Secure mobile framework
First Claim
1. A method comprising:
- receiving, at a gateway, an authentication request from an initiating device to authenticate an end-user, an enterprise managed application, and the initiating device in order to establish a service connection between the enterprise managed application running on the initiating device and an enterprise service,wherein the authentication request includes authentication credentials associated with the end-user, a device identifier, and an indication of an application family governed by a common application family security policy such that applications in the application family share access to authorization and authentication information on a given device, for a given user; and
generating a framework authentication token having an expiration date and the common application family security policy, wherein the framework authentication token is generated using an amalgamated, unique representation of the credentials associated with the end-user, the device identifier, the application family, and a device type associated with the device identifier;
transmitting the framework authentication token and the common application family security policy to the initiating device,wherein upon receipt the initiating device initiates a service connection request based on the framework authentication token and the common application family security policy; and
wherein the service connection request includes a canonical name of the enterprise service;
receiving the service connection request from the initiating device;
mapping, upon successful validation of the service connection request, the canonical name of the enterprise service to an address associated with the enterprise service; and
creating a secure connection between the enterprise service and the initiating device using the address associated with the enterprise service.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client side security mechanisms, binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system.
59 Citations
23 Claims
-
1. A method comprising:
-
receiving, at a gateway, an authentication request from an initiating device to authenticate an end-user, an enterprise managed application, and the initiating device in order to establish a service connection between the enterprise managed application running on the initiating device and an enterprise service, wherein the authentication request includes authentication credentials associated with the end-user, a device identifier, and an indication of an application family governed by a common application family security policy such that applications in the application family share access to authorization and authentication information on a given device, for a given user; and generating a framework authentication token having an expiration date and the common application family security policy, wherein the framework authentication token is generated using an amalgamated, unique representation of the credentials associated with the end-user, the device identifier, the application family, and a device type associated with the device identifier; transmitting the framework authentication token and the common application family security policy to the initiating device, wherein upon receipt the initiating device initiates a service connection request based on the framework authentication token and the common application family security policy; and wherein the service connection request includes a canonical name of the enterprise service; receiving the service connection request from the initiating device; mapping, upon successful validation of the service connection request, the canonical name of the enterprise service to an address associated with the enterprise service; and creating a secure connection between the enterprise service and the initiating device using the address associated with the enterprise service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
-
-
8. A non-transitory computer-readable medium containing instructions that when executed by one or more processors cause a machine to:
-
receive an authentication request from an initiating device to authenticate an end-user, an enterprise managed application, and the initiating device in order to establish a service connection between the enterprise managed application running on the initiating device and an enterprise service, wherein the authentication request includes authentication credentials associated with the end-user, a device identifier, and an indication of an application family governed by a common application family security policy such that applications in the application family share access to authorization and authentication information on a given device, for a given user; generate a framework authentication token having an expiration date and the common application family security policy, wherein the framework authentication token is generated using an amalgamated, unique representation of the credentials associated with the end-user, the device identifier, the application family, and a device type associated with the device identifier; transmit the framework authentication token and the common application family security policy to the initiating device; receive a service connection request from the initiating device based on the framework authentication token and the common application family security policy, wherein the service connection request includes a canonical name of the enterprise service; map, upon successful validation of the service connection request, the canonical name of the enterprise service to an address associated with the enterprise service; and map, upon successful validation of the service connection request, the canonical name of the enterprise service to an address associated with the enterprise service; and create a secure connection between the enterprise service and the initiating device using the address associated with the enterprise service. - View Dependent Claims (9, 10, 11, 12, 13, 14, 22)
-
-
15. A system comprising:
-
means for receiving an authentication request from an initiating device to authenticate an end-user, an enterprise managed application, and the initiating device in order to establish a service connection between the enterprise managed application running on the initiating device and an enterprise service, wherein the authentication request includes authentication credentials associated with the end-user, a device identifier, and an indication of an application family governed by a common application family security policy such that applications in the application family share access to authorization and authentication information on a given device, for a given user; means for generating a framework authentication token having an expiration date and the common application family security policy, wherein the framework authentication token is generated using an amalgamated, unique representation of the credentials associated with the end-user, the device identifier, the application family, and a device type associated with the device identifier; means for transmitting the framework authentication token and the common application family security policy to the initiating device; means for receiving a service connection request from the initiating device based on the framework authentication token and the common application family security policy, wherein the service connection request includes a canonical name of the enterprise service; means for mapping, upon successful validation of the service connection request, the canonical name of the enterprise service to an address associated with the enterprise service; and means for creating a secure connection between the enterprise service and the initiating device using the address associated with the enterprise service. - View Dependent Claims (16, 17, 18, 19, 20, 23)
-
Specification