Secure mobile app connection bus

US 9,537,835 B2
Filed: 04/17/2015
Issued: 01/03/2017
Est. Priority Date: 12/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method of secure communication between mobile applications, comprising:

providing, from a first mobile application on a mobile device to a second mobile application on the mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein a library associated with the second mobile application validates an identifier associated with the first mobile application and wherein the data storage location comprises a shared keychain location;

retrieving, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information, the identifier associated with the data storage location, and the first mobile application being validated, and wherein the second mobile application is configured to generate and include in the second encryption information an application identifier associated with the second mobile application;

validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and

transferring data securely between the first mobile application and the second mobile application via the data storage location, including by encrypting the data using a second encryption key included in the second encryption information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

23 Citations

View as Search Results

20 Claims

1. A method of secure communication between mobile applications, comprising:
- providing, from a first mobile application on a mobile device to a second mobile application on the mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein a library associated with the second mobile application validates an identifier associated with the first mobile application and wherein the data storage location comprises a shared keychain location;
  
  retrieving, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information, the identifier associated with the data storage location, and the first mobile application being validated, and wherein the second mobile application is configured to generate and include in the second encryption information an application identifier associated with the second mobile application;
  
  validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transferring data securely between the first mobile application and the second mobile application via the data storage location, including by encrypting the data using a second encryption key included in the second encryption information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20)
- - 2. The method of claim 1, wherein the first mobile application comprises a management agent.
  - 3. The method of claim 1, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part by including in the second mobile application a mobile app management library.
  - 4. The method of claim 1, wherein the data storage location comprises a paste board.
  - 5. The method of claim 1, wherein the first encryption information comprises a public key associated with the first mobile application.
  - 6. The method of claim 1, wherein the second encryption information comprises a public key and the second mobile application is configured to retrieve encrypted data stored in the data storage location by the first mobile application and use a private key associated with the second mobile application to decrypt the encrypted data.
  - 7. The method of claim 1, wherein the second mobile application is configured to transfer data to the first mobile application at least in part by using the first encryption information to encrypt data to be transferred, and storing the encrypted data in the data storage location.
  - 8. The method of claim 1, wherein the first encryption information is received by the first mobile application from a security management platform external to the mobile device.
  - 9. The method of claim 1, wherein the first mobile application is configured to generate the identifier associated with the data storage location.
  - 19. The method of claim 1, wherein the library includes a list of trusted application and the library validates the first mobile application based on whether the identifier associated with the first mobile application is on the list of trusted applications.
  - 20. The method of claim 1, wherein the library modifies code associated with the second application to modify a behavior of the second application.

10. A mobile device, comprising:
- a storage device; and
  
  a processor coupled to the storage device and configured to;
  
  provide, from a first mobile application on a mobile device to a second mobile application on the mobile device, a first encryption information and an identifier associated with a data storage location on the storage device, wherein a library associated with the second mobile application validates an identifier associated with the first mobile application and wherein the data storage location comprises a paste board;
  
  retrieve, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information, the identifier associated with the data storage location, and the first mobile application being validated, and wherein the second mobile application is configured to generate and include in the second encryption information an application identifier associated with the second mobile application;
  
  validate an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transfer data securely between the first mobile application and the second mobile application via the data storage location, including by encrypting the data using a second encryption key included in the second encryption information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the first mobile application comprises a management agent.
  - 12. The system of claim 10, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part by including in the second mobile application a mobile app management library.
  - 13. The system of claim 10, wherein the data storage location comprises a paste board.
  - 14. The system of claim 10, wherein the first encryption information comprises a public key associated with the first mobile application.
  - 15. The system of claim 10, wherein the second encryption information comprises a public key and the second mobile application is configured to retrieve encrypted data stored in the data storage location by the first mobile application and use a private key associated with the second mobile application to decrypt the encrypted data.
  - 16. The system of claim 10, wherein the second mobile application is configured to transfer data to the first mobile application at least in part by using the first encryption information to encrypt data to be transferred, and storing the encrypted data in the data storage location.
  - 17. The system of claim 10, wherein the first encryption information is received by the first mobile application from a security management platform external to the mobile device.

18. A computer program product to provide secure communication between mobile applications, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
- providing, from a first mobile application on a mobile device to a second mobile application on the mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein a library associated with the second mobile application validates an identifier associated with the first mobile application and wherein the data storage location comprises a paste board;
  
  retrieving, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information, the identifier associated with the data storage location, and the first mobile application being validated, and wherein the second mobile application is configured to generate and include in the second encryption information an application identifier associated with the second mobile application;
  
  validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and
  
  transferring data securely between the first mobile application and the second mobile application via the data storage location, including by encrypting the data using a second encryption key included in the second encryption information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Kim, Mansu, Sirota, Joshua, Batchu, Suresh Kumar
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US14/690,311
Publication Number

US 20150319143A1
Time in Patent Office

627 Days
Field of Search

380/282
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6281   at program execution time, ...

G06F 9/54   Interprogram communication

H04L 63/0428   wherein the data content is...

H04L 9/08   Key distribution or managem...

H04W 12/041   Key generation or derivation

H04W 12/30   Security of mobile devices;...

Secure mobile app connection bus

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile app connection bus

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links