Method of implementing secure access
First Claim
1. A method for comprising:
- (a) connecting a user device via a publicly-accessible network to a server;
(b) receiving a certificate;
(c) calculating an identifier of the received certificate and converting it to a character string;
(d) modifying the string by removing at least one random character from the string;
(e) displaying the modified string;
(f) receiving, from a user input corresponding to the at least one removed character; and
(g) continuing connection to the server only if the user input matches the at least one removed character.
3 Assignments
0 Petitions
Accused Products
Abstract
A mobile or other device connects to a server via a publicly accessible network such as the Internet. After installation upon the device, a virtual private network (VPN) client connects to the server and downloads a VPN profile. In one embodiment the device creates public/private key pairs and requests enrollment of a digital certificate. In another embodiment a digital certificate and public/private key pairs are provided. The device also receives a digital certificate from the server and verifies the server certificate by requesting the user to supply a portion of a fingerprint for the certificate. The invention further includes an automatic content updating (ACU) client that downloads a user profile for the VPN, requests certificate enrollment, and updates the VPN client and other applications when new content is available. A security service manager (SSM) server includes, or is in communication with, a Web server, multiple databases, an enrollment gateway and an internal certification authority (CA). A VPN policy manager application creates and manages VPN profiles and/or policies and communicates with the SSM server. The SSM server, which may reside on an enterprise intranet, may further communicate with one or more external CAs.
-
Citations
20 Claims
-
1. A method for comprising:
-
(a) connecting a user device via a publicly-accessible network to a server; (b) receiving a certificate; (c) calculating an identifier of the received certificate and converting it to a character string; (d) modifying the string by removing at least one random character from the string; (e) displaying the modified string; (f) receiving, from a user input corresponding to the at least one removed character; and (g) continuing connection to the server only if the user input matches the at least one removed character. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 15)
-
-
12. A device comprising:
-
an interface configured to access a publicly accessible network; and a processor configured to perform; receiving, via the interface, a certificate from a remotely located server, calculating an identifier of the received certificate and converting it to a character string, modifying the string by removing at least one random character from the string, displaying the modified string, receiving, from a user of the device, input corresponding to the at least one removed character, and continuing connection to the server only if the user input matches the at least one removed character. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
13. A machine-readable medium having machine-executable instructions for performing:
-
connecting a user device via a publicly-accessible network to a server; receiving a certificate; calculating an identifier of the received certificate and converting it to a character string; modifying the string by removing at least one random character from the string; displaying the modified string; receiving, from a user, input corresponding to the at least one removed character, and continuing connection to the server only if the user input matches the at least one removed character.
-
-
14. A method for conducting secure communications, comprising:
-
connecting a user device via a publicly-accessible network to a server; receiving a certificate; receiving a modified identifier, the identifier having previously been calculated for the certificate outside of the user device and modified outside of the user device by removal of at least one random character; displaying the modified identifier; receiving, from a user previously provided with the identifier, input corresponding to the at least one removed character; and continuing connection to the server only if the user input matches the at least one removed character.
-
Specification