Method for implementing secure corporate communication
First Claim
1. A method comprising:
- (a) initiating a connection via a publicly accessible network from a wireless device, whereinthe wireless device includes an unprovisioned virtual private network (VPN) program and an unprovisioned automatic content updating (ACU) program, andthe ACU program is configured, upon provisioning, to communicate with one or more remotely-located devices on behalf of at least one additional program that is distinct from the ACU and VPN programs;
(b) prior to step (c), validating and storing a returned certificate corresponding to one of the one or more remotely-located devices so as to create a trust relationship with that remotely-located device, wherein said validating and storing includes requiring input of multiple characters from a user of the wireless devices, wherein the multiple characters are a portion of an identifier for the certificate corresponding to one of the one or more remotely-located devices;
(c) receiving, in the wireless device and using the connection, information for provisioning the ACU program;
(d) provisioning the ACU program based upon the information received in step (c);
(e) receiving in the wireless device, via the publicly accessible network and using the provisioned ACU program, information for provisioning the VPN program;
(f) provisioning the VPN program based upon the information received in step (e); and
(g) creating a secure communication link using the provisioned VPN program.
7 Assignments
0 Petitions
Accused Products
Abstract
A mobile or other device connects to a server via a publicly accessible network such as the Internet. After installation upon the device, a virtual private network (VPN) client connects to the server and downloads a VPN profile. In one embodiment the device creates public/private key pairs and requests enrollment of a digital certificate. In another embodiment a digital certificate and public/private key pairs are provided. The device also receives a digital certificate from the server and verifies the server certificate by requesting the user to supply a portion of a fingerprint for the certificate. The invention further includes an automatic content updating (ACU) client that downloads a user profile for the VPN, requests certificate enrollment, and updates the VPN client and other applications when new content is available. A security service manager (SSM) server includes, or is in communication with, a Web server, multiple databases, an enrollment gateway and an internal certification authority (CA). A VPN policy manager application creates and manages VPN profiles and/or policies and communicates with the SSM server. The SSM server, which may reside on an enterprise intranet, may further communicate with one or more external CAs.
-
Citations
37 Claims
-
1. A method comprising:
-
(a) initiating a connection via a publicly accessible network from a wireless device, wherein the wireless device includes an unprovisioned virtual private network (VPN) program and an unprovisioned automatic content updating (ACU) program, and the ACU program is configured, upon provisioning, to communicate with one or more remotely-located devices on behalf of at least one additional program that is distinct from the ACU and VPN programs; (b) prior to step (c), validating and storing a returned certificate corresponding to one of the one or more remotely-located devices so as to create a trust relationship with that remotely-located device, wherein said validating and storing includes requiring input of multiple characters from a user of the wireless devices, wherein the multiple characters are a portion of an identifier for the certificate corresponding to one of the one or more remotely-located devices; (c) receiving, in the wireless device and using the connection, information for provisioning the ACU program; (d) provisioning the ACU program based upon the information received in step (c); (e) receiving in the wireless device, via the publicly accessible network and using the provisioned ACU program, information for provisioning the VPN program; (f) provisioning the VPN program based upon the information received in step (e); and (g) creating a secure communication link using the provisioned VPN program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus comprising:
-
a transceiver configured to provide a wireless interface to a publicly accessible network; and a processor configured to perform steps that include (a) initiating a connection via the publicly accessible network, wherein the apparatus includes an unprovisioned virtual private network (VPN) program and an unprovisioned automatic content updating (ACU) program, and the ACU program is configured, upon provisioning, to communicate with one or more remotely-located devices on behalf of at least one additional program that is distinct from the ACU and VPN programs, (b) prior to step (c), validating and storing a returned certificate corresponding to one of the one or more remotely-located devices so as to create a trust relationship with that remotely-located device, wherein said validating and storing includes requiring input of multiple characters from a user of the wireless devices, wherein the multiple characters are a portion of an identifier for the certificate corresponding to one of the one or more remotely-located devices; (c) receiving, using the connection, information for provisioning the ACU program, (d) provisioning the ACU program based upon the information received in step (c), (e) receiving, via the publicly accessible network and using the provisioned ACU program, information for provisioning the VPN program, (f) provisioning the VPN program based upon the information received in step (e), and (g) creating a secure communication link using the provisioned VPN program. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification