| CPC H04L 63/205 (2013.01) [H04L 9/3268 (2013.01); H04L 63/0884 (2013.01); H04L 2463/082 (2013.01)] | 20 Claims |
|
1. A method of implementing a desired security policy for a device, comprising:
receiving, at an authentication service, a request from a device to access a service, an application, or a website;
operating the authentication service to generate a unique identifier for the request, wherein the unique identifier is generated based at least in part on an identifier for the service, application, or website;
operating the authentication service to provide the unique identifier to a managed device service;
operating the managed device service to send a certificate request to the device, wherein the certificate request corresponds to a certificate for a managed device, and wherein the certificate request is sent to the device by the managed device service as part of a protocol handshake;
receiving, at the managed device service, the certificate provided by the device or receiving no response from the device;
if the certificate is received from the device, then operating the managed device service to determine if it is a valid certificate, wherein determining if the received certificate is a valid certificate further comprises operating the managed device service to compare the received certificate to a previously stored certificate;
if the received certificate is a valid certificate, then operating the managed device service to generate a message containing the unique identifier and an indication that the device is a managed device;
if the received certificate is not a valid certificate or if no response is received to the request for a certificate from the device, then operating the managed device service to generate a message containing the unique identifier and an indication that the client device is not a managed device;
operating the managed device service to send the generated message to the authentication service;
operating the authentication service to determine a security policy for the request from the device based on whether the device is a managed device or is not a managed device; and
operating the authentication service to send information about the determined security policy to the device, wherein the information directs the device to a destination that implements the determined security policy.
|