Secure configuration of mobile application
First Claim
Patent Images
1. A computer-implemented method of configuring an application program of a mobile computing device, the method comprising:
- establishing a secure network connection between the mobile computing device and a server computer system;
authenticating a user of the mobile computing device against the server computer system via the secure network connection;
receiving, at the server computer system, a configuration request via the secure network connection from the mobile computing device, the configuration request indicative of a user'"'"'s request for configuring the application program; and
in response to receiving the configuration request;
generating a challenge code;
sending the challenge code via the secure network connection to the mobile computing device;
encrypting configuration data using a symmetric key, wherein the symmetric key is the challenge code or the symmetric key is derived from the challenge code;
sending the configuration data in encrypted form via the secured network connection to the mobile computing device; and
sending a verification value from the server computer system to the mobile computing device either via an additional communication channel that is different from the secure network connection or as a separate communication over the same secure network connection, wherein the verification value is a hash-based message authentication code (HMAC) produced by applying a secure hash function to a combination of the configuration data with the challenge code,whereby the mobile computing device, in response to receiving the configuration data and the verification value, invokes a configuration program module to;
prompt the user to enter a challenge code via a user interface;
decrypt the configuration data in encrypted form upon entry of the challenge code via an input component of the mobile computing device;
verify the configuration data using the challenge code entered by the user and the verification value received via the additional communication channel; and
configure the application program using the configuration data in response to verification of the configuration data.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user'"'"'s mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.
-
Citations
18 Claims
-
1. A computer-implemented method of configuring an application program of a mobile computing device, the method comprising:
-
establishing a secure network connection between the mobile computing device and a server computer system; authenticating a user of the mobile computing device against the server computer system via the secure network connection; receiving, at the server computer system, a configuration request via the secure network connection from the mobile computing device, the configuration request indicative of a user'"'"'s request for configuring the application program; and in response to receiving the configuration request; generating a challenge code; sending the challenge code via the secure network connection to the mobile computing device; encrypting configuration data using a symmetric key, wherein the symmetric key is the challenge code or the symmetric key is derived from the challenge code; sending the configuration data in encrypted form via the secured network connection to the mobile computing device; and sending a verification value from the server computer system to the mobile computing device either via an additional communication channel that is different from the secure network connection or as a separate communication over the same secure network connection, wherein the verification value is a hash-based message authentication code (HMAC) produced by applying a secure hash function to a combination of the configuration data with the challenge code, whereby the mobile computing device, in response to receiving the configuration data and the verification value, invokes a configuration program module to; prompt the user to enter a challenge code via a user interface; decrypt the configuration data in encrypted form upon entry of the challenge code via an input component of the mobile computing device; verify the configuration data using the challenge code entered by the user and the verification value received via the additional communication channel; and configure the application program using the configuration data in response to verification of the configuration data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A server computer system comprising:
-
a computer processor; a memory; and a data store having stored therein computer executable program code, which when executed by the computer processor, causes the computer processor to; establish a secure network connection between a mobile computing device and the server computer system; authenticate a user of the mobile computing device against the server computer system via the secure network connection; receive, at the server computer system, a configuration request via the secure network connection from the mobile computing device, the configuration request indicative of a user'"'"'s request for configuring the application program; and in response to receiving the configuration request; generate a challenge code by the server computer system; send the challenge code via the secure network connection to the mobile computing device; encrypt configuration data using a symmetric key, wherein the symmetric key is the challenge code or the symmetric key is derived from the challenge code; send the configuration data in encrypted form via the secured network connection to the mobile computing device; and send a verification value to the mobile computing device via an additional communication channel that is different from the secure network connection, or as a separate communication over the same secure network connection, wherein the verification value is a hash-based message authentication code (HMAC) produced by applying a secure hash function to a combination of the configuration data with the challenge code, whereby the mobile computing device, in response to receiving the configuration data and the verification value, invokes a configuration program module to; prompt the user to enter a challenge code via a user interface; decrypt the configuration data in encrypted form upon entry of the challenge code via an input component of the mobile computing device; verify the configuration data using the challenge code entered by the user and the verification value received via the additional communication channel; and configure the application program using the configuration data in response to verification of the configuration data. - View Dependent Claims (13, 14, 15)
-
-
16. A non-transitory computer readable storage medium having stored thereon computer executable code, which when executed by a computer causes the computer to:
-
establish a secure network connection between a mobile computing device and a server computer system; authenticate a user of the mobile computing device against the server computer system via the secure network connection; receive, at the server computer system, a configuration request via the secure network connection from the mobile computing device, the configuration request indicative of a user'"'"'s request for configuring the application program; and in response to receiving the configuration request; generate a challenge code by the server computer system; send the challenge code via the secure network connection to the mobile computing device; encrypting configuration data using a symmetric key, wherein the symmetric key is the challenge code or the symmetric key is derived from the challenge code; sending the configuration data in encrypted form via the secured network connection to the mobile computing device; and send a verification value to the mobile computing device via an additional communication channel that is different from the secure network connection, or as a separate communication over the same secure network connection, wherein the verification value is a hash-based message authentication code (HMAC) produced by applying a secure hash function to a combination of the configuration data with the challenge code, whereby the mobile computing device, in response to receiving the configuration data and the verification value, invokes a configuration program module to; prompt the user to enter a challenge code via a user interface; decrypt the configuration data in encrypted form upon entry of the challenge code via an input component of the mobile computing device; verify the configuration data using the challenge code entered by the user and the verification value received via the additional communication channel; and configure the application program using the configuration data in response to verification of the configuration data. - View Dependent Claims (17, 18)
-
Specification