SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE HAVING ENDPOINT INDEPENDENCE
First Claim
1. A computer implemented method for virtualizing a presentation layer of a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:
- defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data;
defining an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system;
defining a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
executing the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.
6 Assignments
0 Petitions
Accused Products
Abstract
The connectivity and security of wireless handheld devices (HDs) can he leveraged to provide a presentation appliance (PA) (e.g. a laptop) with an ability to securely communicate with an enterprise'"'"'s private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP 1.1 compliant Internet/Web Proxy to couple the PA for communication through the HD. Support for the pragmatic keep-alive header, the CONNECT method, socket connection sharing, and thread pooling, enables a fully functional browsing environment to access web-based applications that are built on standard Internet technologies without the need for re-rendering or re-writing the user interfaces to suit the HD. In addition, Intranet web-based applications are made securely accessible without the need for additional VPN and remote access technologies. The PA may be configured to prevent residual storage of sensitive data on the PA.
-
Citations
20 Claims
-
1. A computer implemented method for virtualizing a presentation layer of a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:
-
defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data; defining an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system; defining a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and executing the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium having computer executable instructions stored thereon for adapting a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network and a presentation appliance for data communications, said instructions including first code means for adapting the wireless communication device and second code means for adapting the appliance, such that when the first and second code means are executed by respective processors of the wireless communication device and appliance, the wireless communication device and appliance are configured to:
-
define a split proxy server for respective execution by the presentation appliance and the wireless communication device For configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the-split proxy server, said file system providing a private data zone for securely storing data; define an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system; define a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and execute the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.
-
-
11. A data communication system comprising:
-
a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user; wherein the wireless communication device and presentation appliance are configured to; define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data; define an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system; define a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and execute the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.
-
-
12. A computer implemented method for communicating data using a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:
-
defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server; defining a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and executing the at least one application for securely communicating data without storing the data to the presentation appliance. - View Dependent Claims (13, 14, 15)
-
-
16. A computer-readable storage medium having computer executable instructions stored thereon for adapting a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network and a presentation appliance for data communications, said instructions including first code means for adapting the wireless communication device and second code means for adapting the presentation appliance, such that when the first and second code means are executed by respective processors of the wireless communication device and appliance, the wireless communication device and appliance are configured to:
-
define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server; define a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and execute the at least one application for securely communicating data without storing the data to the presentation appliance.
-
-
17. A data communication system comprising:
-
a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user; wherein the wireless communication device and presentation appliance are configured to; define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network; define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server; define a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and execute the at least one application for securely communicating data without storing the data to the presentation appliance.
-
-
18. A computer implemented method for communicating data using a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the wireless communication device comprising a storage means, the method comprising:
-
storing data to the storage means received from a presentation appliance coupled to the wireless communication device via a split proxy server and a virtual file system, wherein the split proxy server is respectively executed by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network and wherein the virtual file system stores data to the storage means via the split proxy server, encrypting said data for storing; and transmitting the encrypted data to a first zone of the private network for decrypting and virus scanning before providing to a second zone of the private network. - View Dependent Claims (19)
-
-
20. A data communication network comprising:
-
a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user; first components of the private network defining a first zone for receiving encrypted data from the wireless communication device; and second components of the private network defining a second zone for receiving unencrypted and virus scanned data from the first components; wherein the data communication network is configured to; storing data to the storage means received from the presentation appliance coupled to the wireless communication device via a split proxy server and a virtual file system, wherein the split proxy server is respectively executed by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network and wherein the virtual file system stores data to the storage means via the split proxy server, encrypting said data for storing; and transmitting the encrypted data to the first zone of the private network for decrypting and virus scanning before providing to the second zone of the private network.
-
Specification