Secure electronic device application connection to an application server

US 9,432,336 B2
Filed: 02/13/2013
Issued: 08/30/2016
Est. Priority Date: 02/13/2013
Status: Active Grant

First Claim

Patent Images

1. A server configured to be located on an enterprise network behind one or more firewalls comprising:

a non-transitory memory;

a processor communicatively coupled to the non-transitory memory;

the processor configured to execute instructions to;

receive, from an administrator within the enterprise network, authentication information associated with a mobile device located outside of the enterprise network, the authentication information being sent by the administrator on behalf of a user of the mobile device in response to a request from the server to the mobile device, wherein the request is associated with a desired amount of security between the server and mobile device;

establish a secure tunnel between the server and mobile device through at least one firewall in response to verification of the received authentication information, the secure tunnel providing the mobile device direct access to a single application associated with the server and preventing the mobile device from accessing data on the enterprise network not associated with the single application, wherein establishing the secure tunnel comprises selecting the secure tunnel, from a plurality of secure tunnels that satisfy the desired amount of security, based on connection speeds of the plurality of secure tunnels, and wherein establishing the secure tunnel between the server and mobile device does not require the user of the mobile device to input the authentication information and login credentials; and

provide, to the mobile device via the established secure tunnel, in response to a request from the mobile device, data associated with the single application associated with the server, wherein the data associated with the single application is encrypted based on the desired amount of security and the request from the mobile device includes login credentials of the user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure presents a system, method and apparatus for creating a secure tunnel between a mobile device and a server. The server can be configured to receive authentication information from the mobile device. The server can be further configured to establish a secure tunnel between the server and mobile device through at least one firewall in response to verification of the authentication information, the secure tunnel allowing the mobile device direct access to at least one application associated with the server. Additionally, the server can be configured to provide, to the mobile device, data associated with the at least one application.

32 Citations

View as Search Results

21 Claims

1. A server configured to be located on an enterprise network behind one or more firewalls comprising:
- a non-transitory memory;
  
  a processor communicatively coupled to the non-transitory memory;
  
  the processor configured to execute instructions to;
  
  receive, from an administrator within the enterprise network, authentication information associated with a mobile device located outside of the enterprise network, the authentication information being sent by the administrator on behalf of a user of the mobile device in response to a request from the server to the mobile device, wherein the request is associated with a desired amount of security between the server and mobile device;
  
  establish a secure tunnel between the server and mobile device through at least one firewall in response to verification of the received authentication information, the secure tunnel providing the mobile device direct access to a single application associated with the server and preventing the mobile device from accessing data on the enterprise network not associated with the single application, wherein establishing the secure tunnel comprises selecting the secure tunnel, from a plurality of secure tunnels that satisfy the desired amount of security, based on connection speeds of the plurality of secure tunnels, and wherein establishing the secure tunnel between the server and mobile device does not require the user of the mobile device to input the authentication information and login credentials; and
  
  provide, to the mobile device via the established secure tunnel, in response to a request from the mobile device, data associated with the single application associated with the server, wherein the data associated with the single application is encrypted based on the desired amount of security and the request from the mobile device includes login credentials of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server as recited in claim 1, wherein the received authentication information is generated by an electronic device located within the enterprise network.
  - 3. The server as recited in claim 1, wherein the received authentication information is generated by a mobile device management server located within the enterprise network.
  - 4. The server as recited in claim 1, wherein the data associated with the single application associated with the server is located on a storage device located on the server.
  - 5. The server as recited in claim 1, wherein the data associated with the single application associated with the server is located on a data storage device, within the enterprise network, that is securely coupled to the server.
  - 6. The server as recited in claim 1, wherein the processor is further configured to execute instructions to package the data, the packaging of the data for transmission includes encrypting the data.
  - 7. The server as recited in claim 6, wherein the secure tunnel is an endpoint to endpoint secure tunnel that allows for the packaged data to remain secure between the server and the mobile device by traveling along an encrypted secure tunnel.
  - 8. The server as recited in claim 1, wherein the authentication information is a mobile device identification number.
  - 9. The server as recited in claim 1, wherein the single application associated with the server is one of a database application, a file management application, or an analytic application.
  - 10. The server as recited in claim 1, wherein establishing the secure tunnel comprises selecting the secure tunnel that has a fastest connection speed from the plurality of secure tunnels that satisfy the desired amount of security.

