Secured privileged access to an embedded client on a mobile device

US 8,782,412 B2
Filed: 08/30/2012
Issued: 07/15/2014
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining secured privileged access in a mobile device, the method comprising:

configuring the mobile device with an embedded stub having root privileges;

configuring a client and a plurality of tools on the mobile device;

attempting to make a connection with a server via the client;

detecting whether the client has a privilege to invoke at least one tool of the plurality of tools;

invoking the embedded stub to elevate an access level of the at least one tool to make a connection with the server;

receiving a stub connection request from the server; and

performing a mutual authentication between the embedded stub, the client and the server, further comprising;

sending a connection request from the client to the embedded stub;

sending a random session token from the stub to the client;

sending a NULL authentication vector from the client to indicate to the embedded stub that the client does not have the session key;

sending, by the embedded stub to the server via the client, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;

receiving, at the embedded stub via the client, a signature sent by server;

verifying, at the stub, the signature and sending via the client a key that is encrypted;

receiving at the client a response from the server on a condition that the server decrypted the key that was encrypted;

computing, at the client, a hash on a token with the key and requesting a session token from the embedded stub; and

sending, by the embedded stub, the session to the client and completing a mutual authentication process.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an apparatus and method to access privileges of Virtual Mobile Management (VMM) client in mobile device. A disclosed example method contains an assigning embedded stub to raise the access privilege of the tool on a mobile device, the embedded stub is integrated by an operating system of the mobile device with “root” privilege, determining via a secured key exchange algorithm that the VMM client and tools is authorized to be installed on the mobile device then, the VMM client and tools of a mobile device are authorized to access a network interface of the Communication Endpoint Gateway (CEG) server, configuring the embedded stub to install the key exchange procedure for the shared certification between the embedded stub, VMM client and the session mediation server, enabling the embedded stub to communicate through a secure link via VMM client.

50 Citations

View as Search Results

16 Claims

1. A method for obtaining secured privileged access in a mobile device, the method comprising:
- configuring the mobile device with an embedded stub having root privileges;
  
  configuring a client and a plurality of tools on the mobile device;
  
  attempting to make a connection with a server via the client;
  
  detecting whether the client has a privilege to invoke at least one tool of the plurality of tools;
  
  invoking the embedded stub to elevate an access level of the at least one tool to make a connection with the server;
  
  receiving a stub connection request from the server; and
  
  performing a mutual authentication between the embedded stub, the client and the server, further comprising;
  
  sending a connection request from the client to the embedded stub;
  
  sending a random session token from the stub to the client;
  
  sending a NULL authentication vector from the client to indicate to the embedded stub that the client does not have the session key;
  
  sending, by the embedded stub to the server via the client, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;
  
  receiving, at the embedded stub via the client, a signature sent by server;
  
  verifying, at the stub, the signature and sending via the client a key that is encrypted;
  
  receiving at the client a response from the server on a condition that the server decrypted the key that was encrypted;
  
  computing, at the client, a hash on a token with the key and requesting a session token from the embedded stub; and
  
  sending, by the embedded stub, the session to the client and completing a mutual authentication process.
- View Dependent Claims (2, 3, 4, 10, 11, 12)
- - 2. The method according to claim 1, wherein the client connects with the server using the embedded stub.
  - 3. The method according to claim 1, wherein the embedded stub communicates through a secure link via the client.
  - 4. The method of claim 1, wherein the stub supports a secure remote control authentication between the server and the client.
  - 10. The method according to claim 1, wherein the RD mobile application to connects with the server using the RD adapter.
  - 11. The method according to claim 1, wherein the RD adapter communicates through a secure link via the RD mobile application.
  - 12. The method of claim 1, wherein the RD adapter supports a secure remote control authentication between the server and the RD mobile application.

5. A mobile device, comprising:
- Memory for storing an embedded stub having root privileges;
  
  a client;
  
  a microprocessor;
  
  a plurality of tools;
  
  the client configured to attempt to make a connection with a server;
  
  the client configured to detect whether privileges exist to invoke at least one tool of the plurality of tools;
  
  the client configured to invoke the embedded stub to elevate an access level of the at least one tool to make a connection with the server;
  
  the client configured to receive a stub connection request from the server; and
  
  the client and embedded stub configured to perform a mutual authentication between the embedded stub, the client and the server, wherein;
  
  the client sends a connection request to the embedded stub;
  
  the embedded stub sends a random session token to the client;
  
