Provisioning a mobile device with a security application on the fly
First Claim
1. A method of provisioning a mobile device with a security application on the fly, the method comprising:
- providing, by processing circuitry of the mobile device, an initial access request to an enterprise gateway which is operated by an enterprise, the initial access request requesting access to a set of enterprise resources of the enterprise;
receiving, by the processing circuitry, an enterprise response message from the enterprise gateway in response to the initial access request, the enterprise response message denying access to the set of enterprise resources of the enterprise; and
automatically prompting, by the processing circuitry, the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise;
wherein the enterprise response message includes an address identifying the application server;
wherein prompting the mobile device to install the mobile security application from the application server includes;
prompting a user of the mobile device for an accept command to (i) download the mobile security application from the application server and (ii) automatically install the mobile security application on the mobile device;
wherein the initial access request is sent to the enterprise gateway via a browser running on the mobile device;
wherein the address identifying the application server is a universal resource locator (URL) which identifies a security application distribution website as the application server;
wherein the method further comprises;
receiving the accept command from the user of the mobile device,in response to the accept command, providing an application request to the security application distribution website based on the URL,receiving a website response to the application request from the security application distribution website, the website response including downloading and installation of the mobile security application on the mobile device,after the mobile security application is downloaded and installed on the mobile device, invoking the mobile security application to establish an activation session between the mobile device and a security server,while the activation session between the mobile device and the security server is established, sending a set of authentication factors to the security server to enable the security server to create a user profile based on the set of authentication factors and bind the user profile to the enterprise,after the user profile is bound to the enterprise, providing an authentication request to the security server using the mobile security application, the authentication request including a new set of authentication factors, andreceiving an authentication response from the security server in response to the authentication request;
wherein the authentication response includes an access token from the security server; and
wherein the method further comprises;
providing another access request to the enterprise gateway which is operated by the enterprise, the other access request including the access token from the security server, andreceiving another enterprise response message from the enterprise gateway in response to the other access request, the other enterprise response message granting access to the set of enterprise resources of the enterprise.
9 Assignments
0 Petitions
Accused Products
Abstract
A technique provisions a mobile device (e.g., a smart phone, a tablet, a personal digital assistant, etc.) with a security application on the fly. The technique involves providing, by processing circuitry of the mobile device, an initial access request to an enterprise gateway which is operated by an enterprise. The technique further involves receiving, by the processing circuitry, an enterprise response message from the enterprise gateway in response to the initial access request. The enterprise response message denies access to a set of enterprise resources of the enterprise. The technique further involves automatically prompting, by the processing circuitry, the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise.
31 Citations
16 Claims
-
1. A method of provisioning a mobile device with a security application on the fly, the method comprising:
-
providing, by processing circuitry of the mobile device, an initial access request to an enterprise gateway which is operated by an enterprise, the initial access request requesting access to a set of enterprise resources of the enterprise; receiving, by the processing circuitry, an enterprise response message from the enterprise gateway in response to the initial access request, the enterprise response message denying access to the set of enterprise resources of the enterprise; and automatically prompting, by the processing circuitry, the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise; wherein the enterprise response message includes an address identifying the application server; wherein prompting the mobile device to install the mobile security application from the application server includes; prompting a user of the mobile device for an accept command to (i) download the mobile security application from the application server and (ii) automatically install the mobile security application on the mobile device; wherein the initial access request is sent to the enterprise gateway via a browser running on the mobile device; wherein the address identifying the application server is a universal resource locator (URL) which identifies a security application distribution website as the application server; wherein the method further comprises; receiving the accept command from the user of the mobile device, in response to the accept command, providing an application request to the security application distribution website based on the URL, receiving a website response to the application request from the security application distribution website, the website response including downloading and installation of the mobile security application on the mobile device, after the mobile security application is downloaded and installed on the mobile device, invoking the mobile security application to establish an activation session between the mobile device and a security server, while the activation session between the mobile device and the security server is established, sending a set of authentication factors to the security server to enable the security server to create a user profile based on the set of authentication factors and bind the user profile to the enterprise, after the user profile is bound to the enterprise, providing an authentication request to the security server using the mobile security application, the authentication request including a new set of authentication factors, and receiving an authentication response from the security server in response to the authentication request; wherein the authentication response includes an access token from the security server; and wherein the method further comprises; providing another access request to the enterprise gateway which is operated by the enterprise, the other access request including the access token from the security server, and receiving another enterprise response message from the enterprise gateway in response to the other access request, the other enterprise response message granting access to the set of enterprise resources of the enterprise. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile device, comprising:
