Managing user access with mobile device posture

摘要

An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating the user to the remote network.

主权项

1. A method of managing access of a user of a computing machine to a remote network, comprising:
receiving, from the computing machine, a token code generated by a mobile device that runs a soft token; receiving device posture information collected by and pertaining to the mobile device; and applying the token code and the device posture information in authenticating the user to the remote network, wherein applying the token code and the device posture information in authenticating the user to the remote network includes providing the device posture information to a device risk engine and generating a device risk score by the device risk engine the device risk score indicating a level of risk, based on the device posture information received, of authenticating the user to the remote network, wherein the token code is received in the form of a passcode that includes the token code combined with a sequence of auxiliary bits that convey device posture information, wherein the method further comprises aggregating sequences of auxiliary bits obtained through multiple login attempts to assemble a record of device posture information, and wherein receiving the token code takes place in response to (i) the mobile device displaying the token code and (ii) a user of the mobile device manually transferring the token code from the mobile device to the computing machine.