Security policy enforcement for mobile devices connecting to a virtual private network gateway

US 8,479,279 B2
Filed: 08/23/2011
Issued: 07/02/2013
Est. Priority Date: 08/23/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

connecting a mobile device to a computer wherein said computer system has an active VPN tunnel with a VPN gateway;

running, by said computer system, a security policy check on said mobile device;

determining whether said mobile device passed said security policy check and when said mobile device does pass said security policy check, issuing a certificate to said mobile device; and

using said certificate by said mobile device when said mobile device connects to a Virtual Private Network (VPN);

wherein said connecting a mobile device to said computer system comprises docking said mobile device to said computer system such that said running said security check is done without taxing resources of said mobile device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and computer program product for providing secure policy enforcement for mobile devices is presented. A mobile device is connected to a computer system, the computer system having an active Virtual Private Network (VPN) tunnel with a VPN gateway. The computer system runs a security policy check on the mobile device. A determination is made whether the mobile device passed the security policy check and when the mobile device does pass the security policy check, a certificate is issued to the mobile device. The mobile device then uses the certificate to connect to a VPN.

Citations

17 Claims

1. A computer-implemented method comprising:
- connecting a mobile device to a computer wherein said computer system has an active VPN tunnel with a VPN gateway;
  
  running, by said computer system, a security policy check on said mobile device;
  
  determining whether said mobile device passed said security policy check and when said mobile device does pass said security policy check, issuing a certificate to said mobile device; and
  
  using said certificate by said mobile device when said mobile device connects to a Virtual Private Network (VPN);
  
  wherein said connecting a mobile device to said computer system comprises docking said mobile device to said computer system such that said running said security check is done without taxing resources of said mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising validating said certificate by a VPN gateway.
  - 3. The method of claim 2 wherein said validating is based on contents of said certificate and on policies of said VPN gateway.
  - 4. The method of claim 2 further comprising utilizing said VPN by said mobile device.
  - 5. The method of claim 1 wherein said running a security policy check uses battery power, memory, processing power and disk space of said computer system.
  - 6. The method of claim 1 wherein said certificate includes encrypted information of a user'"'"'s account.
  - 7. The method of claim 1 wherein said running a security policy check is done by a policy checking agent installed on said computer system.

8. A non-transitory computer readable storage medium having computer readable code thereon for providing security policy enforcement for a mobile device, the medium including instructions in which a computer system performs operations comprising:
- connecting a mobile device to said computer system wherein said computer system has an active VPN tunnel with a VPN gateway;
  
  running, by said computer system, a security policy check on said mobile device;
  
  determining whether said mobile device passed said security policy check and when said mobile device does pass said security policy check, issuing a certificate to said mobile device; and
  
  wherein said certificate is used by said mobile device when said mobile device connects to a Virtual Private Network (VPN);
  
  wherein said connecting a mobile device to said computer system comprises docking said mobile device to said computer system such that said running said security check is done without taxing resources of said mobile device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable storage medium of claim 8 further comprising validating said certificate by a VPN gateway.
  - 10. The computer readable storage medium of claim 9 wherein said validating is based on contents of said certificate and on policies of said VPN gateway.
  - 11. The computer readable storage medium of claim 9 further comprising utilizing said VPN by said mobile device.
  - 12. The computer readable storage medium of claim 8 wherein said running a security policy check uses battery power, memory, processing power and disk space of said computer system.
  - 13. The computer readable storage medium of claim 8 wherein said certificate includes encrypted information of a user'"'"'s account.
  - 14. The computer readable storage medium of claim 8 wherein said running a security policy check is done by a policy checking agent installed on said computer system.

15. A computer system comprising:
- a memory;
  
  a processor;
  
  a communications interface;
  
  an interconnection mechanism coupling the memory, the processor and the communications interface; and
  
  wherein the memory is encoded with an application providing secure policy enforcement for mobile devices, that when performed on the processor, provides a process for processing information, the process causing the computer system to perform the operations of;
  
  connecting to a mobile device;
  
  running, by said computer system, a security policy check on said mobile device, wherein said computer system has an active VPN tunnel with a VPN gateway;
  
  determining whether said mobile device passed said security policy check and when said mobile device does pass said security policy check, issuing a certificate to said mobile device; and
  
  wherein said mobile device uses said certificate when said mobile device connects to a Virtual Private Network (VPN);
  
  wherein said connecting a mobile device to said computer system comprises docking said mobile device to said computer system such that said running said security check is done without taxing resources of said mobile device.
- View Dependent Claims (16, 17)
- - 16. The computer system of claim 15 wherein said validating is based on contents of said certificate and on policies of said VPN gateway.
  - 17. The computer system of claim 15 wherein said certificate includes encrypted information of a user'"'"'s account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Avaya Incorporated
Inventors
Li, Hao, Han, Seung Bong
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/215,290
Publication Number

US 20130055336A1
Time in Patent Office

679 Days
Field of Search

None
US Class Current

726/15
CPC Class Codes

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Security policy enforcement for mobile devices connecting to a virtual private network gateway

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Security policy enforcement for mobile devices connecting to a virtual private network gateway

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links