Method for implementing secure corporate Communication
First Claim
1. A method for implementing secure communication, comprising:
- (a) receiving instructions to initiate a process for creating a secure communication link to a remote device via a publicly accessible network;
(b) determining in response to the instructions received in step (a), whether at least one local application program used to create the secure communication link is configured;
(c) initiating, based on the instructions received in step (a), a second process for accessing a database over the publicly accessible network;
(d) receiving, in response to step (c) and if the at least one local application program is not configured, configuration information for the at least one program;
(e) configuring the at least one program based upon the configuration information received in step (d); and
(i) creating the secure communication link based on the configuration.
7 Assignments
0 Petitions
Accused Products
Abstract
A mobile or other device connects to a server via a publicly accessible network such as the Internet. After installation upon the device, a virtual private network (VPN) client connects to the server and downloads a VPN profile. In one embodiment the device creates public/private key pairs and requests enrollment of a digital certificate. In another embodiment a digital certificate and public/private key pairs are provided. The device also receives a digital certificate from the server and verifies the server certificate by requesting the user to supply a portion of a fingerprint for the certificate. The invention further includes an automatic content updating (ACU) client that downloads a user profile for the VPN, requests certificate enrollment, and updates the VPN client and other applications when new content is available. A security service manager (SSM) server includes, or is in communication with, a Web server, multiple databases, an enrollment gateway and an internal certification authority (CA). A VPN policy manager application creates and manages VPN profiles and/or policies and communicates with the SSM server. The SSM server, which may reside on an enterprise intranet, may further communicate with one or more external CAs.
395 Citations
48 Claims
-
1. A method for implementing secure communication, comprising:
-
(a) receiving instructions to initiate a process for creating a secure communication link to a remote device via a publicly accessible network;
(b) determining in response to the instructions received in step (a), whether at least one local application program used to create the secure communication link is configured;
(c) initiating, based on the instructions received in step (a), a second process for accessing a database over the publicly accessible network;
(d) receiving, in response to step (c) and if the at least one local application program is not configured, configuration information for the at least one program;
(e) configuring the at least one program based upon the configuration information received in step (d); and
(i) creating the secure communication link based on the configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 29, 40)
-
-
25. A device for secure communication with a server via a publicly accessible network, comprising:
-
an interface to a publicly accessible network; and
a processor configured to perform steps comprising;
(a) receiving instructions to initiate a process for creating a secure communication link to a remote device via a publicly accessible network;
(b) determining, in response to the instructions received in step (a), whether at least one local application program used to create the secure communication link is configured;
(c) initiating, based on the instructions received in step (a), a second process for accessing a database over the publicly accessible network;
(d) receiving, in response to step (c) and if the at least one local application program is not configured, configuration information for the at least one program;
(e) configuring the at least one program based, upon the configuration information received in step (d); and
(f) creating the secure communication link based on the configuration. - View Dependent Claims (26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A server, comprising:
-
an interface to a publicly accessible network; and
a processor configured to perform steps comprising;
(a) receiving requests from multiple users for configuration information for locally stored application programs used to create secure communication links to the server, the users being organized in a hierarchy of child, parent and grandparent groups, each group having a corresponding set of secure communication configuration data accessible by the server, each child group inheriting properties from its parent group, each parent group inheriting properties its grandparent group;
(b) storing content associated with the groups, with information associated with a particular group being accessible to the particular group and to groups inheriting properties from the particular group;
(b) providing configuration information to the users, the configuration information provided to each user comprising the configuration data set for each group from which the user inherits properties;
(c) receiving requests from the users for content corresponding to other locally stored application programs; and
(d) providing information to the users of a child group based on the groups from which the child group inherits properties.
-
Specification