Associating a device with a user account
US-9172699-B1 · Oct 27, 2015 · US
Certificate based profile confirmation
USRE49585E · US · E1
| Field | Value |
|---|---|
| Publication number | US-RE49585-E |
| Application number | US-202017109950-A |
| Country | US |
| Kind code | E1 |
| Filing date | Dec 2, 2020 |
| Priority date | Mar 15, 2013 |
| Publication date | Jul 18, 2023 |
| Grant date | Jul 18, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for managing a device, comprising: sending, to the device from a remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate; verifying that the certificate is valid; identifying the resource based on a resource grouping identifier that is associated with a pairing of the profile and the certificate; and if the certificate is valid, providing the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 2. The method of claim 1 , further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and denying access to the resource. 3. The method of claim 1 , further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and initiating a remedial measure defined by the profile. 4. The method of claim 3 , wherein the remedial measure is one of at least: causing the device to delete any resources originally accessed using the certificate; disabling an enterprise application; sending an alert to the device alerting a user of the device that access was denied; sending an alert to an administrator; and pursuing an alternate validation method. 5. The method of claim 1 , wherein the profile is uniquely associated with the application. 6. The method of claim 1 , wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device. 7. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a remote server, performs stages for managing a device, the stages comprising: sending, to the device from the remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate; verifying that the certificate is valid; identifying the resource based on a resource grouping identifier that is associated with a pairing of a user credential and a device identifier of the device; and if the certificate is valid, providing the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 8. The non-transitory, computer-readable medium of claim 7 , the stages further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and denying access to the resource. 9. The non-transitory, computer-readable medium of claim 7 , the stages further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and initiating a remedial measure defined by the profile. 10. The non-transitory, computer-readable medium of claim 9 , wherein the remedial measure is one of at least: causing the device to delete any resources originally accessed using the certificate; disabling an enterprise application; sending an alert to the device alerting a user of the device that access was denied; sending an alert to an administrator; and pursuing an alternate validation method. 11. The non-transitory, computer-readable medium of claim 7 , wherein the profile is uniquely associated with the application. 12. The non-transitory, computer-readable medium of claim 7 , wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device. 13. A server, comprising: a memory storage storing program code; and a processor coupled to the memory storage, wherein, upon execution, the program code causes the processor to: send, to a device from the server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; receive a request, from the application installed on the device, to access the resource, the request including the certificate; verify that the certificate is valid; identify the resource based on a resource grouping identifier that is associated with a pairing of the profile and the certificate; and if the certificate is valid, provide the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 14. The server of claim 13 , wherein the program code causes the processor to, if the certificate is not valid, determine, in a subsequent verification, that the certificate is no longer valid, and deny access to the resource. 15. The server of claim 13 , wherein the program code causes the processor to, if the certificate is not valid, determine, in a subsequent verification, that the certificate is no longer valid, and initiate a remedial measure defined by the profile. 16. The server of claim 15 , wherein the remedial measure is one of at least: causing the device to delete any resources originally accessed using the certificate; disabling an enterprise application; sending an alert to the device alerting a user of the device that access was denied; sending an alert to an administrator; and pursuing an alternate validation method. 17. The server of claim 13 , wherein the profile is uniquely associated with the application.
Assignees
Inventors
Classifications
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
- G06F21/30Primary
Authentication, i.e. establishing the identity or authorisation of security principals · CPC title
using certificates · CPC title
for accessing specific resources, e.g. using Kerberos tickets · CPC title
Program or device authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent USRE49585E cover?
- Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the…
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 18 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (E1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).