Providing Virtualized Private Network tunnels

US 20140109171A1
Filed: 09/16/2013
Published: 04/17/2014
Est. Priority Date: 10/15/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

storing, by a mobile device, a ticket in a secure container usable to store data related to a managed application being provided by the mobile device, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway;

providing the managed application with access to the at least one resource based on the ticket, the VPN tunnel, and policy information that describes one or more policies for providing the managed application of the apparatus with access to the at least one resource;

determining to perform a selective wipe;

determining that the ticket is stored by the mobile device; and

deleting the ticket from the secure container.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.

15 Citations

View as Search Results

20 Claims

1. A method, comprising:
- storing, by a mobile device, a ticket in a secure container usable to store data related to a managed application being provided by the mobile device, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway;
  
  providing the managed application with access to the at least one resource based on the ticket, the VPN tunnel, and policy information that describes one or more policies for providing the managed application of the apparatus with access to the at least one resource;
  
  determining to perform a selective wipe;
  
  determining that the ticket is stored by the mobile device; and
  
  deleting the ticket from the secure container.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16)
- - 2. The method of claim 1, further comprising:
    - storing, at the mobile device, the policy information in the secure container; and
      
      deleting the policy information as part of a selective wipe process that deletes secured data associated with the managed application.
  - 3. The method of claim 2, further comprising:
    - searching the secure container for the ticket based on information included in the policy information.
  - 4. The method of claim 1, further comprising:
    - transmitting a selective wipe acknowledgement to the access gateway, wherein the acknowledgement includes a listing of tickets that were deleted during the selective wipe.
  - 5. The method of claim 1, wherein determining that the ticket is stored by the mobile device includes analyzing the policy information for an identification of the ticket or a location where the ticket is stored.
  - 6. The method of claim 1, wherein the VPN tunnel is a per-application policy-controlled VPN tunnel that provides only the application with access to the at least one resource.
  - 7. The method of claim 1, wherein determining to perform the selective wipe is based on the managed application being switched from a managed mode of operation to an unmanaged mode of operation.
  - 8. The method of claim 1, wherein determining to perform the selective wipe is based on one or more of the following:
    - a determination that the mobile device is jailbroken or rooted, a determination that the mobile device is installed with a blacklisted application, or a determination that the mobile device is not configured with a lock screen.
  - 9. The method of claim 1, wherein determining to perform the selective wipe is based on the managed application being uninstalled.
  - 16. The method of claim 1, wherein determining to perform the selective wipe is based on one or more of the following:
    - the managed application being switched from a managed mode of operation to an unmanaged mode of operation, the managed application being uninstalled, a determination that the mobile device is jailbroken or rooted, a determination that the mobile device is installed with a blacklisted application, or a determination that the mobile device is not configured with a lock screen.

10. An apparatus, comprising:
- at least one processor; and
  
  memory storing executable instructions configured to, when executed by the at least one processor, cause the apparatus to;
  
  store a ticket in a secure container usable to store data related to a managed application being provided by the apparatus, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway,provide the managed application with access to the at least one resource based on the ticket, the VPN tunnel, and policy information that describes one or more policies for providing the managed application of the apparatus with access to the at least one resource,determine to perform a selective wipe,determine that the ticket is stored by the mobile device, anddelete the ticket from the secure container.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus of claim 10, wherein the executable instructions are configured to, when executed by the at least one processor, further cause the apparatus to:
    - store the policy information in the secure container; and
      
      delete the policy information as part of a selective wipe process that deletes secured data associated with the managed application.
  - 12. The apparatus of claim 10, wherein the executable instructions are configured to, when executed by the at least one processor, further cause the apparatus to search the secure container for the ticket based on information included in the policy information.
  - 13. The apparatus of claim 10, wherein the executable instructions are configured to, when executed by the at least one processor, further cause the apparatus to transmit a selective wipe acknowledgement to the access gateway, wherein the acknowledgement includes a listing of tickets that were deleted during the selective wipe.
  - 14. The apparatus of claim 10, wherein determining that the ticket is stored by the mobile device includes analyzing the policy information for an identification of the ticket or a location where the ticket is stored.
  - 15. The apparatus of claim 10, wherein the VPN tunnel is a per-application policy-controlled VPN tunnel that provides only the application with access to the at least one enterprise resource.

17. One or more non-transitory computer-readable media storing instructions configured to, when executed, cause at least one computing device to:
- store a ticket in a secure container usable to store data related to a managed application being provided by the apparatus, wherein the ticket is configured to provide authentication in connection with creating a virtual private network (VPN) tunnel for the managed application to at least one resource accessible through an access gateway;
  
  provide the managed application with access to the at least one resource based on the ticket, the VPN tunnel, and policy information that describes one or more policies for providing the managed application of the apparatus with access to the at least one resource;
  
  determine to perform a selective wipe;
  
  determine that the ticket is stored by the mobile device; and
  
  delete the ticket from the secure container.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more non-transitory computer-readable media of claim 17, wherein the instructions are configured to, when executed, further cause said at least one computing device to:
    - store the policy information in the secure container;
      
      delete the policy information as part of a selective wipe process that deletes secured data associated with the managed application; and
      
      search the secure container for the ticket based on information included in the policy information.
  - 19. The one or more non-transitory computer-readable media of claim 17, wherein the instructions are configured to, when executed, further cause said at least one computing device to transmit a selective wipe acknowledgement to the access gateway, wherein the acknowledgement includes a listing of tickets that were deleted during the selective wipe.
  - 20. The one or more non-transitory computer-readable media of claim 17, wherein determining that the ticket is stored by the mobile device includes analyzing the policy information for an identification of the ticket or a location where the ticket is stored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Barton, Gary, Lang, Zhongmin, Desai, Nitin, Walker, James Robert

Application Number

US14/027,929
Publication Number

US 20140109171A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

H04W 12/086   using security domains

H04W 12/37   Managing security policies ...

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

Providing Virtualized Private Network tunnels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing Virtualized Private Network tunnels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links