SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE HAVING ENDPOINT INDEPENDENCE

US 20100306528A1
Filed: 07/15/2010
Published: 12/02/2010
Est. Priority Date: 01/16/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for virtualizing a presentation layer of a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:

defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;

defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data;

defining an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system;

defining a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and

executing the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The connectivity and security of wireless handheld devices (HDs) can he leveraged to provide a presentation appliance (PA) (e.g. a laptop) with an ability to securely communicate with an enterprise'"'"'s private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP 1.1 compliant Internet/Web Proxy to couple the PA for communication through the HD. Support for the pragmatic keep-alive header, the CONNECT method, socket connection sharing, and thread pooling, enables a fully functional browsing environment to access web-based applications that are built on standard Internet technologies without the need for re-rendering or re-writing the user interfaces to suit the HD. In addition, Intranet web-based applications are made securely accessible without the need for additional VPN and remote access technologies. The PA may be configured to prevent residual storage of sensitive data on the PA.

Citations

20 Claims

1. A computer implemented method for virtualizing a presentation layer of a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:
- defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data;
  
  defining an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system;
  
  defining a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  executing the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein a one of the plurality of applications comprises a first browser application, the method further comprising:
    - executing the split proxy server on the presentation appliance in the execution environment;
      
      obtaining authentication information for authorizing communications for restricted resources of the private network or wireless communication device;
      
      sharing the authentication information between the split proxy and the first browser application within the execution environment for use by the first browser application to communicate for the restricted resources of the private network or wireless communication device and to thereby prevent a second browser application executing outside the execution environment from communicating for said resources without the authentication information.
  - 3. The method of claim 1 wherein the execution environment comprises a Java Virtual Machine (JVM) and the plurality of applications are configured for execution in the JVM.
  - 4. The method of claim 1 wherein the private network comprises an enterprise Local Area Network (LAN) and the wireless communication device is configured to communicate securely for restricted data or other resources from the enterprise LAN.
  - 5. The method of claim 3 wherein the split proxy server is configured to route requests for data or other resources from the enterprise LAN via one or more proxy servers of the enterprise LAN.
  - 6. The method of claim 4 wherein the enterprise LAN provides a gateway to a public network for requesting data or resources of the public network and wherein the split proxy couples the presentation appliance for data communication with the public network.
  - 7. The method of claim 1 wherein the split proxy server provides an encrypted transport connection for communicating between the wireless communication device and the presentation appliance.
  - 8. The method of claim 1 wherein the at least one of the applications having a user interface to operate the wireless communication device provides a user interface for visualizing one or more of email, contact, and calendar data from the wireless communication device.
  - 9. The method of claim 8 wherein one or more of the plurality of applications executing in the execution environment are configured for rendering data comprising an attachment to an email.

10. A computer-readable storage medium having computer executable instructions stored thereon for adapting a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network and a presentation appliance for data communications, said instructions including first code means for adapting the wireless communication device and second code means for adapting the appliance, such that when the first and second code means are executed by respective processors of the wireless communication device and appliance, the wireless communication device and appliance are configured to:
- define a split proxy server for respective execution by the presentation appliance and the wireless communication device For configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the-split proxy server, said file system providing a private data zone for securely storing data;
  
  define an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system;
  
  define a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  execute the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.

11. A data communication system comprising:
- a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and
  
  a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user;
  
  wherein the wireless communication device and presentation appliance are configured to;
  
  define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server, said file system providing a private data zone for securely storing data;
  
  define an execution environment on the presentation appliance for restrictively executing applications, said environment configured to enable an application running in the execution environment to access data stored to the private data zone using the virtual file system and restrict the application running in the execution environment to only store data securely to the private data zone using the virtual file system;
  
  define a plurality of applications for execution by the presentation appliance in the execution environment, at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  execute the plurality of applications thereby to visualize a presentation layer of the wireless communication device on the presentation appliance for securely communicating data without storing the data to the presentation appliance.

12. A computer implemented method for communicating data using a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the method comprising:
- defining a split proxy server for respective execution by a presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  defining a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server;
  
  defining a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  executing the at least one application for securely communicating data without storing the data to the presentation appliance.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12 wherein defining the split proxy and defining the virtual file system includes defining an I/O interface in accordance with WebDAV for accessing data on the wireless communication device.
  - 14. The method of claim 12 wherein data containment environment operates to trap requests to store data by the applications to a storage device available to the presentation appliance and temporally cache the data thereby to only transiently store the data on the presentation appliance.
  - 15. The method of claim 12 wherein the data containment environment operates to prevent operation of network interfaces.

16. A computer-readable storage medium having computer executable instructions stored thereon for adapting a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network and a presentation appliance for data communications, said instructions including first code means for adapting the wireless communication device and second code means for adapting the presentation appliance, such that when the first and second code means are executed by respective processors of the wireless communication device and appliance, the wireless communication device and appliance are configured to:
- define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server;
  
  define a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  execute the at least one application for securely communicating data without storing the data to the presentation appliance.

17. A data communication system comprising:
- a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and
  
  a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user;
  
  wherein the wireless communication device and presentation appliance are configured to;
  
  define a split proxy server for respective execution by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network;
  
  define a virtual file system for the presentation appliance for storing data to a store of the wireless communication device via the split proxy server;
  
  define a data containment environment on the presentation appliance for restricting applications executing on the applications from storing, other than transiently, or communicating data other than via the virtual file system, wherein at least one of the applications having a user interface to operate the wireless communication device from the presentation appliance to communicate data with the private network via the split proxy server; and
  
  execute the at least one application for securely communicating data without storing the data to the presentation appliance.

18. A computer implemented method for communicating data using a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network, the wireless communication device comprising a storage means, the method comprising:
- storing data to the storage means received from a presentation appliance coupled to the wireless communication device via a split proxy server and a virtual file system, wherein the split proxy server is respectively executed by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network and wherein the virtual file system stores data to the storage means via the split proxy server, encrypting said data for storing; and
  
  transmitting the encrypted data to a first zone of the private network for decrypting and virus scanning before providing to a second zone of the private network.
- View Dependent Claims (19)
- - 19. The method of claim 18 wherein the storage means comprises a removable storage means coupled to the wireless communication device.

20. A data communication network comprising:
- a wireless communication device configured to communicate data over a public wireless network including communicating data securely with a private network over the public wireless network; and
  
  a presentation appliance for virtualizing a presentation layer of the wireless communication device to a user;
  
  first components of the private network defining a first zone for receiving encrypted data from the wireless communication device; and
  
  second components of the private network defining a second zone for receiving unencrypted and virus scanned data from the first components;
  
  wherein the data communication network is configured to;
  
  storing data to the storage means received from the presentation appliance coupled to the wireless communication device via a split proxy server and a virtual file system, wherein the split proxy server is respectively executed by the presentation appliance and the wireless communication device for configuring the presentation appliance and wireless communication device for secure communication therebetween and to enable the presentation appliance to communicate data securely with the private network over the public wireless network and wherein the virtual file system stores data to the storage means via the split proxy server, encrypting said data for storing; and
  
  transmitting the encrypted data to the first zone of the private network for decrypting and virus scanning before providing to the second zone of the private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Dixon, Kevin, Dietrich, Trevor, Andress, Mark, Noble, Duncan

Granted Patent

US 8,621,199 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/061   for key exchange, e.g. in p...

H04L 67/2876   Pairs of inter-processing e...

H04W 12/00   Security arrangements; Auth...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 12/65   Environment-dependent, e.g....

SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE HAVING ENDPOINT INDEPENDENCE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE HAVING ENDPOINT INDEPENDENCE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links