Secure mobile app connection bus

US 9,059,974 B2
Filed: 12/20/2013
Issued: 06/16/2015
Est. Priority Date: 12/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method of secure communication between mobile applications, comprising:

providing, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application;

retrieving by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information;

validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and

transferring data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

26 Citations

View as Search Results

25 Claims

1. A method of secure communication between mobile applications, comprising:
- providing, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application;
  
  retrieving by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information;
  
  validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transferring data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 24, 25)
- - 2. The method of claim 1, wherein providing comprises providing information to a location from which the second mobile application is configured to retrieve information.
  - 3. The method of claim 1, further comprising querying an operating system associated with the mobile device to identify the URL scheme associated with the second mobile application.
  - 4. The method of claim 1, wherein:
    - the first encryption information includes a first public key associated with the first mobile application; and
      
      the second encryption information includes at least one credential associated with the second mobile application, a second public key associated with the second mobile application and an encrypted payload including the first public key.
  - 5. The method of claim 1, wherein one or more of the first mobile application and second mobile application are associated with a library configured to:
    - retrieve information from the data storage location; and
      
      provide information to the data storage location.
  - 6. The method of claim 5, wherein the library is further configured to perform one or more of the following steps:
    - applying one or more configuration changes in an application;
      
      enforcing one or more policies within the application; and
      
      executing one or more actions associated with the application.
  - 7. The method of claim 1, wherein the data comprises one or more of keychain data, a data file, and pasteboard data.
  - 8. The method of claim 1, wherein the data storage location comprises one or more of a pasteboard, a shared keychain, and a storage location associated with a framework native to the device.
  - 9. The method of claim 1, wherein transferring data comprises transferring one or more application policies from the first mobile application to the second mobile application.
  - 10. The method of claim 9, wherein the application policies include one or more of device hardware, storage access, personal information manager (PIM), and system service policies.
  - 11. The method of claim 1, wherein transferring the data comprises:
    - encrypting the data using the encryption key; and
      
      transferring the encrypted data to the data storage location, wherein one or more of the first mobile application and the second mobile application are configured to retrieve the encrypted data from the data storage location.
  - 12. The method of claim 1, wherein transferring data comprises:
    - receiving a payload at the first mobile application from a security management platform; and
      
      providing the payload securely to the second mobile application via the data storage location, wherein the second mobile application is configured to retrieve the payload from the secure data location.
  - 13. The method of claim 12, wherein:
    - the payload comprises an encrypted payload generated at the security management platform; and
      
      the first encryption information includes encryption information associated with the security management platform.
  - 14. The method of claim 12, further comprising:
    - configuring the second mobile application to transfer data securely between the second mobile application and at least one enterprise backend server, wherein the second mobile application is configured based at least in part on one or more of application configurations and application policies included in the payload.
  - 15. The method of claim 14, wherein the data transferred securely between the second mobile application and the enterprise backend server is validated based at least in part on a certificate.
  - 16. The method of claim 14, wherein the data transferred securely between the second mobile application and the enterprise backend server is managed by one or more of the security management platform and a security enforcement node.
  - 17. The method of claim 12, further comprising:
    - retrieving the payload at the second mobile application, wherein the payload includes one or more of device information, enterprise information, and installed application information; and
      
      executing, by the second mobile application, one or more actions based at least in part on the payload.
  - 18. The method of claim 12, further comprising:
    - retrieving the payload at the second mobile application, wherein the payload includes one or more application firewall settings; and
      
      executing, by the second mobile application, one or more actions based at least in part on the application firewall settings.
  - 19. The method of claim 12, further comprising:
    - retrieving the payload at the second mobile application, wherein the payload includes one or more commands; and
      
      executing, by the second mobile application, one or more actions based at least in part on the commands.
  - 20. The method of claim 1, further comprising:
    - generating, by the first mobile application, the data storage location on the mobile device.
  - 21. The method of claim 1, wherein:
    - the first mobile application includes a mobile device management agent; and
      
      the second mobile application includes a managed mobile application, wherein the second mobile application is managed by the first mobile application.
  - 24. The method of claim 1, wherein validating the identity of the second mobile application comprises:
    - providing the application identifier to a security management platform;
      
      receiving an indication that the second mobile application is valid.
  - 25. The method of claim 1, wherein validating the identity of the second mobile application comprises:
    - determining, based at least in part on the comparison, that the application identifier matches a stored application identifier; and
      
      validating the second mobile application based at least in part on the determined match.

22. A system for secure communication between mobile applications, comprising:
- a processor; and
  
  a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to;
  
  provide, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application;
  
  retrieve by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information;
  
  validate an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transfer data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.

23. A computer program product for secure communication between mobile applications, the computer program product being embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for:
- providing, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application;
  
  retrieving by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information;
  
  validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transferring data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Kim, Mansu, Sirota, Joshua, Batchu, Suresh Kumar
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US14/137,745
Publication Number

US 20140181518A1
Time in Patent Office

543 Days
Field of Search

380/282, 726/1, 726/26
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6281   at program execution time, ...

G06F 9/54   Interprogram communication

H04L 63/0428   wherein the data content is...

H04L 9/08   Key distribution or managem...

H04W 12/041   Key generation or derivation

H04W 12/30   Security of mobile devices;...

Secure mobile app connection bus

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile app connection bus

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links