User, device, and app authentication implemented between a client device and VPN gateway
First Claim
1. A method of communicating through a virtual private network (VPN) tunnel between a first app on a device and a VPN gateway, the method comprising:
- connecting to a gateway component having a database with nodes for user, device, and apps providing triple-layer security for app usage;
authorizing the first app by having the first app present a certificate stored on the device;
transmitting challenge parameters from the VPN gateway to the device;
transmitting mobile device parameters including user credentials, device metadata, and first app identification, to the VPN gateway component, thereby authenticating the first app with the VPN gateway;
transmitting an internally unique internet protocol (IP) address from the VPN gateway to the first app;
transmitting an app federation cookie from the VPN gateway to the first app after determining that the first app is in a federation of wrapped apps on the device;
sharing the app federation cookie with a second app in the federation of wrapped apps;
assigning the second app the same internally unique IP address;
receiving, at the VPN gateway, a data transmission from the first app; and
transmitting a first range of ports to the first app, wherein the first asp uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app having the same internally unique IP address as the first app.
3 Assignments
0 Petitions
Accused Products
Abstract
An application executing on a device is authenticated by an enterprise gateway components. This authentication is done in addition to authenticating the device and user. This includes authenticating apps that are being used on the device. The enterprise, by virtue of the gateway component, can authenticate details about specific app usage. The enterprise gateway component establishes a dedicated link coupling the gateway device and a specific executing app. Prior to this app-specific link being established, the gateway device collects information and stores it in a database, including information about the user, device, and the specific application. Authentication is performed at each level.
24 Citations
6 Claims
-
1. A method of communicating through a virtual private network (VPN) tunnel between a first app on a device and a VPN gateway, the method comprising:
-
connecting to a gateway component having a database with nodes for user, device, and apps providing triple-layer security for app usage; authorizing the first app by having the first app present a certificate stored on the device; transmitting challenge parameters from the VPN gateway to the device; transmitting mobile device parameters including user credentials, device metadata, and first app identification, to the VPN gateway component, thereby authenticating the first app with the VPN gateway; transmitting an internally unique internet protocol (IP) address from the VPN gateway to the first app; transmitting an app federation cookie from the VPN gateway to the first app after determining that the first app is in a federation of wrapped apps on the device; sharing the app federation cookie with a second app in the federation of wrapped apps; assigning the second app the same internally unique IP address; receiving, at the VPN gateway, a data transmission from the first app; and transmitting a first range of ports to the first app, wherein the first asp uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app having the same internally unique IP address as the first app. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification