Establishing connectivity between an enterprise security perimeter of a device and an enterprise

US 9,015,809 B2
Filed: 07/31/2012
Issued: 04/21/2015
Est. Priority Date: 02/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a communications channel between a computing device and a mobile communications device, wherein the mobile communications device has established a connection to a private network;

establishing one or more communications sessions over the communications channel, including at least a first communications session associated with a proxy of the mobile communications device, the proxy to facilitate communication with the private network;

temporarily providing a limited access privilege allowing access to a first security perimeter on the computing device to only allow the computing device to send a request attempting to establish a connection with a service at the private network via the first communications session, the request to test if the private network to which the mobile communications device has established the connection includes the service indicating that the private network is associated with the first security perimeter; and

selectively providing an access privilege to the first security perimeter of the computing device, the access privilege allowing applications of the first security perimeter to utilize the first communications session for further communications with the private network, wherein the access privilege is provided when the attempted connection with the service at the private network was established via the first communications session and private network is associated with the first security perimeter.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Citations

18 Claims

1. A method comprising:
- establishing a communications channel between a computing device and a mobile communications device, wherein the mobile communications device has established a connection to a private network;
  
  establishing one or more communications sessions over the communications channel, including at least a first communications session associated with a proxy of the mobile communications device, the proxy to facilitate communication with the private network;
  
  temporarily providing a limited access privilege allowing access to a first security perimeter on the computing device to only allow the computing device to send a request attempting to establish a connection with a service at the private network via the first communications session, the request to test if the private network to which the mobile communications device has established the connection includes the service indicating that the private network is associated with the first security perimeter; and
  
  selectively providing an access privilege to the first security perimeter of the computing device, the access privilege allowing applications of the first security perimeter to utilize the first communications session for further communications with the private network, wherein the access privilege is provided when the attempted connection with the service at the private network was established via the first communications session and private network is associated with the first security perimeter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the communications channel comprises a tethered communications channel.
  - 3. The method of claim 1, wherein the providing the limited access privilege includes enabling a virtual communications port associated with an enterprise perimeter.
  - 4. The method of claim 1, wherein the attempted connection is attempted by an enterprise management application in the first security perimeter, the enterprise management application attempting the connection via the first communications session using the limited access privilege, the method further comprising, when the attempted connection is established with the service at private network via the limited access privilege of the first communications session, the access privilege to the first communications session is enabled for other applications in the first security perimeter.
  - 5. The method of claim 1, wherein the application at the private network comprises an enterprise management application.
  - 6. The method of claim 1, wherein attempting communication with the private network comprises use of the proxy at the mobile communications device.
  - 7. The method of claim 1, wherein attempting communication with the private network comprises requesting the application to attempt communication with the private network and wherein the application is in the first security perimeter.
  - 8. The method of claim 1, wherein the service at the private network comprises an enterprise management administrative service.
  - 9. The method of claim 1, further comprising, when the attempted connection with the service at the private network is not established, the first communications session is disabled.
  - 10. The method of claim 9, further comprising:
    - establishing a second communications session over the communications channel, the second communications session not associated with the private network proxy.
  - 15. The method of claim 1, wherein the first security perimeter is associated with an authorized private network, the method further comprising:
    - when the connection with the service is not established and the private network is a second private network different from the authorized private network, restricting access to the first security perimeter while providing access to a second security perimeter of the computing device.
  - 16. The method of claim 1, wherein the first security perimeter defines security policies to create a logical separation of resources and wherein first resources in the first security perimeter are allowed to access the private network and second resources in a second security perimeter are not allowed to access the private network.
  - 17. The method of claim 1, wherein the providing is further based on determining if the first security perimeter matches a security perimeter of the mobile communications device.
  - 18. The method according to claim 15, wherein the second security perimeter is established in response to determining that the private network is the second private network different from the authorized private network.

11. A device comprising:
- a hardware processor configured to;
  
  establish a communications channel between the device and a mobile communications device, wherein the mobile communications device has established a connection to a private network;
  
  manage at least one security perimeter established on the device, the security perimeter having associated applications and security policies;
  
  temporarily provide a limited access privilege allowing access to the security perimeter on the device to only allow an enterprise management application on the device to send a request attempting to establish a connection with a service at the private network via a first communication session over the communication channel, the request to test if the private network to which the mobile communications device has established the connection includes the service indicating that the private network is associated with the first security perimeter; and
  
  establish a communications socket in the security perimeter, the communications socket associated with the first communications session over the communications channel with the mobile communications device, wherein the hardware processor is configured to selectively enable or disable the communications socket in the security perimeter based upon whether the enterprise management application is able to establish the connection to the service at private network.
- View Dependent Claims (12, 13, 14)
- - 12. The device of claim 11, wherein the first communications session is established to an enterprise proxy on the mobile communications device.
  - 13. The device of claim 11, wherein the communications channel is established via a wireless communications interface.
  - 14. The device of claim 11, wherein the device is a tablet computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Stephen, Little, Herbert Anthony, Russell, Graham, Tapuska, David Francis
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BROWN, DE'MARIS R

Application Number

US13/563,447
Publication Number

US 20130219471A1
Time in Patent Office

994 Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0272   Virtual private networks

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 12/37   Managing security policies ...

Establishing connectivity between an enterprise security perimeter of a device and an enterprise

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing connectivity between an enterprise security perimeter of a device and an enterprise

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links