Secured privileged access to an embedded client on a mobile device
First Claim
1. A method for obtaining secured privileged access in a mobile device, the method comprising:
- configuring the mobile device with an embedded stub having root privileges;
configuring a client and a plurality of tools on the mobile device;
attempting to make a connection with a server via the client;
detecting whether the client has a privilege to invoke at least one tool of the plurality of tools;
invoking the embedded stub to elevate an access level of the at least one tool to make a connection with the server;
receiving a stub connection request from the server; and
performing a mutual authentication between the embedded stub, the client and the server, further comprising;
sending a connection request from the client to the embedded stub;
sending a random session token from the stub to the client;
sending a NULL authentication vector from the client to indicate to the embedded stub that the client does not have the session key;
sending, by the embedded stub to the server via the client, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;
receiving, at the embedded stub via the client, a signature sent by server;
verifying, at the stub, the signature and sending via the client a key that is encrypted;
receiving at the client a response from the server on a condition that the server decrypted the key that was encrypted;
computing, at the client, a hash on a token with the key and requesting a session token from the embedded stub; and
sending, by the embedded stub, the session to the client and completing a mutual authentication process.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an apparatus and method to access privileges of Virtual Mobile Management (VMM) client in mobile device. A disclosed example method contains an assigning embedded stub to raise the access privilege of the tool on a mobile device, the embedded stub is integrated by an operating system of the mobile device with “root” privilege, determining via a secured key exchange algorithm that the VMM client and tools is authorized to be installed on the mobile device then, the VMM client and tools of a mobile device are authorized to access a network interface of the Communication Endpoint Gateway (CEG) server, configuring the embedded stub to install the key exchange procedure for the shared certification between the embedded stub, VMM client and the session mediation server, enabling the embedded stub to communicate through a secure link via VMM client.
50 Citations
16 Claims
-
1. A method for obtaining secured privileged access in a mobile device, the method comprising:
-
configuring the mobile device with an embedded stub having root privileges; configuring a client and a plurality of tools on the mobile device; attempting to make a connection with a server via the client; detecting whether the client has a privilege to invoke at least one tool of the plurality of tools; invoking the embedded stub to elevate an access level of the at least one tool to make a connection with the server; receiving a stub connection request from the server; and performing a mutual authentication between the embedded stub, the client and the server, further comprising; sending a connection request from the client to the embedded stub; sending a random session token from the stub to the client; sending a NULL authentication vector from the client to indicate to the embedded stub that the client does not have the session key; sending, by the embedded stub to the server via the client, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number; receiving, at the embedded stub via the client, a signature sent by server; verifying, at the stub, the signature and sending via the client a key that is encrypted; receiving at the client a response from the server on a condition that the server decrypted the key that was encrypted; computing, at the client, a hash on a token with the key and requesting a session token from the embedded stub; and sending, by the embedded stub, the session to the client and completing a mutual authentication process. - View Dependent Claims (2, 3, 4, 10, 11, 12)
-
-
5. A mobile device, comprising:
-
Memory for storing an embedded stub having root privileges; a client; a microprocessor; a plurality of tools; the client configured to attempt to make a connection with a server; the client configured to detect whether privileges exist to invoke at least one tool of the plurality of tools; the client configured to invoke the embedded stub to elevate an access level of the at least one tool to make a connection with the server; the client configured to receive a stub connection request from the server; and the client and embedded stub configured to perform a mutual authentication between the embedded stub, the client and the server, wherein; the client sends a connection request to the embedded stub; the embedded stub sends a random session token to the client; the client sends a NULL authentication vector to indicate to the embedded stub that the client does not have the session key; the embedded stub sends to the server via the client a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number; the embedded stub receives via the client a signature sent by the server; the embedded stub verifies the signature and to send via the client a key that is encrypted; the client receives a response from the server on a condition that the server decrypted the key that was encrypted; the client computes a hash on a token with the key and requesting a session token from the embedded stub; and the embedded stub sends the session to the client and completing a mutual authentication process. - View Dependent Claims (6, 7, 8)
-
-
9. A method for obtaining secured privileged access in a mobile device, the method comprising:
-
configuring the mobile device with a remote diagnostic (RD) adapter having root privileges; configuring a RD mobile application and a plurality of tools on the mobile device; attempting to make a connection with a server via the RD mobile application; detecting whether the RD mobile application has a privilege to invoke at least one tool of the plurality of tools; invoking the RD adapter to elevate an access level of the at least one tool to make a connection with the server; receiving a RD adapter connection request from the server; and performing a mutual authentication between the RD adapter, the RD mobile application and the server, further comprising; sending a connection request from the RD mobile application to the RD adapter; sending a random session token from the RD adapter to the RD mobile application; sending a NULL authentication vector from the RD mobile application to indicate to the RD adapter that the RD mobile application does not have the session key; sending, by the RD adapter to the server via the RD mobile application, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number; receiving, at the RD adapter via the RD mobile application, a signature sent by server; verifying, at the RD adapter, the signature and sending via the RD mobile application a key that is encrypted; receiving at the RD mobile application a response from the server on a condition that the server decrypted the key that was encrypted; computing, at the RD mobile application, a hash on a token with the key and requesting a session token from the RD adapter; and sending, by the RD adapter, the session to the RD mobile application and completing a mutual authentication process.
-
-
13. A system, comprising:
-
a device including a client and a plurality of tools; an embedded stub having elevated privileges; the client configured to attempt to make a connection with a server; the client configured to detect whether privileges exist to invoke at least one tool of the plurality of tools; the client configured to invoke the embedded stub to elevate an access level of the at least one tool to make a connection with the server; the client configured to receive a stub connection request from the server; and the client and embedded stub configured to perform a mutual authentication between the embedded stub, the client and the server, wherein; the client sends a connection request to the embedded stub; the embedded stub sends a random session token to the client; the client sends a NULL authentication vector to indicate to the embedded stub that the client does not have the session key; the embedded stub sends to the server via the client a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number; the embedded stub receives via the client a signature sent by the server; the embedded stub verifies the signature and to send via the client a key that is encrypted; the client receives a response from the server on a condition that the server decrypted the key that was encrypted; the client computes a hash on a token with the key and requesting a session token from the embedded stub; and the embedded stub sends the session to the client and completing a mutual authentication process. - View Dependent Claims (14, 15, 16)
-
Specification