System and method for providing a trust framework using a secondary network
First Claim
1. A method of initiating secure communication between a mobile device and a web server of a public network, said method comprising:
- receiving a certificate at said mobile device from said web server through a primary network path connecting said mobile device to said public network, said primary network path including a firewall configured to interfere with operation of a domain name system (DNS) server of the public network when the DNS server is validating the certificate, wherein the firewall is configured to interfere with operation of the DNS server by at least one of;
modifying the certificate received from the mobile device to change an internet protocol (IP) address of an online certificate status protocol (OSCP) server of the public network;
limiting access to the OCSP server when receiving a request for OCSP validation of the certificate from the DNS server;
limiting access to the DNS server when querying for the IP address of the OSCP server;
modifying a response from the DNS server when querying the DNS server for the IP address of the OSCP server;
orreturning an incorrect IP address for the OSCP server to the mobile device when querying the DNS server for the IP address of the OSCP server;
sending, from said mobile device, a request to a trust and security management server to validate said certificate, wherein said trust and security management server validates said certificate by communicating the DNS server of said public network through a separate secondary network path that is different than the primary network path;
receiving, at said mobile device, a response to said request from said trust and security management server, said response indicating whether said certificate is valid; and
establishing, at said mobile device, secure communications between said mobile device and said web server, through said primary network path, when the response to said request received from said trust and security management server indicates that said certificate is valid.
11 Assignments
0 Petitions
Accused Products
Abstract
A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.
35 Citations
17 Claims
-
1. A method of initiating secure communication between a mobile device and a web server of a public network, said method comprising:
-
receiving a certificate at said mobile device from said web server through a primary network path connecting said mobile device to said public network, said primary network path including a firewall configured to interfere with operation of a domain name system (DNS) server of the public network when the DNS server is validating the certificate, wherein the firewall is configured to interfere with operation of the DNS server by at least one of; modifying the certificate received from the mobile device to change an internet protocol (IP) address of an online certificate status protocol (OSCP) server of the public network; limiting access to the OCSP server when receiving a request for OCSP validation of the certificate from the DNS server; limiting access to the DNS server when querying for the IP address of the OSCP server; modifying a response from the DNS server when querying the DNS server for the IP address of the OSCP server;
orreturning an incorrect IP address for the OSCP server to the mobile device when querying the DNS server for the IP address of the OSCP server; sending, from said mobile device, a request to a trust and security management server to validate said certificate, wherein said trust and security management server validates said certificate by communicating the DNS server of said public network through a separate secondary network path that is different than the primary network path; receiving, at said mobile device, a response to said request from said trust and security management server, said response indicating whether said certificate is valid; and establishing, at said mobile device, secure communications between said mobile device and said web server, through said primary network path, when the response to said request received from said trust and security management server indicates that said certificate is valid. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer-readable medium storing a computer program comprising computer-executable instructions for initiating secure communication between a mobile device and a web server of a public network, wherein the instructions when executed cause a processor of the mobile device to perform operations comprising:
-
receiving a certificate at said mobile device from said web server through a primary network path connecting the mobile device to said public network, said primary network path including a firewall configured to interfere with operation of a domain name system (DNS) sever of the public network when the DNS server is validating the certificate, wherein the firewall is configured to interfere with operation of the DNS server by at least one of; modifying the certificate received from the mobile device to change an internet protocol (IP) address of an online certificate status protocol (OSCP) server of the public network; limiting access to the OCSP server when receiving a request for OCSP validation of the certificate from the DNS server; limiting access to the DNS server when querying for the IP address of the OSCP server; modifying a response from the DNS server when querying the DNS server for the IP address of the OSCP server;
orreturning an incorrect IP address for the OSCP server to the mobile device when querying the DNS server for the IP address of the OSCP server; sending, from said mobile device, a request to a trust and security management server to validate said certificate, wherein said trust and security management server is configured to validate said certificate by communicating with a DNS server of said public network through a separate secondary network path that is different than the primary network path; receiving, at said mobile device, a response to said request from said trust and security management server, said response indicating whether said certificate is valid; and establishing, at said mobile device, secure communications between said mobile device and said web server, through said primary network path, when the response to said request received from said trust and security management server indicates that said certificate is valid. - View Dependent Claims (6, 7, 12)
-
-
8. A system comprising:
-
a public network comprising a web server, a domain name system (DNS) server, and an online certificate status protocol (OCPS) server; a mobile device in communication with the web server and the DNS server of the public network through a primary network path to receive a certificate, the primary network path including a firewall configured to interfere with operation of the DNS server when the DNS server is validating the certificate, wherein the firewall is configured to interfere with operation of the DNS server by at least one of; modifying the certificate received from the mobile device to change an internet protocol (IP) address of an online certificate status protocol (OSCP) server of the public network; limiting access to the OCSP server when receiving a request for OCSP validation of the certificate from the DNS server; limiting access to the DNS server when querying for the IP address of the OSCP server; modifying a response from the DNS server when querying the DNS server for the IP address of the OSCP server;
orreturning an incorrect IP address for the OSCP server to the mobile device when querying the DNS server for the IP address of the OSCP server; a private network comprising a trust and security management server, the trust and security management server in communication with the public network through a separate secondary network path that is different than the primary network path and in communication with the mobile device through a wireless network, wherein the trust and security management server is configured to; receive a request from the mobile device through the wireless network to validate the certificate; communicate with the DNS server of public network through the secondary network path to validate the certificate; and send to the mobile device, a response to said request, said response indicating whether said certificate is valid; wherein the mobile device is configured to establish secure communications between said mobile device and said web server, through said primary network path, when the response to said request received from said trust and security management server indicates that said certificate is valid. - View Dependent Claims (9, 10, 11, 13, 14, 15, 16, 17)
-
Specification