| 发明名称 |
Resource protection on un-trusted devices |
| 摘要 |
Authenticating a client device to a service to allow the client device to access a resource provided by the service. A client device obtains a secondary credential that is associated with a primary credential and that is generated as being usable by a particular set of devices including the client device to indirectly gain access to the service through the primary credential. While outside of an enterprise network, the client device requests access to the service, including sending the secondary credential to an enterprise gateway. Based at least on sending the secondary credential to the enterprise gateway, the client device receives a resource from the service. The resource is received based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices. |
| 申请公布号 |
US9584501(B2) |
申请公布日期 |
2017.02.28 |
| 申请号 |
US201514802562 |
申请日期 |
2015.07.17 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Mendelovich Meir;Matchoro Ron |
| 分类号 |
H04L29/06;G06F21/44;G06F21/33 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Drakos Kate;Minhas Micky |
| 主权项 |
1. A client device, comprising:
one or more hardware processors; and one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors, and that configure the client device to authenticate to an enterprise network, including computer-executable instructions that configure the client device to perform at least the following: obtain a secondary credential, the secondary credential being associated with a primary credential that is usable from within the enterprise network to directly gain access to a service of the enterprise network, the secondary credential having been generated within the enterprise network as being usable by a particular set of client devices that includes the client device to indirectly gain access to the service through the primary credential and as being unusable by any other client devices not included in the particular set of client devices to gain access to the service; while outside of the enterprise network, request access to the service, including sending the secondary credential to an enterprise gateway of the enterprise network; and based at least on sending the secondary credential to the enterprise gateway, receive a resource from the service, the resource being received from the service based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices. |
| 地址 |
Redmond WA US |
