Server, computer memory, and method to support security policy maintenance and distribution

US 7,665,118 B2
Filed: 09/23/2002
Issued: 02/16/2010
Est. Priority Date: 09/23/2002
Status: Active Grant

First Claim

Patent Images

1. A method of selectively providing a mobile computing device with access to a software application on a server, the method comprising:

generating at the server a mobile security policy for a user from data received from a LDAP directory communicably coupled to the server;

transmitting the mobile security policy and key materials from the server to a gatekeeper device;

receiving at the gatekeeper device a request to access the software application from the mobile computing device;

determining at the gatekeeper device whether to grant access to the software application by checking whether the mobile computing device has an installed security program;

automatically initiating by the gatekeeper device installation of the security program onto the mobile computer device if the mobile computer device does not have the installed security program;

authenticating at the gatekeeper device the user;

transmitting the mobile security policy from the gatekeeper device to the mobile device; and

enforcing on the mobile device a rule encoded in the mobile security policy.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a particular embodiment, a server module deployed on a server is disclosed. The server module is connected to a wireless network access node. The server module includes a database containing user information for multiple wireless devices. Each element in the database is attributable to at least one authorized wireless device and contains at least one type of data file from the following group: (i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information.

171 Citations

8 Claims

1. A method of selectively providing a mobile computing device with access to a software application on a server, the method comprising:
- generating at the server a mobile security policy for a user from data received from a LDAP directory communicably coupled to the server;
  
  transmitting the mobile security policy and key materials from the server to a gatekeeper device;
  
  receiving at the gatekeeper device a request to access the software application from the mobile computing device;
  
  determining at the gatekeeper device whether to grant access to the software application by checking whether the mobile computing device has an installed security program;
  
  automatically initiating by the gatekeeper device installation of the security program onto the mobile computer device if the mobile computer device does not have the installed security program;
  
  authenticating at the gatekeeper device the user;
  
  transmitting the mobile security policy from the gatekeeper device to the mobile device; and
  
  enforcing on the mobile device a rule encoded in the mobile security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the step of determining further includes checking at the server whether the mobile computing device is within a set of devices allowed to access the software application.
  - 3. The method of claim 2, further comprising determining that the mobile computer device has an installed security program and is within the set of devices allowed access to the software application and providing the mobile computing device with access to the software application.
  - 4. The method of claim 1, wherein the security program is a shield software module.
  - 5. The method of claim 1, wherein the key materials are encrypted with a root key at the server, and automatically initiating installation of the security program comprises:
    - requesting by the gatekeeper a one-time password from the server;
      
      receiving from the server the one-time password at the mobile computing device; and
      
      using at the mobile device the one-time password to decrypt the root key.
  - 6. The method of claim 5, further comprising completing the installation of the security program at the mobile computing device and receiving a user personal identification number and a new password from the mobile computing device.
  - 7. The method of claim 6, further comprising receiving a user phrase from the mobile computing device.
  - 8. The method of claim 7, further comprising encrypting the root key using each of the new password, the personal identification number, and the user phrase at the mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Marketing LP (Dell Technologies Inc.)
Original Assignee
Credant Technologies Incorported (Dell Technologies Inc.)
Inventors
Mann, Dwayne R., Burchett, Christopher D., Gordon, Ian R., Heard, Robert W.
Primary Examiner(s)
Revak; Christopher A
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/252,212
Publication Number

US 20060147043A1
Time in Patent Office

2,703 Days
Field of Search

726/1, 709/220, 717/168, 717/174, 380/270, 713/193, 705/54
US Class Current

726/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04L 9/3066   involving algebraic varieti...

H04L 9/3226   using a predetermined code,...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 12/086   using security domains

H04W 8/18 : Processing of user or subsc...

View All

Server, computer memory, and method to support security policy maintenance and distribution

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

171 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Server, computer memory, and method to support security policy maintenance and distribution

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links