TECHNIQUES FOR PROTECTING MOBILE APPLICATIONS

US 20140020062A1
Filed: 07/10/2013
Published: 01/16/2014
Est. Priority Date: 07/11/2012
Status: Active Grant

First Claim

Patent Images

1. A method programmed within memory or a non-transitory machine-readable storage medium and processed by one or more processors of a mobile device that is configured to perform the method, comprising:

registering, via the mobile device, a mobile application agent over a network to interact with remote enterprise services that are accessed over the network from the mobile device using a remote mobile application that interacts with the mobile application agent;

establishing, via the mobile device, a secure connection with the remote mobile application; and

using, via the mobile device, the secure connection to access features of the remote mobile application via user interaction with the mobile application agent.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for protecting mobile applications are presented. A user'"'"'s mobile device is provisioned and proxied over a cloud environment with enterprise policy enforced in that cloud environment. Enterprise applications run on the mobile device within the cloud environment. Administrative reporting and control occurs within the cloud environment and the enterprise applications establish connections to, authenticate to, and communicate with remote enterprise services via the provisioned cloud environment.

101 Citations

View as Search Results

20 Claims

1. A method programmed within memory or a non-transitory machine-readable storage medium and processed by one or more processors of a mobile device that is configured to perform the method, comprising:
- registering, via the mobile device, a mobile application agent over a network to interact with remote enterprise services that are accessed over the network from the mobile device using a remote mobile application that interacts with the mobile application agent;
  
  establishing, via the mobile device, a secure connection with the remote mobile application; and
  
  using, via the mobile device, the secure connection to access features of the remote mobile application via user interaction with the mobile application agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19, 20)
- - 2. The method of claim 1 further comprising, providing, on the mobile device and via the mobile application agent, an input interface to transfer input data that is provided from the user to the remote mobile application for processing.
  - 3. The method of claim 2 further comprising, providing, on the mobile device and via the mobile application agent, an output interface to communicate output data on the mobile device that is produced by the remote mobile application.
  - 4. The method of claim 1 further comprising, sending, from the mobile device, metrics dynamically gathered from the processing environment of the mobile device, the metrics defined by a profile or a policy.
  - 5. The method of claim 4, wherein sending further includes sending some of the metrics for initially establishing the connection to the remote mobile application.
  - 6. The method of claim 4, wherein sending includes sending some of the metrics based on user interaction with the remote mobile application via the mobile application agent.
  - 7. The method of claim 1 further comprising, wiping, via the mobile device, any information related to the connection from memory or storage of the mobile device when the connection terminates.
  - 8. The method of claim 1 further comprising, removing, via the mobile device, the mobile application agent when instructed by the remote mobile application indicating the mobile device is being de-provisioned for access.
  - 9. The method of claim 1, wherein registering further includes providing employee credentials when registering the mobile application agent.
  - 10. The method of claim 1, wherein establishing further includes using custom encryption during the secure communication between the mobile device and the remote mobile application.
  - 11. The method of claim 1, wherein using further includes operating the mobile application agent as a thin client on the mobile device where features of the remote mobile application are proxied on an enterprise controlled cloud processing environment on behalf of the mobile application agent.
  - 19. The system of claim 1, wherein the second machine is one of:
    - a phone, a tablet, a laptop, and a wearable processing device.
  - 20. The system of claim 1, wherein the first machine is one of:
    - a Virtual Machine on a server, the server, and a cloud processing environment.

12. A method programmed within memory or a non-transitory machine-readable storage medium and processed by one or more processors of a server machine that is configured to perform the method, comprising:
- receiving, at the server machine, a connection request to a mobile application from a mobile agent of a mobile device;
  
  authenticating, at the server machine, a user of the mobile agent and the mobile device for access to the mobile application;
  
  provisioning, at the server machine, features and resources for use by the mobile agent;
  
  configuring, at the server machine, policies in response to the authenticated user and the mobile device; and
  
  proxying, from the server machine, the mobile application for the mobile device while enforcing the policies based on interactions driven from the mobile agent of the mobile device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 further comprising, disconnecting, via the server machine, a connection between the mobile agent and the mobile application based on a detected terminating event.
  - 14. The method of claim 13, wherein disconnecting further includes recognizing the terminating event as one or more of a terminated user, a user acting beyond an authorized scope according to the policies, and actions taken by the user indicating a risk of a security breach.
  - 15. The method of claim 12, wherein receiving further includes sending specific connection details to the user to facilitate a connection.
  - 16. The method of claim 15, wherein sending further includes sending the details via one of:
    - a text message to the mobile device and an email to an email address of the user.
  - 17. The method of claim 12, wherein configuring further includes determining how to perform the provisioning based on an authenticated identity assigned to the user.

18. A system, comprising:
- a first machine having memory programmed with a cloud-based application that executes on one or more processors of the first machine; and
  
  a second machine having memory programmed with a mobile device-based agent that executes on one or more processors of the second machine;
  
  wherein the cloud-based application is configured to be proxied from the first machine on behalf of a user of the second machine based on direction supplied via the mobile device-based agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetIQ Corporation (Open Text Corporation)
Original Assignee
NetIQ Corporation (Open Text Corporation)
Inventors
Burch, Lloyd Leon, Tumula, Chandra Shekhar Rao

Granted Patent

US 9,240,977 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

TECHNIQUES FOR PROTECTING MOBILE APPLICATIONS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR PROTECTING MOBILE APPLICATIONS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links