Client-server architecture (client/server) is a network architecture in which a device or process on the network is either a client or a server. In the client-server architecture, a server provides one or more services, which may be defined by the provider(s), to a client device. For example, an appliance with network capability, such as a smart refrigerator, may provide various services to a client device, such as a smartphone. For instance, the smart refrigerator may allow the smartphone to remotely read and/or control the temperature of the smart refrigerator via a wireless network. In that context, the smart refrigerator is a server. As another example, a networked computer may provide a data service to a client device such that the client device may send and/or receive data to and/or from a data store, such as file storage, coupled to the networked computer. In that context, the networked computer is a server. To facilitate a user to use the services provided by the server in the client-server architecture, the client device typically provides an interface to allow a user to request the services provided by the server and to display the results the server returns. The server typically waits for requests to arrive from client device and then responds to them.
Controlling a client device's access to a service provided by a server is generally known in the art. Various schemes of access control known in the art may be categorized into user-level and device-level control schemes. User-level access control typically involves controlling user access to certain services provided by the server via user credentials and/or user access matrix(ces). User credentials of a user, i.e., user name and password, typically facilitate authentication of the user to the server, and user access matrix(ces) typically defines which service(s) the user has access to. For example, it is well known in the art to challenge a user to provide user credentials to log into an operating system on a server, such as a UNIX server. Many applications are also known to have access control at user level by challenging users to provide user credentials specific to the applications. Once a user is authenticated by the credentials provided by the user, the applications typically provide the user access to one or more services of the applications.
Device-level access control typically involves controlling a client device's access to the server via device identities and device access matrices. Device-level access control is typically performed at an access control component (e.g., at a firewall component) of the server. For example, incoming data packets may be examined by a firewall component such that data packets not originating from unauthorized client device(s) may not have access to the server.