Secure mobile framework
First Claim
1. A method comprising:
- receiving, at a gateway associated with an enterprise, an authentication request from a remote user device to access a service provided by the enterprise, wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, andwherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device;
generating a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access;
transmitting the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and
receiving, from the remote user device, the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client side security mechanisms, binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system.
-
Citations
25 Claims
-
1. A method comprising:
-
receiving, at a gateway associated with an enterprise, an authentication request from a remote user device to access a service provided by the enterprise, wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, and wherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device; generating a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access; transmitting the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and receiving, from the remote user device, the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium containing a set of instructions that when executed by one or more processors cause a machine to:
-
receive an authentication request from a remote user device to access a service provided by an enterprise, wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, and wherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device; generate a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access; transmit the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and receive the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system comprising:
-
a processor;
a communication port to receive an authentication request from a remote user device to access a service provided by an enterprise,wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, and wherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device; a framework authentication system, controlled by the processor, to generate a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access, wherein the framework authentication system uses the communication port to transmit the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and a service authenticator to determine, upon receiving the connection request based on the framework authentication token and the secure policy, if the remote user device is authorized to access the service.
-
Specification