MOBILE ENTERPRISE SMARTCARD AUTHENTICATION
First Claim
1. A method for use in multi-factor authentication to an enterprise network, comprising:
- first receiving, at a user'"'"'s mobile device, an identity certificate and digital signature of the user from a smart card connected with a reader interface of the mobile device;
passing the identity certificate and digital signature from the mobile device to a central management server over at least one network; and
second receiving, at the user'"'"'s mobile device, a Virtual Private Network (VPN) certificate to access the enterprise network via a VPN connection in response to the passing.
8 Assignments
0 Petitions
Accused Products
Abstract
Utilities that allow for multi-factor authentication into an enterprise network with a smart card using mobiles devices (e.g., smartphones, tablets, etc.), where almost any application (app) or website that accesses enterprise resources can be launched or executed to automatically establish of a VPN connection with the enterprise network free of necessarily having to specially configure the apps or websites to be useable with smart cards, card readers, etc. Virtually any app can be used and take advantage of the multifactor authentication free or substantially free of modification to the app itself as the disclosed utilities may take advantage of the native VPN clients and capabilities provided with the mobile device operating system (OS) (e.g., Android®, iOS). As a result, a much more flexible solution may be provided that allows the use of commercially available apps (e.g., from an “App Store”) as well as, for instance, enterprise developed apps.
78 Citations
24 Claims
-
1. A method for use in multi-factor authentication to an enterprise network, comprising:
-
first receiving, at a user'"'"'s mobile device, an identity certificate and digital signature of the user from a smart card connected with a reader interface of the mobile device; passing the identity certificate and digital signature from the mobile device to a central management server over at least one network; and second receiving, at the user'"'"'s mobile device, a Virtual Private Network (VPN) certificate to access the enterprise network via a VPN connection in response to the passing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for use in multi-factor authentication to an enterprise network, comprising:
-
first receiving, at a management server over at least one network, credentials verifying at least one of at least two authentication factors from a user via a mobile device; first sending, from the management server to a first Certificate Authority (CA) server, a request to validate the credentials verifying at least one of the at least two authentication factors; and second sending, from the management server, a request for a certificate to access the enterprise network via a VPN connection from a second CA server based on whether the request was validated in the first sending. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A multi-factor authentication system for allowing access to an enterprise network over a virtual private network (VPN) connection with a mobile device, comprising:
-
a client application configured to run on a user'"'"'s mobile device, wherein the client application is executable by a processor of the mobile device to; first receive an identity certificate of the user from a smart card connected with a reader interface of the mobile device; and second receive a digital signature of the user; and a central management server of the enterprise network in communication with the client application over at least one network, wherein the central management server is configured to; receive the identity certificate and digital signature from the client application via at least one network; first send a request to a first Certificate Authority (CA) server to validate the identity certificate; second send a request for a VPN certificate from a second CA server that allows the mobile device to establish a VPN connection into the enterprise network by the mobile device. - View Dependent Claims (21, 22, 23, 24)
-
Specification