ENSURING NETWORK CONNECTION SECURITY BETWEEN A WRAPPED APP AND A REMOTE SERVER
First Claim
1. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
- during execution of an app on the device, attempting to open the network connection with the remote server;
intercepting relevant function calls to and from a wrapped app, said intercepting done by a sockets interception layer on top of an IP stack specifically for the wrapped app, wherein said relevant function calls are re-directed to the sockets interception layer and selected based on socket characteristics;
correlating said relevant function calls with a particular network connection;
discerning a certificate by observing data stream between an app and the remote server;
comparing the certificate with a trust store in the wrapped app;
determining whether the certificate can be trusted;
allowing the connection if the certificate is authenticated and trusted, the connection between the wrapped app and the remote server.
3 Assignments
0 Petitions
Accused Products
Abstract
A network connection between an app on a mobile device and a remote server is either enabled or denied based on whether a security wrapped app can verify that the connection is with a known and trusted server. The wrapped app uses a socket interception layer injected into the app code along with a trust store, also part of the wrapped app to determine whether a network connection attempted by the app should be allowed. The layer buffers relevant function calls from the app by intercepting them before they reach the device operating system. If the layer determines that a network connection is attempted, then it snoops the negotiation phase data stream to discern when the server sends a certificate to the app. It obtains this certificate and compares it to data in the trust store and makes a determination of whether the server is known and trusted.
62 Citations
2 Claims
-
1. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
-
during execution of an app on the device, attempting to open the network connection with the remote server; intercepting relevant function calls to and from a wrapped app, said intercepting done by a sockets interception layer on top of an IP stack specifically for the wrapped app, wherein said relevant function calls are re-directed to the sockets interception layer and selected based on socket characteristics; correlating said relevant function calls with a particular network connection; discerning a certificate by observing data stream between an app and the remote server; comparing the certificate with a trust store in the wrapped app; determining whether the certificate can be trusted; allowing the connection if the certificate is authenticated and trusted, the connection between the wrapped app and the remote server.
-
-
2. A method of enabling a network connection between an app on a mobile device and a remote server, the method comprising:
-
intercepting function calls between an app and a remote server; examining a function call to determine if the call is over a network connection; determining whether the app is attempting to make a server connection; observing a data stream between the app and the remote server; obtaining a certificate sent by the remote server; determining whether the certificate is trusted by the app; and allowing the connection with the server.
-
Specification
-
- Resources
-
Current AssigneeBlue Cedar Networks, Inc.
-
Original AssigneeMocana Corporation (DigiCert Incorporated)
-
InventorsBLAISDELL, James, PONTILLO, Michael Scott, PESCATORE, Brian H.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/10
-
CPC Class CodesG06F 21/51 at application loading time...H04L 63/0227 Filtering policies mail mes...H04L 63/0272 Virtual private networksH04L 63/0823 using certificates cryptogr...H04W 12/02 Protecting privacy or anony...H04W 12/37 Managing security policies ...H04W 4/00 Services specially adapted ...
