Secure access to cloud-based services

US 10,079,834 B2
Filed: 01/26/2016
Issued: 09/18/2018
Est. Priority Date: 01/26/2015
Status: Active Grant

First Claim

Patent Images

1. A method to provide secure mobile access to a cloud-based service, comprising:

receiving, at a security proxy, a request from a mobile device to access the cloud-based service, wherein the request includes a security certificate;

using the security certificate associated with the request to synthesize a basic authentication header associated with the request, wherein the basic authentication header includes a hash of information obtained from the security certificate;

sending the synthesized basic authentication header that includes the hash of information obtained from the security certificate to the cloud-based service on behalf of the mobile device, wherein the cloud-based service is configured to extract credential information from the synthesized basic authentication header and to send the extracted credential information to the security proxy;

using the extracted credential information to determine that access to the cloud based service is authorized; and

providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to provide secure mobile access to a cloud-based service are disclosed. In various embodiments, a request to access the cloud-based service is received from a mobile device. A security certificate associated with the request is used to synthesize a basic authentication header associated with the request. The synthesized basic authentication header is sent to the cloud-based service on behalf of the mobile device.

37 Citations

View as Search Results

19 Claims

1. A method to provide secure mobile access to a cloud-based service, comprising:
- receiving, at a security proxy, a request from a mobile device to access the cloud-based service, wherein the request includes a security certificate;
  
  using the security certificate associated with the request to synthesize a basic authentication header associated with the request, wherein the basic authentication header includes a hash of information obtained from the security certificate;
  
  sending the synthesized basic authentication header that includes the hash of information obtained from the security certificate to the cloud-based service on behalf of the mobile device, wherein the cloud-based service is configured to extract credential information from the synthesized basic authentication header and to send the extracted credential information to the security proxy;
  
  using the extracted credential information to determine that access to the cloud based service is authorized; and
  
  providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the request is associated with a mobile app on the mobile device.
  - 3. The method of claim 2, wherein the mobile app comprises a native email application.
  - 4. The method of claim 1, wherein the cloud-based service is configured to allow the mobile device to access the cloud-based service based on the security token.
  - 5. The method of claim 4, wherein the security proxy is remote from the cloud-based service and the synthesized basic authentication header is sent to the cloud-based service via a network.
  - 6. The method of claim 1, wherein the security certificate comprises a certificate provisioned to the mobile device.
  - 7. The method of claim 1, wherein using the security certificate to synthesize the basic authentication header includes using information comprising the security certificate to populate a data field of the basic authentication header.
  - 8. The method of claim 1, wherein using the security certificate to synthesize the basic authentication header includes using information comprising the security certificate to retrieve a data value to populate a data field of the basic authentication header.
  - 9. The method of claim 8, wherein the data value is retrieved via a call to a directory associated with the mobile device.
  - 10. The method of claim 1, wherein the basic authentication header is synthesized at least in part by computing the hash based on credential information associated with the request to access the cloud-based service.
  - 11. The method of claim 10, further comprising caching the credential information.
  - 12. The method of claim 11, further comprising receiving from the cloud-based service a request to authenticate the extracted credential information, wherein the request to authenticate the extracted credential information includes the extracted credential information.
  - 13. The method of claim 12, further comprising comparing the received extracted credential information with the cached credential information to authenticate the received extracted credential information.
  - 14. The method of claim 13, wherein the security token is provided to the cloud-based service based at least in part on said authentication of the received extracted credential information.
  - 15. The method of claim 14, wherein the security token comprises a Security Assertion Markup Language (SAML) assertion.
  - 16. The method of claim 1, wherein the security certificate associated with the request is used to synthesize a basic authentication header associated with the request based at least in part on a determination that access is authorized.

17. A system to provide secure mobile access to a cloud-based service, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  receive, at a security proxy, a request from a mobile device to access the cloud-based service, wherein the request includes a security certificate;
  
  use the security certificate associated with the request to synthesize a basic authentication header associated with the request, wherein the basic authentication header includes a hash of information obtained from the security certificate;
  
  send the synthesized basic authentication header that includes the hash of information obtained from the security certificate to the cloud-based service on behalf of the mobile device, wherein the cloud-based service is configured to extract credential information from the synthesized basic authentication header and to send the extracted credential information to the security proxy;
  
  use the extracted credential information to determine that access to the cloud-based service is authorized; and
  
  provide to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the basic authentication header is synthesized at least in part by computing the hash based on credential information associated with the request to access the cloud-based service.

19. A computer program product to provide secure mobile access to a cloud-based service, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
- receiving, at a security proxy, a request from a mobile device to access the cloud-based service, wherein the request includes a security certificate;
  
  using the security certificate associated with the request to synthesize a basic authentication header associated with the request, wherein the basic authentication header includes a hash of information obtained from the security certificate;
  
  sending the synthesized basic authentication header that includes the hash of information obtained from the security certificate to the cloud-based service on behalf of the mobile device, wherein the cloud-based service is configured to extract credential information from the synthesized basic authentication header and to send the extracted credential information to the security proxy;
  
  using the extracted credential information to determine that access to the cloud-based service is authorized; and
  
  providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Karunakaran, Kumara Das, Pawar, Vijay, Golovenko, Ivan
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US15/006,917
Publication Number

US 20160219044A1
Time in Patent Office

966 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

Secure access to cloud-based services

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure access to cloud-based services

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links