Methods and systems for providing secure network connections to mobile communications devices

US 10,243,999 B2
Filed: 04/12/2018
Issued: 03/26/2019
Est. Priority Date: 11/04/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing a first secure network connection to a mobile communications device, the method comprising:

receiving, at a server, a request for a first secure network account from the mobile communications device;

generating, at the server in response to the received request and for the mobile communications device, the first secure network account for the first secure network connection, the generated first secure network account including first credentials for the first secure network connection;

transmitting, by the server, the first credentials to the mobile communications device;

receiving, by the server, the first credentials from the mobile communications device;

in response to receiving the first credentials from the mobile communications device, establishing, by the server, the first secure network connection between the server and the mobile communications device;

identifying, by the server, a trigger based on an analysis of network traffic over the first secure network connection; and

when a first level of security offered by the first secure network connection does not match a second level of security associated with the trigger in a secure network connection policy;

terminating the first secure network connection;

deleting the first credentials and the first secure network account;

generating at the server a second secure network account for a second secure network connection, the generated second secure network account including second credentials for the second secure network connection;

transmitting, by the server, the second credentials to the mobile communications device; and

establishing, by the server in response to receiving the second credentials from the mobile communications device, the second secure network connection between the server and the mobile communications device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network connection is established between a server and a mobile communications device after the creation of a secure network account. The server, while analyzing traffic over the secure network connection identifies a triggering event or condition. In response the server modifies the secure network connection.

Citations

32 Claims

1. A method for providing a first secure network connection to a mobile communications device, the method comprising:
- receiving, at a server, a request for a first secure network account from the mobile communications device;
  
  generating, at the server in response to the received request and for the mobile communications device, the first secure network account for the first secure network connection, the generated first secure network account including first credentials for the first secure network connection;
  
  transmitting, by the server, the first credentials to the mobile communications device;
  
  receiving, by the server, the first credentials from the mobile communications device;
  
  in response to receiving the first credentials from the mobile communications device, establishing, by the server, the first secure network connection between the server and the mobile communications device;
  
  identifying, by the server, a trigger based on an analysis of network traffic over the first secure network connection; and
  
  when a first level of security offered by the first secure network connection does not match a second level of security associated with the trigger in a secure network connection policy;
  
  terminating the first secure network connection;
  
  deleting the first credentials and the first secure network account;
  
  generating at the server a second secure network account for a second secure network connection, the generated second secure network account including second credentials for the second secure network connection;
  
  transmitting, by the server, the second credentials to the mobile communications device; and
  
  establishing, by the server in response to receiving the second credentials from the mobile communications device, the second secure network connection between the server and the mobile communications device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the analysis of network traffic over the first secure network connection includes analyzing header information included in data packets.
  - 3. The method of claim 2, wherein the trigger is defined by a secure network connection policy, the secure network connection policy including one or more rules identifying triggering events or conditions.
  - 4. The method of claim 3, wherein the trigger is an event or condition defined by the secure network connection policy as requiring the automatic termination of the first secure network connection, and wherein the terminating the first secure network connection includes automatically terminating the first secure network connection in response to identifying the triggering event or condition.
  - 5. The method of claim 1, wherein the trigger is at least one from the group of:
    - an action performed by an application on the mobile communications device;
      
      a downloading of an application;
      
      an attempt by the mobile communications device to access a website; and
      
      an indication the mobile communications device has left a geographical region.
  - 6. The method of claim 5, wherein the trigger is identified based on a domain name system (DNS) address retrieved during the analysis of the network traffic.
  - 7. The method of claim 5, wherein the trigger is an application on the mobile communications device identifying the mobile communications device as being lost or misplaced.
  - 8. The method of claim 1, wherein the first and second secure network connections include either:
    - a first and a second type of physical connection, the first secure network connection using the first type of physical connection and the second secure network connection using the second type of physical connection;
      
      ora same type of physical connection, the first secure network connection including an overlay connection and the second secure network connection not including an overlay connection.

