Secured privileged access to an embedded client on a mobile device

US 20130054969A1
Filed: 08/30/2012
Published: 02/28/2013
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a secured privileged access for an embedded client of mobile device comprising the steps of:

embedding a stub into the mobile device with “

root”

privilege;

installing a Virtual Mobile Management (‘

VMM”

) client and tools on the mobile device;

attempting a Session Mediation Server connection with the mobile device;

detecting whether the VMM Client has a privilege to invoke any of the installed tools;

invoking said stub and elevating an access level of a tool stub to make a connection with the Session Mediation Server;

receiving a stub connection request from the Session Mediation server; and

performing a mutual authentication between the stub, the VMM Client and the Session Mediation Server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an apparatus and method to access privileges of Virtual Mobile Management (VMM) client in mobile device. A disclosed example method contains an assigning embedded stub to raise the access privilege of the tool on a mobile device, the embedded stub is integrated by an operating system of the mobile device with “root” privilege, determining via a secured key exchange algorithm that the VMM client and tools is authorized to be installed on the mobile device then, the VMM client and tools of a mobile device are authorized to access a network interface of the Communication Endpoint Gateway (CEG) server, configuring the embedded stub to install the key exchange procedure for the shared certification between the embedded stub, VMM client and the session mediation server, enabling the embedded stub to communicate through a secure link via VMM client.

24 Citations

View as Search Results

11 Claims

1. A method for obtaining a secured privileged access for an embedded client of mobile device comprising the steps of:
- embedding a stub into the mobile device with “
  
  root”
  
  privilege;
  
  installing a Virtual Mobile Management (‘
  
  VMM”
  
  ) client and tools on the mobile device;
  
  attempting a Session Mediation Server connection with the mobile device;
  
  detecting whether the VMM Client has a privilege to invoke any of the installed tools;
  
  invoking said stub and elevating an access level of a tool stub to make a connection with the Session Mediation Server;
  
  receiving a stub connection request from the Session Mediation server; and
  
  performing a mutual authentication between the stub, the VMM Client and the Session Mediation Server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1 wherein the VMM client and tools of a mobile device are authorized to access a network interface of a Communication Endpoint Gateway (CEG) server.
  - 3. The method according to claim 1 wherein the embedded stub enables the VMM client to connect with the Session Mediation Server.
  - 4. The method according to claim 1 wherein the embedded stub can communicate through a secure link via VMM client.
  - 5. The method according to claim 1 including a security key data flow between the session mediation server and the embedded stub in which remote control authorization is provided by an embedded stub to the VMM client comprising the steps of:
    - VMM Client sends a connection request to the embedded stub;
      
      embedded stub sends a random session token to VMM Client;
      
      VMM Client sends a NULL authentication vector to indicate to the embedded stub that it does not have the session key;
      
      embedded stub sends a challenge request with encrypted random number and the crypto suite that was used to encrypt the random number;
      
      VMM Client forwards the message to the Server;
      
      session Mediation Server computes hash on the random value r2 with decrypted er1 as key.server creates a signature of r1 and r2 random numbers and sends the signature to VMM Client;
      
      VMM Client forwards the signature to embedded stub;
      
      embedded stub verifies the signature and sends the Shared Secret Key (SSK) which is encrypted;
      
      server decrypts the SSK and sends the response to VMM Client; and
      
      VMM Client computes hash on token t1 with the SSK and requests the session token from the embedded stub;
      
      wherein the embedded stub sends the session token information to the VMM Client and completes the mutual authentication process before the session starts.
  - 6. The method of claim 3 wherein said embedded client stub supports the remote control authentication between session mediation server and VMM client without security threats.
  - 7. The method of claim 1 wherein said installed tool captures a device screen by the mobile device.
  - 8. The method of claim 1 wherein said installed tool collects desired device diagnostics and provides self-care support for remote session activation and manage security protocol.
  - 9. The method of claim 7 including the injection of key events into the device screen by an RD Mobile application.
  - 10. The method of claim 7 including the simulation of touch events on the device screen by an RD Mobile application.
  - 11. The method of claim 8 wherein said desired device diagnostics from the group comprising:
    - network status, power status, Mobile Network Code (MNC), Mobile Country Code (MCC), International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), Electronic Serial Number (ESN), and battery level of the smart phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
AetherPal, Inc. (Broadcom, Inc.)
Inventors
Parmar, Ramesh, Ayyalasomayajula, Subramanyam, Charles, Calvin, Gonsalves, Deepak, Oh, Byung Joon

Granted Patent

US 8,782,412 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 63/0869   for achieving mutual authen...

H04L 9/0822   using key encryption key

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

Secured privileged access to an embedded client on a mobile device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secured privileged access to an embedded client on a mobile device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links