Secure mobile framework

US 9,473,533 B2
Filed: 05/01/2014
Issued: 10/18/2016
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a gateway server, providing remote devices with access to services of an enterprise, wherein each remote device has stored in memory one or more applications managed by the enterprise;

an authenticator, accessible by the gateway server, and including a processor configured to;

determine if a user of one of the remote devices is authorized to access the enterprise; and

construct policies regarding the management of the one or more applications, wherein the policies are based on the services that the user of the one of the remote devices is authorized to access on the one of the remote devices;

a token generator accessible by the gateway and including a processor configured to;

generate one or more tokens for creating secure connections between the one or more applications managed by the enterprise and the services, wherein the one or more tokens includes a user binding token comprising an amalgamated, unique representation of a user identifier of the user, a device identifier of the remote device of the user, an application family associated with the one or more applications, and a device type associated with the device identifier; and

a communications module including a processor configured to communicate the policies to the remote devices.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client side security mechanisms, binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system.

49 Citations

View as Search Results

12 Claims

1. A system comprising:
- a gateway server, providing remote devices with access to services of an enterprise, wherein each remote device has stored in memory one or more applications managed by the enterprise;
  
  an authenticator, accessible by the gateway server, and including a processor configured to;
  
  determine if a user of one of the remote devices is authorized to access the enterprise; and
  
  construct policies regarding the management of the one or more applications, wherein the policies are based on the services that the user of the one of the remote devices is authorized to access on the one of the remote devices;
  
  a token generator accessible by the gateway and including a processor configured to;
  
  generate one or more tokens for creating secure connections between the one or more applications managed by the enterprise and the services, wherein the one or more tokens includes a user binding token comprising an amalgamated, unique representation of a user identifier of the user, a device identifier of the remote device of the user, an application family associated with the one or more applications, and a device type associated with the device identifier; and
  
  a communications module including a processor configured to communicate the policies to the remote devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, further comprising a discovery service to determine which of the services of the enterprise to connect with the one or more applications.
  - 3. The system of claim 2, wherein the discovery service selects which of the services to connect with the one or more applications based on the user and a set of associated privileges.
  - 4. The system of claim 1, wherein the token generator generates an enterprise authentication token and a framework authentication token.
  - 5. The system of claim 4, wherein framework authentication token includes the enterprise authentication token, the user binding token, and a framework authentication token expiration date.
  - 6. The system of claim 4, wherein the user binding token is generated based on a user identifier, a device identifier, device type identifier, and an application family identifier.
  - 7. The system of claim 1, further comprising an anomaly detector to monitor activity between the remote devices and the services and generate an anomaly indicator, and wherein the anomaly detector further determines a reaction to the anomaly indicator.
  - 8. The system of claim 1, wherein the gateway server includes multiple levels each of which provides isolated authentication protocols and activity logging.
  - 9. The system of claim 8, wherein the multiple levels include a perimeter gateway and an intermediate gateway.
  - 10. The system of claim 9, wherein the intermediate gateway uses mobile device telemetry and configuration settings to generate indicators of fraud or anomaly detection.
  - 11. The system of claim 1, wherein the policies constructed regarding the management of the one or more applications include a unique policy for each of the one or more applications.
  - 12. The system of claim 1, wherein the policies constructed regarding the management of the one or more applications include a common policy for a subset of the one or more applications that share access to authorization and authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synchronoss Technologies Incorporated
Original Assignee
SNCR, LLC
Inventors
Faltyn, Daniel, Smith, Andrew J. R.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BELL, KALISH K

Application Number

US14/267,399
Publication Number

US 20140245378A1
Time in Patent Office

901 Days
Field of Search

709/203, 709/225, 709/229, 726/1, 726/2, 726/3, 726/27
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Secure mobile framework

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile framework

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links