9. A method for providing a first secure network connection to a mobile communications device, the method comprising:
- receiving, by the mobile communications device, first credentials for the first secure network connection, the first credentials generated, at a server, with a corresponding first secure network account for the first secure network connection and the first credentials transmitted, by the server, to the mobile communications device, wherein the first credentials and first secure network account are generated based on a request received by the server from the mobile communication device; and
  
  sending, by the mobile communications device, the first credentials to the server, wherein upon receiving the first credentials the server;
  
  establishes the first secure network connection between the server and the mobile communications device,identifies a trigger based on an analysis of network traffic over the first secure network connection; and
  
  ;
  
  when a first level of security offered by the first secure network connection does not match a second level of security associated with the trigger in a secure network connection policy;
  
  terminates the first secure network connection;
  
  deletes the first credentials and the first secure network account;
  
  generates a second secure network account for a second secure network connection, the generated second secure network account including second credentials for the second secure network connection;
  
  transmits the second credentials to the mobile communications device, andestablishes, in response to receiving the second credentials from the mobile communications device, the second secure network connection with the second level of security between the mobile communications device and the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the analysis of network traffic over the first secure network connection includes analyzing header information included in data packets.
  - 11. The method of claim 9, wherein the trigger is defined by a secure network connection policy, the secure network connection policy including one or more rules identifying triggering events or conditions.
  - 12. The method of claim 11, wherein the trigger is an event or condition defined by the secure network connection policy as requiring the automatic termination of the first secure network connection, and wherein the terminating the first secure network connection includes automatically terminating the first secure network connection in response to identifying the triggering event or condition.
  - 13. The method of claim 9, wherein the trigger is at least one from the group of:
    - an action performed by an application on the mobile communications device;
      
      a downloading of an application;
      
      an attempt by the mobile communications device to access a website; and
      
      an indication the mobile communications device has left a geographical region.
  - 14. The method of claim 13, wherein the trigger is identified based on a domain name system (DNS) address retrieved during the analysis of the network traffic.
  - 15. The method of claim 13, wherein the trigger is an application on the mobile communications device identifying the mobile communications device as being lost or misplaced.
  - 16. The method of claim 9, wherein the first and second secure network connections include either:
    - a first and a second type of physical connection, the first secure network connection using the first type of physical connection and the second secure network connection using the second type of physical connection;
      
      ora same type of physical connection, the first secure network connection including an overlay connection and the second secure network connection not including an overlay connection.

17. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to:
- receive a request for a first secure network account from a mobile communications device;
  
  generate, in response to the received request and for the mobile communications device, the first secure network account for the first secure network connection, the generated first secure network account including first credentials for the first secure network connection;
  
  transmit the first credentials to the mobile communications device;
  
  receive the first credentials from the mobile communications device;
  
  in response to receiving the first credentials from the mobile communications device, establish the first secure network connection between the server and the mobile communications device;
  
  identify a trigger based on an analysis of network traffic over the first secure network connection; and
  
  when a first level of security offered by the first secure network connection does not match a second level of security associated with the trigger in a secure network connection policy;
  
  terminate the first secure network connection;
  
  delete the first credentials and the first secure network account;
  
  generate a second secure network account for a second secure network connection, the generated second secure network account including second credentials for the second secure network connection;
  
  transmit the second credentials to the mobile communications device; and
  
  establish, in response to receiving the second credentials from the mobile communications device, the second secure network connection between the server and the mobile communications device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory, computer-readable storage medium of claim 17, wherein the analysis of network traffic over the first secure network connection includes analyzing header information included in data packets.
  - 19. The non-transitory, computer-readable storage medium of claim 18, wherein the trigger is defined by a secure network connection policy, the secure network connection policy including one or more rules identifying triggering events or conditions.
  - 20. The non-transitory, computer-readable storage medium of claim 19, wherein the trigger is an event or condition defined by the secure network connection policy as requiring the automatic termination of the first secure network connection, and wherein the terminating the first secure network connection includes automatically terminating the first secure network connection in response to identifying the triggering event or condition.
  - 21. The non-transitory, computer-readable storage medium of claim 17, wherein the trigger is at least one from the group of:
    - an action performed by an application on the mobile communications device;
      
