Wireless device mobile application security system

US 7,143,441 B2
Filed: 05/08/2001
Issued: 11/28/2006
Est. Priority Date: 05/08/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A mobile application security system, comprising:

a management and security console computer connected to one or more hosts, each host configured to execute a mobile application that jumps between hosts during execution, the management and security console computer comprising means for monitoring security of the mobile application as it jumps between a dispatching host and another host wherein information about the mobile application and the dispatching host is communicated to the management and security console computer, the security monitoring means further comprising means for determining if authentication of a user of the dispatching host is required prior to dispatch of the mobile application responsive to means for determining if the mobile application is a sensitive mobile application and determining if the dispatching host is a vulnerable host, and means for requesting authentication if authentication of the user is required.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile application security system and method, in the preferred embodiment, permits authentication of a user of a sensitive mobile application dispatched from a vulnerable host to occur, but does not perform user authentication for non-sensitive mobile applications or for sensitive mobile applications dispatched from non-vulnerable hosts. A hub and spoke architecture and a peer-to-peer architecture are described.

Citations

45 Claims

1. A mobile application security system, comprising:
- a management and security console computer connected to one or more hosts, each host configured to execute a mobile application that jumps between hosts during execution, the management and security console computer comprising means for monitoring security of the mobile application as it jumps between a dispatching host and another host wherein information about the mobile application and the dispatching host is communicated to the management and security console computer, the security monitoring means further comprising means for determining if authentication of a user of the dispatching host is required prior to dispatch of the mobile application responsive to means for determining if the mobile application is a sensitive mobile application and determining if the dispatching host is a vulnerable host, and means for requesting authentication if authentication of the user is required.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein requesting means requests the authentication if a sensitive mobile application is being dispatched.
  - 3. The system of claim 1, wherein requesting means requests the authentication if a mobile application is being dispatched from a vulnerable host.
  - 4. The system of claim 1, wherein the management and security console computer further comprises means for authenticating the user based on one or more rules defined by a managing user.
  - 5. The system of claim 1, wherein the management and security console computer further comprises means for assigning a vulnerable classification or a non-vulnerable classification to each host.
  - 6. The system of claim 1, wherein the management and security console computer further comprises means for assigning a sensitive classification or a non-sensitive classification to each mobile application as the mobile application is created.
  - 7. The system of claim 1, wherein each mobile application comprises an itinerary listing a node for each host to which the mobile application jumps in the mobile application system wherein each node indicates if the authentication is required to jump from the particular host and wherein the requesting means requests the authentication based on the node in the itinerary.
  - 8. The system of claim 1, wherein a host comprises one or more wireless devices that are classified as vulnerable.

9. A mobile application security method, comprising:
- receiving data about a mobile application at a security node each time the mobile application jumps from a dispatching host to another host;
  
  determining if authentication of a user of the dispatching host is required prior to dispatch of the mobile application, including determining if the mobile application is a sensitive mobile application and determining if the dispatching node is a vulnerable node; and
  
  responsive to determining, requesting authentication if authentication of the user is required.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein requesting comprises requesting the authentication if a sensitive mobile application is being dispatched.
  - 11. The method of claim 9, wherein requesting comprises requesting the authentication if a mobile application is being dispatched from a vulnerable host.
  - 12. The method of claim 9, further comprising authenticating the user based on one or more rules defined by a managing user.
  - 13. The method of claim 9, further comprising assigning a vulnerable classification or a non-vulnerable classification to each host.
  - 14. The method of claim 9, further comprising assigning a sensitive classification or a non-sensitive classification to each mobile application as the mobile application is created.
  - 15. The method of claim 9, wherein each mobile application comprises an itinerary listing a node for each host to which the mobile application jumps, wherein each node indicates if authentication is required to jump from the particular host and wherein requesting further comprises requesting the authentication based on the node in the itinerary.
  - 16. The method of claim 9, wherein a host comprises one or more wireless devices that are classified as vulnerable.

17. A mobile application security system, comprising:
- a management and security node connected to one or more nodes of a peer-to-peer network, each node configured to execute a mobile application, the management and security node comprising means for monitoring security of the mobile application as it jumps between the one or more nodes wherein data about the mobile application is communicated to the management and security node prior to the mobile application being dispatched from a dispatching node, the security monitoring means further comprising means for determining if authentication of a user of the dispatching node is required prior to dispatch of the mobile application responsive to means for determining if the mobile application is a sensitive application and determining if the dispatching node is a vulnerable node, and means for requesting authentication if authentication of the user is required.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the requesting means requests the authentication if a sensitive mobile application is being dispatched.
  - 19. The system of claim 17, wherein the requesting means requests the authentication if a mobile application is being dispatched from a vulnerable node.
  - 20. The system of claim 17, wherein the management and security node further comprises means for authenticating the user based on one or more rules defined by a managing user.
  - 21. The system of claim 17, wherein the management and security node further comprises means for assigning a vulnerable classification or a non-vulnerable classification to each node.
  - 22. The system of claim 17, wherein the management and security node further comprises means for assigning a sensitive classification or a non-sensitive classification to each mobile application as the mobile application is created.
  - 23. The system of claim 17, wherein each mobile application comprises an itinerary listing a node for each node to which the mobile application jumps in the mobile application system wherein each node indicates if the authentication is required to jump from the particular node and wherein the requesting means requests the authentication based on the node in the itinerary.
  - 24. The system of claim 17, wherein a node comprises one or more wireless devices that are classified as vulnerable.

