USRE49585EActiveUtility

Certificate based profile confirmation

71
Assignee: AIRWATCH LLCPriority: Mar 15, 2013Filed: Dec 2, 2020Granted: Jul 18, 2023
Est. expiryMar 15, 2033(~6.7 yrs left)· nominal 20-yr term from priority
H04L 63/10G06F 21/30G06F 21/33G06F 21/335G06F 21/44G06F 21/50G06F 21/51G06F 21/54H04W 12/08H04W 12/37
71
PatentIndex Score
0
Cited by
178
References
17
Claims

Abstract

Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for managing a device, comprising:
 sending, to the device from a remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; 
 receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate; 
 verifying that the certificate is valid; 
 identifying the resource based on a resource grouping identifier that is associated with a pairing of the profile and the certificate; and 
 if the certificate is valid, providing the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 
 
     
     
       2. The method of  claim 1 , further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and denying access to the resource. 
     
     
       3. The method of  claim 1 , further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and initiating a remedial measure defined by the profile. 
     
     
       4. The method of  claim 3 , wherein the remedial measure is one of at least:
 causing the device to delete any resources originally accessed using the certificate; 
 disabling an enterprise application; 
 sending an alert to the device alerting a user of the device that access was denied; 
 sending an alert to an administrator; and 
 pursuing an alternate validation method. 
 
     
     
       5. The method of  claim 1 , wherein the profile is uniquely associated with the application. 
     
     
       6. The method of  claim 1 , wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device. 
     
     
       7. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a remote server, performs stages for managing a device, the stages comprising:
 sending, to the device from the remote server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; 
 receiving, at the remote server, a request from the application installed on the device to access the resource, the request including the certificate; 
 verifying that the certificate is valid; 
 identifying the resource based on a resource grouping identifier that is associated with a pairing of a user credential and a device identifier of the device; and 
 if the certificate is valid, providing the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 
 
     
     
       8. The non-transitory, computer-readable medium of  claim 7 , the stages further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and denying access to the resource. 
     
     
       9. The non-transitory, computer-readable medium of  claim 7 , the stages further comprising: if the certificate is not valid, determining, in a subsequent verification, that the certificate is no longer valid, and initiating a remedial measure defined by the profile. 
     
     
       10. The non-transitory, computer-readable medium of  claim 9 , wherein the remedial measure is one of at least:
 causing the device to delete any resources originally accessed using the certificate; 
 disabling an enterprise application; 
 sending an alert to the device alerting a user of the device that access was denied; 
 sending an alert to an administrator; and 
 pursuing an alternate validation method. 
 
     
     
       11. The non-transitory, computer-readable medium of  claim 7 , wherein the profile is uniquely associated with the application. 
     
     
       12. The non-transitory, computer-readable medium of  claim 7 , wherein providing the application with access to the resource further comprises locating the resource and transmitting the resource to the device. 
     
     
       13. A server, comprising:
 a memory storage storing program code; and 
 a processor coupled to the memory storage, wherein, upon execution, the program code causes the processor to:
 send, to a device from the server, a profile specifying that an application installed on the device is authorized to execute on the device and authorized to access a resource, wherein the profile comprises a certificate that uniquely identifies the profile from another profile; 
 receive a request, from the application installed on the device, to access the resource, the request including the certificate; 
 verify that the certificate is valid; 
 identify the resource based on a resource grouping identifier that is associated with a pairing of the profile and the certificate; and 
 
 if the certificate is valid, provide the application with access to the resource; and, wherein providing the application with access to the resource further comprises providing the application with access to a plurality of additional resources authorized by the certificate. 
 
     
     
       14. The server of  claim 13 , wherein the program code causes the processor to, if the certificate is not valid, determine, in a subsequent verification, that the certificate is no longer valid, and deny access to the resource. 
     
     
       15. The server of  claim 13 , wherein the program code causes the processor to, if the certificate is not valid, determine, in a subsequent verification, that the certificate is no longer valid, and initiate a remedial measure defined by the profile. 
     
     
       16. The server of  claim 15 , wherein the remedial measure is one of at least:
 causing the device to delete any resources originally accessed using the certificate; 
 disabling an enterprise application; 
 sending an alert to the device alerting a user of the device that access was denied; 
 sending an alert to an administrator; and 
 pursuing an alternate validation method. 
 
     
     
       17. The server of  claim 13 , wherein the profile is uniquely associated with the application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.