Mobile gateway for secure extension of enterprise services to mobile devices
First Claim
1. An apparatus for use in controlling access to an enterprise service of an enterprise network from a mobile device in a communication system, the apparatus comprising:
- a gateway having a first server and a second server;
the first server of the gateway being arranged behind a firewall of the enterprise network and being coupled between the second server and one or more enterprise servers of the enterprise network;
the second server being arranged in front of the firewall and being configured for communication with an operator network associated with the mobile device;
wherein the gateway controls interaction between the mobile device and the one or more enterprise servers such that access to one or more associated enterprise services is provided in a secure manner;
wherein the gateway is configured to provide access control based on a stored multi-dimensional service access control matrix comprising at least a user dimension, a service dimension and a device dimension, the device dimension identifying mobile devices assigned to users identified by the user dimension, the service dimension identifying services accessible to said users via the mobile devices identified by the device dimension, a given entry in the service access control matrix comprising a particular permissible combination of a user identifier, a service identifier and a device identifier;
the gateway is configured to create at least one mobile service image based at least in part on the service access control matrix;
the gateway is configured to update the at least one mobile service image upon receipt of at least one of a notification or a service request; and
wherein the gateway is configured to deny a given access attempt initiated by one of the users identified by the user dimension from one of the mobile devices identified by the device dimension unless a combination of its associated user identifier, service identifier and device identifier corresponds to an entry in the service access control matrix.
24 Assignments
0 Petitions
Accused Products
Abstract
Controlled access to enterprise services is provided for a mobile device in a communication system, via a mobile gateway having a first server and a second server. The first server of the gateway is arranged behind a firewall of the enterprise network and is coupled between the second server and one or more enterprise servers of the enterprise network. The second server is arranged in front of the enterprise firewall and is configured for communication with an operator network associated with the mobile device. The gateway controls interaction between the mobile device and the one or more enterprise servers such that access to one or more associated enterprise services is provided in a secure manner.
-
Citations
20 Claims
-
1. An apparatus for use in controlling access to an enterprise service of an enterprise network from a mobile device in a communication system, the apparatus comprising:
-
a gateway having a first server and a second server; the first server of the gateway being arranged behind a firewall of the enterprise network and being coupled between the second server and one or more enterprise servers of the enterprise network; the second server being arranged in front of the firewall and being configured for communication with an operator network associated with the mobile device; wherein the gateway controls interaction between the mobile device and the one or more enterprise servers such that access to one or more associated enterprise services is provided in a secure manner; wherein the gateway is configured to provide access control based on a stored multi-dimensional service access control matrix comprising at least a user dimension, a service dimension and a device dimension, the device dimension identifying mobile devices assigned to users identified by the user dimension, the service dimension identifying services accessible to said users via the mobile devices identified by the device dimension, a given entry in the service access control matrix comprising a particular permissible combination of a user identifier, a service identifier and a device identifier; the gateway is configured to create at least one mobile service image based at least in part on the service access control matrix; the gateway is configured to update the at least one mobile service image upon receipt of at least one of a notification or a service request; and wherein the gateway is configured to deny a given access attempt initiated by one of the users identified by the user dimension from one of the mobile devices identified by the device dimension unless a combination of its associated user identifier, service identifier and device identifier corresponds to an entry in the service access control matrix. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for use in controlling access to an enterprise service of an enterprise network from a mobile device in a communication system, the method comprising the step of:
-
controlling interaction between the mobile device and one or more enterprise servers of the enterprise network via a gateway having a first server and a second sewer, such that access to one or more associated enterprise services is provided in a secure manner; the first server of the gateway being arranged behind a firewall of the enterprise network and being coupled between the second server and one or more enterprise servers of the enterprise network; the second server being arranged in front of the firewall and being configured for communication with an operator network associated with the mobile device; wherein the gateway is configured to provide access control based on a stored multi-dimensional service access control matrix comprising at least a user dimension, a service dimension and a device dimension, the device dimension identifying mobile devices assigned to users identified by the user dimension, the service dimension identifying services accessible to said users via the mobile devices identified by the device dimension, a given entry in the service access control matrix comprising a particular permissible combination of a user identifier, a service identifier and a device identifier; the gateway is configured to create at least one mobile service image based at least in part on the service access control matrix; the gateway is configured to update the at least one mobile service image upon receipt of at least one of a notification or a service request; and wherein the gateway is configured to deny a given access attempt initiated by one of the users identified by the user dimension from one of the mobile devices identified by the device dimension unless a combination of its associated user identifier, service identifier and device identifier corresponds to an entry in the service access control matrix.
-
-
20. An article of manufacture comprising a machine-readable storage medium encoded with software code for use in controlling access to an enterprise service of an enterprise network from a mobile device in a communication system, wherein the software code when executed implements the step of:
-
controlling interaction between the mobile device and one or more enterprise servers of the enterprise network via a gateway having a first server and a second server, such that access to one or more associated enterprise services is provided in a secure manner; the first server of the gateway being arranged behind a firewall of the enterprise network and being coupled between the second server and one or more enterprise servers of the enterprise network; the second server being arranged in front of the firewall and being configured for communication with an operator network associated with the mobile device; wherein the gateway is configured to provide access control based on a stored multi-dimensional service access control matrix comprising at least a user dimension, a service dimension and a device dimension, the device dimension identifying mobile devices assigned to users identified by the user dimension, the service dimension identifying services accessible to said users via the mobile devices identified by the device dimension, a given entry in the service access control matrix comprising a particular permissible combination of a user identifier, a service identifier and a device identifier; the gateway is configured to create at least one mobile service image based at least in part on the service access control matrix; the gateway is configured to update the at least one mobile service image upon receipt of at least one of a notification or a service request; and wherein the gateway is configured to deny a given access attempt initiated by one of the users identified by the user dimension from one of the mobile devices identified by the device dimension unless a combination of its associated user identifier, service identifier and device identifier corresponds to an entry in the service access control matrix.
-
Specification