Secure Mobile Framework With Operating System Integrity Checking

US 20140281539A1
Filed: 06/02/2014
Published: 09/18/2014
Est. Priority Date: 03/30/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving, at a remote device, a request to access to a secure container within a memory of the remote device, wherein the secure container is encrypted using information about an operating system of the remote device in an unaltered state;

determining a current state of the operating system of the remote device;

generating, using a processor, a decryption key based on the current state of the operating system of the remote device; and

allowing the secure container to be accessed when the decryption key successfully decrypts the secure container.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client-side security mechanisms, and for the binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system. In some embodiments, the multiple level authentication approach can include an operating system integrity check as part of the secure mobile framework.

43 Citations

View as Search Results

27 Claims

1. A method comprising:
- receiving, at a remote device, a request to access to a secure container within a memory of the remote device, wherein the secure container is encrypted using information about an operating system of the remote device in an unaltered state;
  
  determining a current state of the operating system of the remote device;
  
  generating, using a processor, a decryption key based on the current state of the operating system of the remote device; and
  
  allowing the secure container to be accessed when the decryption key successfully decrypts the secure container.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein generating the decryption key includes a multi-stage key generation sequence based on the current state of the operating system of the remote device.
  - 3. The method of claim 2, wherein the multi-stage key generation sequence is also based on a user password, a device identification, or an application nonce.
  - 4. The method of claim 1, further comprising transmitting the current state of the operating system to a remote gateway.
  - 5. The method of claim 1, further comprising receiving a gateway generated token at the remote device, wherein the decryption key is also generated based on the token.
  - 6. The method of claim 1, further comprising receiving a password from a user of the remote device, wherein the password is used in generating the decryption key.
  - 7. The method of claim 1, further comprising removing data from the secure container when the decryption key does not successfully decrypt the secure container.
  - 8. The method of claim 1, further comprising asynchronously checking the current state of the operating system while generating the decryption key in order to determine if the current state of the operating system has changed.
  - 9. The method of claim 1, wherein determining the current state of the operating system of the remote device is a multi-level determination that includes checking at least a filesystem check, a virtual memory check, or a binary check.

10. A method comprising:
- receiving, at a remote device, a request to access a secure container within a memory of the remote device, wherein the secure container is accessible using an access key;
  
  generating a key to access the secure container by performing a multi-stage key generation sequence based, at least in part, on current configurations of the remote device;
  
  determining if the key generated by the multi-stage key generate sequence matches the access key; and
  
  allowing access to the secure container within the memory of the remote device when the access key matches the key generated by the multi-stage key generations sequence.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein the key is modified at each stage in the multi-stage key generation sequence if the current configurations of the remote device indicate that there has been no modification of a portion of the remote device.
  - 12. The method of claim 10, wherein the key is not modified at a stage in the multi-stage key generation sequence if the current configurations of the remote device indicate that there has been a modification to a portion of the remote device.
  - 13. The method of claim 10, wherein the multi-stage key generation sequence includes a file system check, a virtual memory check, or a binary check.
  - 14. The method of claim 10, wherein generating the key is dependent on successful validation of a user credential and a successful operating system integrity check.
  - 15. The method of claim 10, wherein the multi-stage key generation sequence includes:
    - loading an application nonce;
      
      determining whether a filesystem integrity has been compromised; and
      
      determining whether a virtual memory page integrity has been compromised.
  - 16. The method of claim 15, wherein the application nonce is a cryptographic nonce that is randomly generated.
  - 17. The method of claim 10, wherein the multi-stage key generation sequence includes performing multiple operating system integrity checks to determine if an expected operating system integrity is present.
  - 18. The method of claim 10, wherein the secure container has data stored therein related to a service accessible through a remote gateway.
  - 19. The method of claim 18, wherein the service includes an e-mail service, a trading service, a payment processing service, a customer relationship management service, an inventory system service, a business intelligence service, a healthcare service, a student information service, or a reservation service.
  - 20. The method of claim 10, wherein the secure container includes a framework authentication token used to access the remote gateway.

21. A remote device comprising:
- a processor;
  
  a memory having stored thereon an operating system to manage resources of the remote device;
  
  a secure container stored within the memory of the remote device, wherein the secure container is accessible using an access key;
  
  a validator to test operating system integrity at multiple points;
  
  a key generator configured to generate a key to access the secure container by performing a multi-stage key generation sequence based on the operating system integrity determined by the validator;
  
  an access module to determine if the key generated by the multi-stage key generate sequence matches the access key and allow access to the secure container within the memory of the remote device when the access key matches the key generated by the multi-stage key generations sequence.
- View Dependent Claims (22)
- - 22. The system of claim 21, further comprising a data removal module to remove data stored in the secure container when the validator determines that the operating system integrity has been compromised.

23. A method comprising:
- performing multi-point operating system integrity check on a remote device;
  
  generating an authentication token based on the multi-point operating system integrity check;
  
  initiating a service connection request to establish a secure connection between the remote device and a gateway based on the authentication token; and
  
  creating the secure connection between an enterprise service and the remote device upon successful validation of the service connection request.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method of claim 23, wherein any data transmitted to the remote device is stored within a secure container only accessible by an enterprise-managed application.
  - 25. The method of claim 24, wherein the secure container is encrypted using information about an uncompromised operating system of the remote device.
  - 26. The method of claim 23, further comprising determining a policy that the initiating device should enact in managing an enterprise-managed application.
  - 27. The method of claim 23, wherein the secure connection will not be created if the enterprise cannot verify validation token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synchronoss Technologies Incorporated
Original Assignee
Goldman Sachs & Company (Goldman Sachs Group Incorporated)
Inventors
Faltyn, Daniel, Smith, Andrew J.R.

Application Number

US14/293,765
Publication Number

US 20140281539A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/6281   at program execution time, ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/1433   Vulnerability analysis

H04L 9/0861   Generation of secret inform...

H04L 9/0863   involving passwords or one-...

H04L 9/0866   involving user or device id...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

Secure Mobile Framework With Operating System Integrity Checking

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Mobile Framework With Operating System Integrity Checking

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links