ENSURING NETWORK CONNECTION SECURITY BETWEEN A WRAPPED APP AND A REMOTE SERVER
First Claim
1. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
- during execution of an app on the device, attempting to open the network connection with the remote server;
intercepting relevant function calls to and from a wrapped app, said intercepting done by a sockets interception layer on top of an IP stack specifically for the wrapped app, wherein said relevant function calls are re-directed to the sockets interception layer and selected based on socket characteristics;
correlating said relevant function calls with a particular network connection;
discerning a certificate by observing data stream between an app and the remote server;
comparing the certificate with a trust store in the wrapped app;
determining whether the certificate can be trusted;
allowing the connection if the certificate is authenticated and trusted, the connection between the wrapped app and the remote server.
3 Assignments
0 Petitions
Accused Products
Abstract
A network connection between an app on a mobile device and a remote server is either enabled or denied based on whether a security wrapped app can verify that the connection is with a known and trusted server. The wrapped app uses a socket interception layer injected into the app code along with a trust store, also part of the wrapped app to determine whether a network connection attempted by the app should be allowed. The layer buffers relevant function calls from the app by intercepting them before they reach the device operating system. If the layer determines that a network connection is attempted, then it snoops the negotiation phase data stream to discern when the server sends a certificate to the app. It obtains this certificate and compares it to data in the trust store and makes a determination of whether the server is known and trusted.
62 Citations
2 Claims
-
1. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
-
during execution of an app on the device, attempting to open the network connection with the remote server; intercepting relevant function calls to and from a wrapped app, said intercepting done by a sockets interception layer on top of an IP stack specifically for the wrapped app, wherein said relevant function calls are re-directed to the sockets interception layer and selected based on socket characteristics; correlating said relevant function calls with a particular network connection; discerning a certificate by observing data stream between an app and the remote server; comparing the certificate with a trust store in the wrapped app; determining whether the certificate can be trusted; allowing the connection if the certificate is authenticated and trusted, the connection between the wrapped app and the remote server.
-
-
2. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
-
intercepting function calls between an app and a remote server; examining a function call to determine if the call is over a network connection; determining whether the app is attempting to make a server connection; observing a data stream between the app and the remote server; obtaining a certificate sent by the remote server; determining whether the certificate is trusted by the app; and allowing the connection with the server.
-
Specification