-
a wireless interface; memory; and control circuitry coupled to the wireless interface and the memory, the memory storing instructions which, when carried out by the control circuitry, cause the control circuitry to; provide, through the wireless interface, an initial access request to an enterprise gateway which is operated by an enterprise, receive, through the wireless interface, an enterprise response message from the enterprise gateway in response to the initial access request, the enterprise response message denying access to a set of enterprise resources of the enterprise, and automatically prompt the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise; wherein the enterprise response message includes an address identifying the application server; wherein the control circuitry, when prompting the mobile device to install the mobile security application from the application server, is constructed and arranged to; prompt a user of the mobile device for an accept command to (i) download the mobile security application from the application server and (ii) automatically install the mobile security application on the mobile device; wherein the initial access request is sent to the enterprise gateway via a browser running on the mobile device; wherein the address identifying the application server is a universal resource locator (URL) which identifies a security application distribution website as the application server; wherein the control circuitry is further constructed and arranged to; receive the accept command from the user of the mobile device, in response to the accept command, provide an application request to the security application distribution website based on the URL, receive a website response to the application request from the security application distribution website, the website response including downloading and installation of the mobile security application on the mobile device, after the mobile security application is downloaded and installed on the mobile device, invoke the mobile security application to establish an activation session between the mobile device and a security server, while the activation session between the mobile device and the security server is established, send a set of authentication factors to the security server to enable the security server to create a user profile based on the set of authentication factors and bind the user profile to the enterprise, after the user profile is bound to the enterprise, provide an authentication request to the security server using the mobile security application, the authentication request including a new set of authentication factors, and receive an authentication response from the security server in response to the authentication request; wherein the authentication response includes an access token from the security server; and wherein the control circuitry is further constructed and arranged to; provide another access request to the enterprise gateway which is operated by the enterprise, the other access request including the access token from the security server, and receive another enterprise response message from the enterprise gateway in response to the other access request, the other enterprise response message granting access to the set of enterprise resources of the enterprise. - View Dependent Claims (10, 11, 12)
-
-
13. A computer program product having a non-transitory computer readable medium which stores a set of instructions to provision a mobile device with a security application on the fly, the set of instructions, when carried out by computerized circuitry of the mobile device, causing the computerized circuitry to perform a method of:
-
providing an initial access request to an enterprise gateway which is operated by an enterprise; receiving an enterprise response message from the enterprise gateway in response to the initial access request, the enterprise response message denying access to a set of enterprise resources of the enterprise; and automatically prompting the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise; wherein the enterprise response message includes an address identifying the application server; wherein prompting the mobile device to install the mobile security application from the application server includes; prompting a user of the mobile device for an accept command to (i) download the mobile security application from the application server and (ii) automatically install the mobile security application on the mobile device; wherein the initial access request is sent to the enterprise gateway via a browser running on the mobile device; wherein the address identifying the application server is a universal resource locator (URL) which identifies a security application distribution website as the application server; wherein the method further comprises; receiving the accept command from the user of the mobile device, in response to the accept command, providing an application request to the security application distribution website based on the URL, receiving a website response to the application request from the security application distribution website, the website response including downloading and installation of the mobile security application on the mobile device, after the mobile security application is downloaded and installed on the mobile device, invoking the mobile security application to establish an activation session between the mobile device and a security server, while the activation session between the mobile device and the security server is established, sending a set of authentication factors to the security server to enable the security server to create a user profile based on the set of authentication factors and bind the user profile to the enterprise, after the user profile is bound to the enterprise, providing an authentication request to the security server using the mobile security application, the authentication request including a new set of authentication factors, and receiving an authentication response from the security server in response to the authentication request; wherein the authentication response includes an access token from the security server; and wherein the method further comprises; providing another access request to the enterprise gateway which is operated by the enterprise, the other access request including the access token from the security server; and receiving another enterprise response message from the enterprise gateway in response to the other access request, the other enterprise response message granting access to the set of enterprise resources of the enterprise. - View Dependent Claims (14, 15, 16)
-
Specification