      a downloading of an application;
      
      an attempt by the mobile communications device to access a website; and
      
      an indication the mobile communications device has left a geographical region.
  - 22. The non-transitory, computer-readable storage medium of claim 21, wherein the trigger is identified based on a domain name system (DNS) address retrieved during the analysis of the network traffic.
  - 23. The non-transitory, computer-readable storage medium of claim 21, wherein the trigger is an application on the mobile communications device identifying the mobile communications device as being lost or misplaced.
  - 24. The non-transitory, computer-readable storage medium of claim 17, wherein the first and second secure network connections include either:
    - a first and a second type of physical connection, the first secure network connection using the first type of physical connection and the second secure network connection using the second type of physical connection;
      
      ora same type of physical connection, the first secure network connection including an overlay connection and the second secure network connection not including an overlay connection.

25. A system, comprising a server with at least one processor and memory and instructions that when executed by the at least one processor cause the server to:
- receive a request for a first secure network account from a mobile communications device;
  
  generate, in response to the received request and for the mobile communications device, the first secure network account for the first secure network connection, the generated first secure network account including first credentials for the first secure network connection;
  
  transmit the first credentials to the mobile communications device;
  
  receive the first credentials from the mobile communications device;
  
  in response to receiving the first credentials from the mobile communications device, establish the first secure network connection between the server and the mobile communications device;
  
  identify a trigger based on an analysis of network traffic over the first secure network connection; and
  
  when a first level of security offered by the first secure network connection does not match a second level of security associated with the trigger in a secure network connection policy;
  
  terminate the first secure network connection;
  
  delete the first credentials and the first secure network account;
  
  generate a second secure network account for a second secure network connection, the generated second secure network account including second credentials for the second secure network connection;
  
  transmit the second credentials to the mobile communications device; and
  
  establish, in response to receiving the second credentials from the mobile communications device, the second secure network connection between the server and the mobile communications device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The system of claim 25, wherein the analysis of network traffic over the first secure network connection includes analyzing header information included in data packets.
  - 27. The system of claim 26, wherein the trigger is defined by a secure network connection policy, the secure network connection policy including one or more rules identifying triggering events or conditions.
  - 28. The system of claim 27, wherein the trigger is an event or condition defined by the secure network connection policy as requiring the automatic termination of the first secure network connection, and wherein the terminating the first secure network connection includes automatically terminating the first secure network connection in response to identifying the triggering event or condition.
  - 29. The system of claim 25, wherein the trigger is at least one from the group of:
    - an action performed by an application on the mobile communications device;
      
      a downloading of an application;
      
      an attempt by the mobile communications device to access a website; and
      
      an indication the mobile communications device has left a geographical region.
  - 30. The system of claim 29, wherein the trigger is identified based on a domain name system (DNS) address retrieved during the analysis of the network traffic.
  - 31. The system of claim 29, wherein the trigger is an application on the mobile communications device identifying the mobile communications device as being lost or misplaced.
  - 32. The system of claim 25, wherein the first and second secure network connections include either:
    - a first and a second type of physical connection, the first secure network connection using the first type of physical connection and the second secure network connection using the second type of physical connection;
      
      ora same type of physical connection, the first secure network connection including an overlay connection and the second secure network connection not including an overlay connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Strazzere, Timothy, Buck, Brian James
Primary Examiner(s)
Alata, Ayoub

Application Number

US15/952,110
Publication Number

US 20180234461A1
Time in Patent Office

348 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/14   for detecting or protecting...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

H04W 12/086   using security domains

Methods and systems for providing secure network connections to mobile communications devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing secure network connections to mobile communications devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links