ESTABLISHING CONNECTIVITY BETWEEN AN ENTERPRISE SECURITY PERIMETER OF A DEVICE AND AN ENTERPRISE

US 20130219471A1
Filed: 07/31/2012
Published: 08/22/2013
Est. Priority Date: 02/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method in a computing device, the method comprising:

establishing a communications channel with a mobile communications device;

establishing one or more communications sessions over the communications channel, including at least a first communications session associated with an enterprise proxy of the mobile communications device;

attempting to establish a connection with a service at an enterprise network via the first communications session; and

selectively providing an access privilege to a first security perimeter of the computing device, the access privilege allowing applications of the first security perimeter to utilize the first communications session for further communications, said providing based upon whether the attempted connection with the service at the enterprise network was established via the first communications session.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Citations

16 Claims

1. A method in a computing device, the method comprising:
- establishing a communications channel with a mobile communications device;
  
  establishing one or more communications sessions over the communications channel, including at least a first communications session associated with an enterprise proxy of the mobile communications device;
  
  attempting to establish a connection with a service at an enterprise network via the first communications session; and
  
  selectively providing an access privilege to a first security perimeter of the computing device, the access privilege allowing applications of the first security perimeter to utilize the first communications session for further communications, said providing based upon whether the attempted connection with the service at the enterprise network was established via the first communications session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the communications channel comprises a tethered communications channel.
  - 3. The method of claim 1, further comprising:
    - providing a limited access privilege to the first security perimeter to utilize the first communications session.
  - 4. The method of claim 3, wherein said providing the limited access privilege includes enabling a virtual communications port associated with an enterprise perimeter.
  - 5. The method of claim 3, wherein the attempted connection is attempted by an enterprise management application in the first security perimeter, the enterprise management application attempting the connection via the first communications session using the limited access privilege, the method further comprising, when the attempted connection is established with the service at enterprise network via the limited access privilege of the first communications session, the access privilege to the first communications session is enabled for other applications in the first security perimeter.
  - 6. The method of claim 1, wherein the application at the enterprise network comprises an enterprise management application.
  - 7. The method of claim 1, wherein attempting communication with the enterprise network comprises use of the enterprise proxy at the mobile communications device.
  - 8. The method of claim 1, wherein the attempting communication with the enterprise network comprises requesting the application to attempt communication with the enterprise network and wherein the application is in the first security perimeter.
  - 9. The method of claim 1, wherein the service at the enterprise network comprises an enterprise management administrative service.
  - 10. The method of claim 1, further comprising, when the attempted connection with the service at the enterprise network is not established, the first communications session is disabled.
  - 11. The method of claim 10, further comprising:
    - establishing a second communications session over the communications channel, the second communications session not associated with the enterprise proxy.

12. A first computing device comprising:
- a network interface configured to establish a communications channel with a mobile communications device;
  
  a perimeter manager configured to manage at least one security perimeter established on the first computing device, the security perimeter having associated applications and security policies; and
  
  a bridge manager configured to establish a communications socket in the security perimeter, the communications socket associated with a first communications session over the communications channel with the mobile communications device,wherein the bridge manager selectively enables or disables the communications socket in the security perimeter based upon whether an enterprise management application is able to establish a connection via the first communications session to a service at an enterprise network.
- View Dependent Claims (13, 14, 15)
- - 13. The first computing device of claim 12, wherein the first communications session is established to an enterprise proxy on the mobile communications device.
  - 14. The first computing device of claim 12, wherein the network interface is a wireless communications interface.
  - 15. The first computing device of claim 12, wherein the computing device is a tablet computer.

16. A method in a mobile communications device, the method comprising:
- establishing a communications channel with a computing device;
  
  establishing one or more communications sessions over the communications channel, including at least a first communications session associated with an enterprise proxy of the mobile communications device, the enterprise proxy communicatively coupled to an enterprise network;
  
  receiving from the computing device a request to establish a connection with a service at the enterprise network via the first communications session; and
  
  attempting to establish the connection with the service at the enterprise network on behalf of the computing device; and
  
  providing information to the computing device regarding the attempted communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Brown & Michaels PC, Herbert A. Little, Russell Graham
Inventors
BROWN, Michael Stephen, LITTLE, Herbert Anthony, TAPUSKA, David Francis, RUSSELL, Graham

Granted Patent

US 9,015,809 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0272   Virtual private networks

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 12/37   Managing security policies ...

ESTABLISHING CONNECTIVITY BETWEEN AN ENTERPRISE SECURITY PERIMETER OF A DEVICE AND AN ENTERPRISE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

ESTABLISHING CONNECTIVITY BETWEEN AN ENTERPRISE SECURITY PERIMETER OF A DEVICE AND AN ENTERPRISE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links