Method and Apparatus for Accessing Corporate Data from a Mobile Device

US 20130061307A1
Filed: 08/21/2012
Published: 03/07/2013
Est. Priority Date: 09/06/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a computerized device, comprising:

receiving by a buffer server a first communication request and a device key from a mobile device;

verifying the device key and a buffer server key;

sending a request with details associated with the device key and the buffer server key, to a corporate server;

receiving a response from the corporate server;

removing data from the response, and sending a reduced response to the mobile device;

receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and

sending the data that has been removed to the mobile device, upon verifying the user identification.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented communication method performed by a computerized device and a computerized communication apparatus, the method comprising: receiving by a buffer server a first communication request and a device key from a mobile device; verifying the device key and a buffer server key; sending a request with details associated with the device key and the buffer server key, to a corporate server; receiving a response from the corporate server; removing data from the response, and sending a reduced response to the mobile device; receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and sending the data that has been removed to the mobile device, upon verifying the user identification.

125 Citations

37 Claims

1. A computer-implemented method performed by a computerized device, comprising:
- receiving by a buffer server a first communication request and a device key from a mobile device;
  
  verifying the device key and a buffer server key;
  
  sending a request with details associated with the device key and the buffer server key, to a corporate server;
  
  receiving a response from the corporate server;
  
  removing data from the response, and sending a reduced response to the mobile device;
  
  receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and
  
  sending the data that has been removed to the mobile device, upon verifying the user identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer-implemented method of claim 1, wherein the response or the data removed from the response are displayed in a native application of the mobile device.
  - 3. The computer-implemented method of claim 2, wherein the native application of the mobile device presents secure and non-secure items in one view.
  - 4. The computer-implemented method of claim 1, wherein the request relates to one or more items selected from the group consisting of:
    - an e-mail message, a calendar item, a contact, a task, a reminder, a note, and a file.
  - 5. The computer-implemented method of claim 1, wherein the reduced response comprises only predetermined fields of each item, in accordance with corporate policy.
  - 6. The computer-implemented method of claim 1, further comprising:
    - setting an account on the buffer server, the account associated with the mobile device;
      
      generating the device key and the buffer server key from a corporate server key;
      
      storing the device key only on the mobile device;
      
      storing the buffer server key only on the buffer server; and
      
      setting a server Internet Protocol (IP) address on the mobile device to be an IP address of the buffer server.
  - 7. The computer-implemented method of claim 1, further comprising storing the data that has been removed on the mobile device only in accordance with a policy.
  - 8. The computer-implemented method of claim 7, wherein the policy refers to at least one item selected from the group consisting of:
    - a user of the device, type of requested information, time of request, geographic location of the mobile device, device type, data size, and data origin.
  - 9. The computer-implemented method of claim 8, further comprising monitoring.
  - 10. The computer-implemented method of claim 9 further comprising generating an alert if an attachment has been viewed.
  - 11. The computer-implemented method of claim 9 wherein the method is used for enforcing regulations.
  - 12. The computer-implemented method of claim 1, further comprising monitoring.
  - 13. The computer-implemented method of claim 12 further comprising generating an alert if an attachment has been viewed.
  - 14. The computer-implemented method of claim 12 wherein the method is used for enforcing regulations.
  - 15. The computer-implemented method of claim 1, wherein communication with the mobile device uses ActiveSync over HTTPS or ActiveSync over HTTP.
  - 16. The computer-implemented method of claim 1, wherein a user of the mobile device is prevented from manipulating the response when the mobile device is not communicating with the buffer server.
  - 17. The computer-implemented method of claim 1, wherein the user identification is selected from the group consisting of:
    - a password, a biometric characteristic of the user, proximity-based authentication, and a single-sign-on framework.

