Trustworthy device claims as a service

摘要

Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.

主权项

1. A method for use in a system comprising a network application and a client device, the method comprising acts of:
receiving, by a device state token service that has a trust relationship with the network application, a notification from the network application, the notification indicating that the client device attempts to access the network application; providing, by the device state token service, a request for information to the client device in response to receiving the notification; receiving, by the device state token service, information from the client device describing a characteristic and/or state of the client device in response to the request, the device state token service also having a pre-existing trust relationship with the client device, the pre-existing trust relationship indicating that the client device trusts the device state token service to issue device claims to the client device; processing the information to generate first device claims, which describe at least one of one or more characteristics of the client device or a state of the client device, to be issued to the client device; and issuing the first device claims to the client device.