11. A mobile device comprising:
- a non-transitory memory;
  
  a processor coupled to the non-transitory memory; and
  
  the processor configured to execute instructions to;
  
  send a request, in response to receiving an input into the mobile device, for receipt of data from a server via a secure tunnel, the data being associated with a single application associated with the server, wherein the data associated with the single application is encrypted based on a desired level of encryption and the request includes login credentials of a user;
  
  receive the requested data transmitted over the secure tunnel, wherein the secure tunnel is established between the mobile device and the server, with the mobile device being located outside of an enterprise network and the server located within the enterprise network behind one or more firewalls, wherein the secure tunnel is established in response to verification of authentication information associated with the mobile device transmitted by an administrator, on behalf of a user of the mobile device, within the enterprise network to the server in response to a request from the server to the mobile device, wherein the request is associated with the desired level of encryption, and wherein establishing the secure tunnel between the mobile device and the server does not require the user of the mobile device to input the authentication information and the login credentials; and
  
  wherein the secure tunnel provides the mobile device direct access to the single application associated with the server and prevents the mobile device from accessing data on the enterprise network not associated with the single application, and wherein the secure tunnel is established based on an availability of the mobile device to handle the desired level of encryption.
- View Dependent Claims (12, 13, 14)
- - 12. The mobile device as recited in claim 11, wherein the authentication information is a mobile device identification number.
  - 13. The mobile device as recited in claim 11, wherein the authentication information is a mobile device identification number and login data.
  - 14. The mobile device as recited in claim 11, wherein the secure tunnel is an endpoint to endpoint secure tunnel that allows for the data to remain secure between the server and the mobile device by traveling along an encrypted secure tunnel.

15. A system comprising:
- a server located within an enterprise network;
  
  a firewall securely coupled to the server;
  
  a relay securely coupled to the firewall;
  
  a wireless network securely coupled to the relay;
  
  a mobile device securely coupled to the wireless network and located outside of the enterprise network;
  
  the mobile device having authentication information stored thereon;
  
  the server securely coupled to the firewall and having instructions stored thereon to cause the server to;
  
  execute a single application configured to allow the mobile device to access data associated with the single application;
  
  receive, from an administrator within the enterprise network, authentication information associated with the mobile device, the authentication information being sent by the administrator on behalf of a user of the mobile device in response to a request from the server to the mobile device, wherein the request is associated with a desired amount of security between the server and mobile device; and
  
  establish a secure tunnel between the server and mobile device through at least one firewall and relay in response to verification of the received authentication information, the secure tunnel providing the mobile device direct access to the single application associated with the server;
  
  providing, to the mobile device via the established secure tunnel, in response to a request from the mobile device, data associated with the single application, wherein the data associated with the single application is encrypted based on the desired amount of security and the request from the mobile device includes login credentials of the user; and
  
  preventing, via the established secure tunnel, the mobile device from accessing data on the enterprise network not associated with the single application, wherein establishing the secure tunnel comprises selecting the secure tunnel, from a plurality of secure tunnels that satisfy the desired amount of security, based on connection speeds of the plurality of secure tunnels, and wherein establishing the secure tunnel between the server and mobile device does not require the user of the mobile device to input the authentication information and login credentials.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system as recited in claim 15, wherein the single application associated with the server is one of a database application, a file management application, or an analytic application.
  - 17. The system as recited in claim 15, wherein the secure tunnel is an endpoint to endpoint secure tunnel that allows for the data to remain secure between the server and the mobile device by traveling along an encrypted secure tunnel.
  - 18. The system as recited in claim 15, wherein the data associated with the single application associated with the server is located on a storage device located on the server.
  - 19. The system as recited in claim 15, wherein the authentication information is a mobile device identification number.
  - 20. The system as recited in claim 15, wherein establishing the secure tunnel comprises selecting the secure tunnel that has a fastest connection speed from the plurality of secure tunnels that satisfy the desired amount of security.

21. A non-transitory computer readable medium comprising instructions for execution by a processor to:
- receive, by a server located on an enterprise network behind at least one firewall, authentication information associated with a mobile device located outside of the enterprise network, the authentication information being sent from an administrator, on behalf of a user of the mobile device, within the enterprise network in response to a request from the server to the mobile device, wherein the request is associated with a desired level of encryption;
  
  establish a secure tunnel between the server and mobile device through the at least one firewall in response to verification of the received authentication information, the secure tunnel providing the mobile device direct access to a single application associated with the server and preventing the mobile device from accessing data on the enterprise network not associated with the single application, wherein the secure tunnel is established based on an availability of the mobile device to handle the desired level of encryption, wherein establishing the secure tunnel between the server and mobile device does not require the user of the mobile device to input the authentication information and login credentials; and
  
  provide, to the mobile device via the established secure tunnel, in response to a request from the mobile device, data associated with the single application associated with the server, wherein the data associated with the single application is encrypted based on the desired level of encryption and the request from the mobile device includes login credentials of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Ostrowski, Gregg
Primary Examiner(s)
POTRATZ, DANIEL B

Application Number

US13/766,107
Publication Number

US 20140230041A1
Time in Patent Office

1,294 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/606   by securing the transmissio...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 67/568   Storing data temporarily at...

H04W 12/069   using certificates or pre-s...

Secure electronic device application connection to an application server

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure electronic device application connection to an application server

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links