25. A mobile application security method, comprising:
- receiving data about a mobile application at a management and security node each time the mobile application is being dispatched from a dispatching node in a peer-to-peer network;
  
  determining if authentication of a user of the dispatching node is required prior to dispatch of the mobile application, including determining if the mobile application is a sensitive application and determining if the dispatching node is a vulnerable node; and
  
  responsive to determining, requesting authentication if authentication of the user is required.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The method of claim 25, wherein requesting comprises requesting the authentication if a sensitive mobile application is being dispatched.
  - 27. The method of claim 25, wherein requesting comprises requesting the authentication if a mobile application is being dispatched from a vulnerable node.
  - 28. The method of claim 25, comprising authenticating the dispatching node based on one or more rules defined by a managing user.
  - 29. The method of claim 25, further comprising assigning a vulnerable classification or a non-vulnerable classification to each node.
  - 30. The method of claim 25, further assigning a sensitive classification or a non-sensitive classification to each mobile application as the mobile application is created.
  - 31. The method of claim 25, wherein each mobile application comprises an itinerary listing a node for each node to which the mobile application jumps wherein each node indicates if authentication is required to jump from the particular node and wherein requesting further comprises requesting the authentication based on the node in the itinerary.
  - 32. The method of claim 25, wherein a node comprises one or more wireless devices that are classified as vulnerable.

33. A mobile application security system, comprising:
- a mobile application capable of jumping between hosts during execution; and
  
  a management and security node, in communication with the hosts, the management and security node configured to determine whether to authenticate a user of a dispatching host prior to dispatch of the mobile application responsive to a vulnerability classification of the dispatching host and a sensitivity classification of the mobile application, and request authentication if authentication of the user is required.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The mobile application security system of claim 33 wherein the management and security node requests the authentication responsive to the dispatching host being classified as vulnerable and the mobile application being classified as sensitive.
  - 35. The mobile application system of claim 34 wherein the dispatching host is classified as vulnerable if comprising one from the group containing a wireless device, a mobile device, a handheld device, and a laptop computer.
  - 36. The mobile application security system of claim 33 wherein the management and security node does not request the authentication of the mobile application responsive to the dispatching host being classified as non-vulnerable or the mobile application being classified as non-sensitive.
  - 37. The mobile application system of claim 33 wherein the management and security node receives the mobile application from the dispatching host, and dispatches the mobile application to the receiving host responsive to determining that the authentication is not required or authenticating the mobile application.
  - 38. The mobile application security system of claim 33 wherein the management and security node authenticates the mobile application including receiving a first authentication data prior a jump, receiving a second authentication data during the jump, and comparing the first and second authentication data.
  - 39. The mobile application security system of claim 33 wherein the management and security node authenticates the dispatching host.
  - 40. The mobile application security system of claim 33 herein the management and security node authenticates the dispatching host prior to dispatch.
  - 41. The mobile application security system of claim 33 wherein the hosts do not include the management and security node.
  - 42. The mobile application security system of claim 33 further comprising a host.

43. A mobile application security system, comprising:
- a mobile application capable of jumping between hosts during execution; and
  
  a dispatching host, in communication with a management and security node, the dispatching host configured to provide a vulnerability classification of the dispatching host and a sensitivity classification of the mobile application to the management and security node prior to dispatch in order to determine whether authentication of a user of the dispatching host is required, and to assist authentication of the user responsive to receiving an authentication request.
- View Dependent Claims (44, 45)
- - 44. The mobile application security system of claim 43 wherein the dispatching host sends authentication information to the management and security node to perform the authentication.
  - 45. The mobile application security system of claim 43 wherein the dispatching host dispatches the mobile application to the management and security node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aramira Corporation
Original Assignee
Aramira Corporation
Inventors
Rygaard, Christopher A.
Primary Examiner(s)
Louis-Jacques, Jacques
Assistant Examiner(s)
Poltorak, Piotr

Application Number

US09/851,763
Publication Number

US 20020169983A1
Time in Patent Office

2,030 Days
Field of Search

713168-170, 713/217, 713/201, 713/161, 726/22, 380/270, 455/410
US Class Current

726/22
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04L 63/205   involving negotiation or de...

H04W 12/06   Authentication

H04W 12/126   Anti-theft arrangements, e....

H04W 12/37   Managing security policies ...

H04W 24/00   Supervisory, monitoring or ...

Wireless device mobile application security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless device mobile application security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links