Secure app-to-app communication
First Claim
Patent Images
1. A method, comprising:
- providing, from a first mobile application of a mobile device to a second mobile application of the mobile device via a first uniform resource locator (URL), information that includes a first encryption information associated with the first mobile application of the mobile device, an identifier of a shared storage location, and a first mobile application identifier, wherein the first mobile application is a management agent associated with a management server and the second mobile application is a managed application, wherein the second mobile application is configured to validate the first mobile application based in part on the information, wherein in response to validating the first mobile application, the second mobile application is configured to provide second encryption information to the first mobile application via a second URL and a message indicating the second encryption information has been sent via the second URL to the shared storage location;
receiving, at the first mobile application of the mobile device from the second mobile application of the mobile device via the second URL, the second encryption information associated with the second mobile application of the mobile device;
validating, by the first application, an identity of the second mobile application based in part on a payload of the second URL;
generating a shared encryption key based at least in part on the first encryption information and the second encryption information; and
using the shared encryption key to encrypt data to be transferred from the first mobile application of the mobile device to the second mobile application of the mobile device via the shared storage location, wherein the management server is configured to manage the second mobile application via the encrypted data provided by the first mobile application.
3 Assignments
0 Petitions
Accused Products
Abstract
Secure application-to-application communication is disclosed. A shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The encrypted data is provided to a shared storage location. The second mobile application is configured to retrieve the encrypted data from the shared storage location.
39 Citations
25 Claims
-
1. A method, comprising:
-
providing, from a first mobile application of a mobile device to a second mobile application of the mobile device via a first uniform resource locator (URL), information that includes a first encryption information associated with the first mobile application of the mobile device, an identifier of a shared storage location, and a first mobile application identifier, wherein the first mobile application is a management agent associated with a management server and the second mobile application is a managed application, wherein the second mobile application is configured to validate the first mobile application based in part on the information, wherein in response to validating the first mobile application, the second mobile application is configured to provide second encryption information to the first mobile application via a second URL and a message indicating the second encryption information has been sent via the second URL to the shared storage location; receiving, at the first mobile application of the mobile device from the second mobile application of the mobile device via the second URL, the second encryption information associated with the second mobile application of the mobile device; validating, by the first application, an identity of the second mobile application based in part on a payload of the second URL; generating a shared encryption key based at least in part on the first encryption information and the second encryption information; and using the shared encryption key to encrypt data to be transferred from the first mobile application of the mobile device to the second mobile application of the mobile device via the shared storage location, wherein the management server is configured to manage the second mobile application via the encrypted data provided by the first mobile application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system, comprising:
-
a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; provide, from a first mobile application of the system to a second mobile application of the system via a first uniform resource locator (URL), information that includes a first encryption information associated with the first mobile application of the mobile device, an identifier of a shared storage location, and a first mobile application identifier, wherein the first mobile application is a management agent associated with a management server and the second mobile application is a managed application, wherein the second mobile application is configured to validate the first mobile application based in part on the information, wherein in response to validating the first mobile application, the second mobile application is configured to provide second encryption information to the first mobile application via a second URL and a message indicating the second encryption information has been sent via the second URL to the shared storage location; receive, at the first mobile application of the mobile device from the second mobile application of the mobile device via the second URL, the second encryption information associated with the second mobile application of the mobile device; validate, by the first application, an identity of the second mobile application based in part on a payload of the second URL; generate a shared encryption key based at least in part on the first encryption information and the second encryption information; and use the shared encryption key to encrypt data to be transferred from the first mobile application of the mobile device to the second mobile application of the mobile device via the shared storage location, wherein the management server is configured to manage the second mobile application via the encrypted data provided by the first mobile application. - View Dependent Claims (24)
-
-
25. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
providing, from a first mobile application of a mobile device to a second mobile application of the mobile device via a first uniform resource locator (URL), information that includes a first encryption information associated with the first mobile application of the mobile device, an identifier of a shared storage location, and a first mobile application identifier, wherein the first mobile application is a management agent associated with a management server and the second mobile application is a managed application, wherein the second mobile application is configured to validate the first mobile application based in part on the information, wherein in response to validating the first mobile application, the second mobile application is configured to provide second encryption information to the first mobile application via a second URL and a message indicating the second encryption information has been sent via the second URL to the shared storage location; receiving, at the first mobile application of the mobile device from the second mobile application of the mobile device via the second URL, the second encryption information associated with the second mobile application of the mobile device; validating, by the first application, an identity of the second mobile application based in part on a payload of the second URL; generating a shared encryption key based at least in part on the first encryption information and the second encryption information; and using the shared encryption key to encrypt data to be transferred from the first mobile application to the second mobile application of the mobile device via the shared storage location, wherein the management server is configured to manage the second mobile application via the encrypted data provided by the first mobile application.
-
Specification