Verifying a certificate

US 10,149,166 B2
Filed: 01/14/2016
Issued: 12/04/2018
Est. Priority Date: 01/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, from an application on a mobile device, a request to connect to a Virtual Private Network (VPN) server;

obtaining, at the mobile device, a certificate of the VPN server;

performing, at the mobile device, a device-level certificate verification based on the certificate according to a device-level security policy;

in response to the device-level certificate verification being successful, determining, at the mobile device, whether an application-level certificate verification for the certificate of the VPN server is provisioned for the application;

in response to determining that the application-level certification verification is provisioned, performing, at the mobile device, the application-level certificate verification based on the certificate of the VPN server according to an application-level security policy associated with the application, wherein the application-level security policy is different than the device-level security policy; and

in response to verifying that the certificate passes the application-level certificate verification, connecting to the VPN server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software can be used to verify a certificate. In some aspects, a request to connect to a Virtual Private Network (VPN) server is received from an application on a mobile device. A certificate of the VPN server is obtained at the mobile device. A device-level certificate verification for the certificate is performed. Whether an application-level certificate verification is provisioned for the application is determined. In response to determining that the application-level certification verification is provisioned, the application-level certificate verification for the certificate is performed. In response to verifying that the certificate passes the application-level certificate verification, the mobile device is connected to the VPN server.

Citations

20 Claims

1. A method, comprising:
- receiving, from an application on a mobile device, a request to connect to a Virtual Private Network (VPN) server;
  
  obtaining, at the mobile device, a certificate of the VPN server;
  
  performing, at the mobile device, a device-level certificate verification based on the certificate according to a device-level security policy;
  
  in response to the device-level certificate verification being successful, determining, at the mobile device, whether an application-level certificate verification for the certificate of the VPN server is provisioned for the application;
  
  in response to determining that the application-level certification verification is provisioned, performing, at the mobile device, the application-level certificate verification based on the certificate of the VPN server according to an application-level security policy associated with the application, wherein the application-level security policy is different than the device-level security policy; and
  
  in response to verifying that the certificate passes the application-level certificate verification, connecting to the VPN server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein whether the application-level certificate verification is provisioned is determined based on a VPN profile associated with the application.
  - 3. The method of claim 2, wherein the VPN profile is stored at the mobile device prior to receiving the request to connect to the VPN server.
  - 4. The method of claim 2, wherein the VPN profile is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.
  - 5. The method of claim 2, wherein the application-level certificate verification is performed by executing an extension specified by the VPN profile.
  - 6. The method of claim 5, wherein the extension is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.
  - 7. The method of claim 1, wherein the application-level certificate verification is based on a black list of certificate authorities (CAs).

8. A mobile device, comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  receive, from an application on the mobile device, a request to connect to a Virtual Private Network (VPN) server;
  
  obtain, at the mobile device, a certificate of the VPN server;
  
  perform, at the mobile device, a device-level certificate verification based on the certificate according to a device-level security policy;
  
  in response to the device-level certificate verification being successful, determine, at the mobile device, whether an application-level certificate verification for the certificate of the VPN server is provisioned for the application;
  
  in response to determining that the application-level certification verification is provisioned, perform, at the mobile device, the application-level certificate verification based on the certificate of the VPN server according to an application-level security policy associated with the application, wherein the application-level security policy is different than the device-level security policy; and
  
  in response to verifying that the certificate passes the application-level certificate verification, connect to the VPN server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The mobile device of claim 8, wherein whether the application-level certificate verification is provisioned is determined based on a VPN profile associated with the application.
  - 10. The mobile device of claim 9, wherein the VPN profile is stored at the mobile device prior to receiving the request to connect to the VPN server.
  - 11. The mobile device of claim 9, wherein the VPN profile is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.
  - 12. The mobile device of claim 9, wherein the application-level certificate verification is performed by executing an extension specified by the VPN profile.
  - 13. The mobile device of claim 12, wherein the extension is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.
  - 14. The mobile device of claim 8, wherein the application-level certificate verification is based on a black list of certificate authorities (CAs).

15. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
- receiving, from an application on a mobile device, a request to connect to a Virtual Private Network (VPN) server;
  
  obtaining, at the mobile device, a certificate of the VPN server;
  
  performing, at the mobile device, a device-level certificate verification based on the certificate according to a device-level security policy;
  
  in response to the device-level certificate verification being successful, determining, at the mobile device, whether an application-level certificate verification for the certificate of the VPN server is provisioned for the application;
  
  in response to determining that the application-level certification verification is provisioned, performing, at the mobile device, the application-level certificate verification based on the certificate of the VPN server according to an application-level security policy associated with the application, wherein the application-level security policy is different than the device-level security policy; and
  
  in response to verifying that the certificate passes the application-level certificate verification, connecting to the VPN server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein whether the application-level certificate verification is provisioned is determined based on a VPN profile associated with the application.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the VPN profile is stored at the mobile device prior to receiving the request to connect to the VPN server.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the VPN profile is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.
  - 19. The non-transitory computer-readable medium of claim 16, wherein the application-level certificate verification is performed by executing an extension specified by the VPN profile.
  - 20. The non-transitory computer-readable medium of claim 19, wherein the extension is sent to the mobile device from an enterprise server prior to receiving the request to connect to the VPN server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Mazzuca, Elliott Michael Guy, Yang, Chang Fung, Xu, Jason Songbo, Tse, Chi Chiu
Primary Examiner(s)
Brown, Christopher J

Application Number

US14/995,932
Publication Number

US 20170208469A1
Time in Patent Office

1,055 Days
Field of Search

726 7
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

H04W 88/02   Terminal devices

Verifying a certificate

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying a certificate

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links