wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises determining, by the agent application, that the second one of the plurality of managed applications communicated with a resource server. 6. The non-transitory computer-readable medium of claim 1 , further comprising program instructions that, when executed by the computing device, causes the computing device to cause a revocation of the second access credential to be sent to the second one of the plurality of managed applications from the agent application. 7. A system for delegating security authorization to an agent application executable on a computing device, comprising: a computing device comprising at least one hardware processor; and program instructions executable in the computing device that, when executed, cause the computing device to: send, by the agent application executable on the computing device, a request over a network to a remote server requesting that the agent application be permitted to control access to at least one network resource on behalf of the remote server for a plurality of managed applications, the request comprising a device profile describing at least one characteristic of the computing device, the remote server being configured to permit the agent application to control access to the at least one resource for the plurality of managed applications based at least in part on an analysis of the at least one characteristic and a compliance rule; in response to the remote server permitting the agent application to control access to the at least one resource for the plurality of managed applications, store, by the agent application, an indication that the agent application is authorized to communicate access credentials to the plurality of managed applications on behalf of the remote server; determine, by the agent application, that a first one of the plurality of managed applications requires a first access credential; send, by the agent application, a request for the first access credential to the remote server; receive, by the agent application, the first access credential from the remote server; make, by the agent application being in communication with the plurality of managed applications, a determination that a second one of the plurality of managed applications requires a second access credential; and in response to the determination that the second one of the plurality of managed applications requires the second access credential, receive the second access credential from the remote server and provide the second access credential to the second one of the plurality of managed applications. 8. The system of claim 7 , further comprising program instructions that, when executed, cause the computing device to: send, by the agent application, a request for the second access credential to the remote server; and receive, by the agent application, the second access credential from the remote server. 9. The system of claim 7 , wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises receiving, by the agent application, a request for the second access credential from the second one of the plurality of managed applications. 10. The system of claim 7 , further comprising program instructions that, when executed, cause the computing device to: access, by the agent application, at least one compliance rule received from the remote server; and determine, by the agent application, that the device profile for the computing device complies with the at least one compliance rule prior to sending the second access credential to the second one of the plurality of managed applications. 11. The system of claim 7 , wherein determining that the second one of the plurality of managed applications requires the second access credential further comprises determining that the second one of the plurality of managed applications communicated with a resource server. 12. The system of claim 7 , further comprising program instructions that, when executed, cause the computing device to cause a revocation of the second access credential to be sent to the second one of the plurality of managed applications from t

Assignees

Inventors

Classifications

G06F21/335
for accessing specific resources, e.g. using Kerberos tickets · CPC title
H04L63/0876
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
H04L63/10Primary
for controlling access to devices or network resources · CPC title
H04L63/102Primary
Entity profiles · CPC title
H04L63/107
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title

Patent family

Related publications grouped by family.

View patent family 50631009

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9686287B2 cover?: Disclosed are various embodiments for delegating security authorization to at least one application executed on a client device. A computing device is employed to send to a remote server, from an agent application, a request for a first access credential. The first access credential is received from the remote server and a determination is made by the agent application in communication with a m…
Who is the assignee on this patent?: Airwatch Llc, Airwatch Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 20 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).