18. An apparatus having a processing unit and a storage device, the apparatus comprising a buffer server, the buffer server comprising:
- a mobile device communication component for communicating with a mobile device;
  
  a server communication component for communicating with a server;
  
  a password manipulation component for receiving a mobile device password to be used in conjunction with a buffer server password to authenticate the device, and for receiving a user characteristic from a mobile device communicating with the buffer server, and verifying a user using the mobile device; and
  
  a message processing component for processing requests from the mobile device before transferring to the server, and processing responses from the server before transferring to the mobile device,wherein reduced response is provided to the mobile device upon authentication of the device, and the removed data is provided to the device responsive to user identification.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. The apparatus of claim 18 further comprising a password manipulation component generates a mobile device password to be stored only on the mobile device and a corresponding buffer server password to be stored only on the buffer server.
  - 20. The apparatus of claim 18 wherein the requests and responses relate to one or more items selected from the group consisting of:
    - an e-mail message, a calendar item, a contact, a task, a reminder, a note and a file.
  - 21. The apparatus of claim 18, wherein the reduced response comprises only predetermined fields of each item, in accordance with corporate policy.
  - 22. The apparatus of claim 18 further comprising a policy enforcement component for enforcing a policy related to the requests or responses.
  - 23. The apparatus of claim 22 wherein the policy refers to at least one item selected from the group consisting of:
    - a user of the device, type of requested information, time of request, geographic location of the mobile device, data size, and data origin.
  - 24. The apparatus of claim 22 wherein the mobile device comprises a native application for viewing the reduced response and the removed data, and non-secure items in a unified view.
  - 25. A mobile communication device adapted to communicate with the apparatus of claim 18, the mobile communication device comprising a native application for displaying data received from a corporate server.
  - 26. The mobile communication device of claim 25, further comprising a buffer server communication component for communicating with the buffer server to receive data form a corporate server.
  - 27. The mobile communication device of claim 25, further comprising a dedicated application for providing functionality associated with the data received.
  - 28. The apparatus of claim 18 wherein the corporate server may be adapted to receive communication from a mobile device only through the buffer server.

29. A mobile communication device adapted to communicate with a corporate server, the mobile device comprising:
- an application for displaying in a unified list data received from the corporate server and data received from a second server at the same time,wherein data received from the corporate server is displayed only after further identification of the mobile device or a user of the mobile device.
- View Dependent Claims (30, 31, 32)
- - 30. The mobile communication device of claim 29, sending or deleting data is enabled only after further identification of the mobile device.
  - 31. The mobile communication device of claim 29, wherein the application is selected from the group consisting of:
    - an e-mail application, a calendar application, a contact list application, a notes application, a reminders applications and a tasks application.
  - 32. The mobile communication device of claim 29, wherein the application is selected from the group consisting of:
    - a native application and a third party application.

33. A mobile communication device adapted to communicate with a corporate server, the mobile device comprising:
- an application for displaying in a secure manner data received from the corporate server,wherein data received from the corporate server is not stored in a non-transient memory unit of the mobile communication device.

34. A computer-implemented method performed by a computerized device, comprising:
- notifying an e-mail user that a decoy e-mail will be sent;
  
  sending a decoy message to the e-mail user, the decoy message comprising a link; and
  
  raising an alert related to an illegitimate user or malware opening the decoy message, responsive to said link being accessed.

35. A computer-implemented method performed by a computerized device, comprising:
- receiving a corporate server password C;
  
  encrypting C with a first private key to obtain X;
  
  extracting X₁and X₂from X;
  
  encrypting X₁with; and
  
  encrypting X₂with a second key,wherein X₁is stored on a mobile device, X₂is stored on a buffer server, such that the mobile device securely communicates with the corporate server through the buffer server.

36. A computer-implemented method performed by a computerized device, comprising:
- receiving a corporate server password C;
  
  generating a password L; and
  
  encrypting C with L to obtain E,wherein L is stored on a mobile device, E is stored on a buffer server, such that the mobile device securely communicates with the corporate server through the buffer server.

37. A computer program product comprising:
- a non-transitory computer readable medium;
  
  a first program instruction for receiving by a buffer server a first communication request and a device key from a mobile device;
  
  a second program instruction for verifying the device key and a buffer server key;
  
  a third program instruction for sending a request with details associated with the device key and the buffer server key, to a corporate server;
  
  a fourth program instruction for receiving a response from the corporate server;
  
  a fifth program instruction for removing data from the response, and sending a reduced response to the mobile device;
  
  a sixth program instruction for receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and
  
  a seventh program instruction for sending the data that has been removed to the mobile device, upon verifying the user identification,wherein said first, second, third, fourth, fifth, sixth and seventh program instructions are stored on said non-transitory computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
LetMobile Ltd. (Ivanti Software, Inc.)
Inventors
LIVNE, Eran

Granted Patent

US 9,659,165 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Method and Apparatus for Accessing Corporate Data from a Mobile Device

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Accessing Corporate Data from a Mobile Device

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links