Associating a device with a user account
US-9172699-B1 · Oct 27, 2015 · US
Certificate based profile confirmation
US9819682B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9819682-B2 |
| Application number | US-201313835542-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 15, 2013 |
| Priority date | Mar 15, 2013 |
| Publication date | Nov 14, 2017 |
| Grant date | Nov 14, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A method for managing a device independent of enrollment with a mobile device management (MDM) service, comprising: installing a profile in the device, wherein the profile specifies that an application is permitted to execute on the device, the profile comprises a certificate that uniquely identifies the profile from another profile, the profile is uniquely associated with the application, and the certificate comprises at least one of a root certificate or an intermediate certificate; storing the certificate in storage accessible to the device to indicate that the profile is installed in the device and that the profile is applicable to the device; receiving, using the device, a request to execute the application on the device; in response to the request to execute the application, determining, using the device, that the certificate is located in the storage accessible to the device to verify that the profile that specifies that the application is permitted to execute on the device is applicable to the device; and responsive to determining that the certificate is located in the storage accessible to the device, initiating an execution of the application on the device. 2. The method for managing the device independent of enrollment with the MDM service of claim 1 , wherein determining whether the certificate is located in storage accessible to the device includes determining whether the certificate is installed in a memory of the device. 3. The method for managing the device independent of enrollment with the MDM service of claim 1 , further comprising, responsive to determining that the certificate is located in storage accessible to the device, sending an access request to access a resource in a remote server. 4. The method for managing the device independent of enrollment with the MDM service of claim 1 , wherein the profile specifies a plurality of mandated settings. 5. The method for managing the device independent of enrollment with the MDM service of claim 4 , wherein at least one of the plurality of mandated settings controls data transfer between the device and a remote server. 6. The method for managing the device independent of enrollment with the MDM service of claim 4 , wherein at least one of the plurality of mandated settings is associated with at least one of: a camera function of the device, a screen capture function of the device, a communication function of the device, or an audio function of the device. 7. The method for managing the device independent of enrollment with the MDM service of claim 1 , wherein storing the certificate in storage accessible to the device includes storing the certificate in a trust store of the device, and wherein determining that the certificate is located in the storage accessible to the device includes determining whether the certificate is stored in the device. 8. The method for managing the device independent of enrollment with the MDM service of claim 7 , further comprising periodically determining whether the certificate is accessible to the device. 9. A method for managing a device independent of enrollment with a mobile device management (MDM) service, comprising: determining, by the device, that a profile has been disabled in the device, wherein the profile specifies that an application is permitted to execute on the device, the profile is uniquely associated with the application, the profile comprises a certificate that uniquely identifies the profile from another profile, and the certificate comprises at least one of a root certificate or an intermediate certificate; in response to determining that the profile has been disabled in the device, removing the certificate from storage that is accessible to the device to indicate that the profile has been uninstalled from the device; receiving, in the device, a request to execute the application on the device; determining, using the device, that the certificate is inaccessible to the device; and responsive to determining that the certificate is inaccessible to the device, refusing the request to execute the application in the device. 10. The method for managing the device independent of enrollment with the MDM service of claim 9 , wherein the profile further includes a setting that controls data transfer between the device and a remote server. 11. An apparatus for managing a computing device independent of enrollment with a mobile device management (MDM) service, the computing device comprising: a display; and at least one processor configured to execute program instructions that cause the at least one processor to at least: install a profile that specifies that an application is permitted to execute on the computing device, wherein the profile comprises a certificate that uniquely the profile from another profile, the profile is uniquely associated with the application, and the certificate comprises at least one of a root certificate or an intermediate certificate; install the certificate associated with the profile to indicate to the computing device that the computing device is in compliance with the profile; receive a request to execute the application by the at least one processor; in response to the request to execute the application, determine that the certificate is installed the computing device; and responsive to a determination that the certificate is installed on the computing device, execute the application. 12. The apparatus for managing the computing device independent of the enrollment with MDM service of claim 11 , wherein the program instructions further cause the at least one processor to, responsive to the determination that the certificate is accessible to the computing device, send a notification to a remote server. 13. The apparatus for managing the computing device independent of enrollment with the MDM service of claim 11 , wherein the profile further includes a setting that controls data transfer between the computing device and a remote server. 14. The apparatus for managing the computing device independent of enrollment with the MDM service of claim 11 , wherein the profile further includes a setting operative to disable at least one of a camera function of the computing device, a screen capture function of the computing device, a communication function of the computing device, or an audio function of the apparatus of the computing device. 15. The apparatus for managing the computing device independent of enrollment with the MDM service of claim 11 , wherein the profile comprises a root certificate. 16. The apparatus for managing the computing device independent of enrollment with the MDM service of claim 11 , wherein the profile comprises an intermediate certificate. 17. The apparatus of claim 11 for managing the computing device independent of enrollment with the MDM service, wherein the profile further specifies that a particular application is to be installed on the computing device. 18. The apparatus of claim 11 for managing the computing device independent of enrollment with the MDM service, wherein the profile further specifies an email account configuration.
Assignees
Inventors
Classifications
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
by adding security routines or objects to programs · CPC title
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
for accessing specific resources, e.g. using Kerberos tickets · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9819682B2 cover?
- Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the…
- Who is the assignee on this patent?
- Sky Socket Llc, Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 14 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).