US 9,813,285 B1
Enterprise server access system
Mark McGovern, Washington, DC (US); and James Matthew Dew, Austin, TX (US)
Assigned to CA, Inc., New York, NY (US)
Filed by CA, Inc., New York, NY (US)
Filed on Mar. 14, 2013, as Appl. No. 13/829,431.
Int. Cl. G06F 15/173 (2006.01); H04L 12/24 (2006.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); G07C 9/00 (2006.01)
CPC H04L 41/00 (2013.01) [G06F 21/55 (2013.01); G06F 21/60 (2013.01); G07C 9/00 (2013.01)] 54 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a broker component in an enterprise server, a rule set generated by an authorization server, wherein the rule set includes at least one rule with an input that is based on an action monitored by a second enterprise server for one or more first endpoint devices that control a first service for a user;
receiving, by an agent component in an enterprise server, a request to perform a restricted action from a second endpoint device that controls a second service for the user, wherein the enterprise server is configured to control access to a physical location and the restricted action is access to the physical location;
formatting, by the agent component, the request to perform the restricted action into a broker-formatted request;
receiving, by the broker component from the agent component, the broker-formatted request;
receiving, by the enterprise server, information associated with the action monitored by the second enterprise server, wherein the second enterprise server is configured to monitor an estimated location of the user;
determining, by the broker component, that the second endpoint device is prohibited from performing the restricted action based on: the rule set, the information associated with the action monitored by the second enterprise server for the one or more first endpoint devices, an identity associated with the second endpoint device, and at least one past activity associated with the identity, wherein the rule set includes a rule that access to the physical location is not allowed if the estimated location of the user is more than a threshold distance from the physical location;
receiving, by the agent component from the broker component, an instruction to prevent the second endpoint device from performing the restricted action; and
preventing, by the agent component, the second endpoint device from performing the restricted action.