  the client sends a NULL authentication vector to indicate to the embedded stub that the client does not have the session key;
  
  the embedded stub sends to the server via the client a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;
  
  the embedded stub receives via the client a signature sent by the server;
  
  the embedded stub verifies the signature and to send via the client a key that is encrypted;
  
  the client receives a response from the server on a condition that the server decrypted the key that was encrypted;
  
  the client computes a hash on a token with the key and requesting a session token from the embedded stub; and
  
  the embedded stub sends the session to the client and completing a mutual authentication process.
- View Dependent Claims (6, 7, 8)
- - 6. The mobile device according to claim 5, wherein the client connects with the server using the embedded stub.
  - 7. The mobile device according to claim 5, wherein the embedded stub is configured to communicate through a secure link via the client.
  - 8. The mobile device according to claim 5, wherein the embedded stub is configured to support a secure remote control authentication between the server and the client.

9. A method for obtaining secured privileged access in a mobile device, the method comprising:
- configuring the mobile device with a remote diagnostic (RD) adapter having root privileges;
  
  configuring a RD mobile application and a plurality of tools on the mobile device;
  
  attempting to make a connection with a server via the RD mobile application;
  
  detecting whether the RD mobile application has a privilege to invoke at least one tool of the plurality of tools;
  
  invoking the RD adapter to elevate an access level of the at least one tool to make a connection with the server;
  
  receiving a RD adapter connection request from the server; and
  
  performing a mutual authentication between the RD adapter, the RD mobile application and the server, further comprising;
  
  sending a connection request from the RD mobile application to the RD adapter;
  
  sending a random session token from the RD adapter to the RD mobile application;
  
  sending a NULL authentication vector from the RD mobile application to indicate to the RD adapter that the RD mobile application does not have the session key;
  
  sending, by the RD adapter to the server via the RD mobile application, a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;
  
  receiving, at the RD adapter via the RD mobile application, a signature sent by server;
  
  verifying, at the RD adapter, the signature and sending via the RD mobile application a key that is encrypted;
  
  receiving at the RD mobile application a response from the server on a condition that the server decrypted the key that was encrypted;
  
  computing, at the RD mobile application, a hash on a token with the key and requesting a session token from the RD adapter; and
  
  sending, by the RD adapter, the session to the RD mobile application and completing a mutual authentication process.

13. A system, comprising:
- a device including a client and a plurality of tools;
  
  an embedded stub having elevated privileges;
  
  the client configured to attempt to make a connection with a server;
  
  the client configured to detect whether privileges exist to invoke at least one tool of the plurality of tools;
  
  the client configured to invoke the embedded stub to elevate an access level of the at least one tool to make a connection with the server;
  
  the client configured to receive a stub connection request from the server; and
  
  the client and embedded stub configured to perform a mutual authentication between the embedded stub, the client and the server, wherein;
  
  the client sends a connection request to the embedded stub;
  
  the embedded stub sends a random session token to the client;
  
  the client sends a NULL authentication vector to indicate to the embedded stub that the client does not have the session key;
  
  the embedded stub sends to the server via the client a challenge request with encrypted random number and cryptographic algorithm that was used to encrypt the random number;
  
  the embedded stub receives via the client a signature sent by the server;
  
  the embedded stub verifies the signature and to send via the client a key that is encrypted;
  
  the client receives a response from the server on a condition that the server decrypted the key that was encrypted;
  
  the client computes a hash on a token with the key and requesting a session token from the embedded stub; and
  
  the embedded stub sends the session to the client and completing a mutual authentication process.
- View Dependent Claims (14, 15, 16)
- - 14. The system according to claim 13, wherein client connects with the server using the embedded stub.
  - 15. The system according to claim 13, wherein the embedded stub is configured to communicate through a secure link via the client.
  - 16. The system according to claim 13, wherein the embedded stub is configured to support a secure remote control authentication between the server and the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
Astherpal Incorporated
Inventors
Charles, Calvin, Gonsalves, Deepak, Parmar, Ramesh, Oh, Byung Joon, Ayyalasomayajula, Subramanyam
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
OLION, BRIAN L

Application Number

US13/599,749
Publication Number

US 20130054969A1
Time in Patent Office

684 Days
Field of Search

713/168, 713/169
US Class Current

713/168
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 63/0869   for achieving mutual authen...

H04L 9/0822   using key encryption key

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

Secured privileged access to an embedded client on a mobile device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Secured privileged access to an embedded client on a mobile device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others