Secure access to cloud-based services

US 10,397,239 B2
Filed: 08/08/2018
Issued: 08/27/2019
Est. Priority Date: 01/26/2015
Status: Active Grant

First Claim

Patent Images

1. A method to provide secure mobile access to a cloud-based service, comprising:

receiving, at a security proxy, credential information from the cloud-based service, wherein the credential information is extracted, by the cloud-based service, from a synthesized basic authentication header, wherein the synthesized basic authentication header includes a hash of information obtained from a security certificate that was provided from a mobile device to the security proxy, wherein the synthesized basic authentication header is provided from the security proxy to the cloud-based service;

using the extracted credential information to determine that access to the cloud-based service is authorized for the mobile device; and

providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to provide secure mobile access to a cloud-based service are disclosed. In various embodiments, a request to access the cloud-based service is received from a mobile device. A security certificate associated with the request is used to synthesize a basic authentication header associated with the request. The synthesized basic authentication header is sent to the cloud-based service on behalf of the mobile device.

Citations

20 Claims

1. A method to provide secure mobile access to a cloud-based service, comprising:
- receiving, at a security proxy, credential information from the cloud-based service, wherein the credential information is extracted, by the cloud-based service, from a synthesized basic authentication header, wherein the synthesized basic authentication header includes a hash of information obtained from a security certificate that was provided from a mobile device to the security proxy, wherein the synthesized basic authentication header is provided from the security proxy to the cloud-based service;
  
  using the extracted credential information to determine that access to the cloud-based service is authorized for the mobile device; and
  
  providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising, receiving a request from the mobile device to access the cloud-based service, wherein the request is associated with a mobile app on the mobile device.
  - 3. The method of claim 2, wherein the mobile app comprises a native email application.
  - 4. The method of claim 1, wherein the cloud-based service is configured to allow the mobile device to access the cloud-based service based on the security token.
  - 5. The method of claim 4, wherein the security proxy is remote from the cloud-based service and the synthesized basic authentication header is sent to the cloud-based service via a network.
  - 6. The method of claim 2, wherein the request includes the security certificate.
  - 7. The method of claim 6, wherein the security certificate comprises a certificate provisioned to the mobile device.
  - 8. The method of claim 6, further comprising using the security certificate to synthesize a basic authentication header at least in part by using information comprising the security certificate to populate a data field of the basic authentication header.
  - 9. The method of claim 6, further comprising using the security certificate to synthesize a basic authentication header at least in part by using information comprising the security certificate to retrieve a data value to populate a data field of the basic authentication header.
  - 10. The method of claim 9, wherein the data value is retrieved via a call to a directory associated with the mobile device.
  - 11. The method of claim 1, wherein a basic authentication header is synthesized to be the synthesized basic authentication header at least in part by computing the hash based on the credential information associated with a request to access the cloud-based service.
  - 12. The method of claim 11, further comprising caching the credential information.
  - 13. The method of claim 12, further comprising receiving from the cloud-based service a request to authenticate the extracted credential information, wherein the request to authenticate the extracted credential information includes the extracted credential information.
  - 14. The method of claim 13, further comprising comparing the received extracted credential information with the cached credential information to authenticate the received extracted credential information.
  - 15. The method of claim 14, wherein the security token is provided to the cloud-based service based at least in part on said authentication of the received extracted credential information.
  - 16. The method of claim 1, wherein the security token comprises a Security Assertion Markup Language (SAML) assertion.
  - 17. The method of claim 1, wherein a security certificate associated with a request is used to synthesize a basic authentication header associated with the request based at least in part on the determination that access is authorized.

18. A system to provide secure mobile access to a cloud-based service, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  receive credential information from the cloud-based service, wherein the credential information is extracted, by the cloud-based service, from a synthesized basic authentication header, wherein the synthesized basic authentication header includes a hash of information obtained from a security certificate that was provided from a mobile device to the security proxy, wherein the synthesized basic authentication header is provided from the security proxy to the cloud-based service;
  
  use the extracted credential information to determine that access to the cloud-based service is authorized for the mobile device; and
  
  provide to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the basic authentication header is synthesized at least in part by computing the hash based on credential information associated with a request to access the cloud-based service.

20. A computer program product to provide secure mobile access to a cloud-based service, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
- receiving credential information from the cloud-based service, wherein the credential information is extracted, by the cloud-based service, from a synthesized basic authentication header, wherein the synthesized basic authentication header includes a hash of information obtained from a security certificate that was provided from a mobile device to a security proxy, wherein the synthesized basic authentication header is provided from the security proxy to the cloud-based service;
  
  using the extracted credential information to determine that access to the cloud-based service is authorized for the mobile device; and
  
  providing to the cloud based service a security token that indicates the mobile device is authorized to access the cloud-based service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Karunakaran, Kumara Das, Pawar, Vijay, Golovenko, Ivan
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US16/058,916
Publication Number

US 20180351960A1
Time in Patent Office

384 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

Secure access to cloud-based services

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure access to cloud-based services

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links