Secure configuration of mobile applications
First Claim
Patent Images
1. A method performed on a mobile computing device comprising:
- generating, by a server system, configuration data for a first mobile application, wherein the configuration data includes data security encryption and decryption keys;
generating, by the server system a challenge code, and the mobile computing device receiving from the server system a server-generated challenge code via a user interface;
generating, by the server system a verification value using the challenge code and the configuration data, wherein the configuration data and the challenge code are encrypted and the resulting ciphers are combined;
receiving, by the mobile computing device from the server system, a first communication that includes configuration data and verification data different from the server-originated configuration data, wherein the verification data is generated from a combination of the configuration data and the server-generated challenge code, wherein the first communication comprises an email message having an attachment, and wherein the attachment comprises the configuration data and the verification data;
executing, for a user, the first mobile application and displaying an input box allowing the user to enter the challenge code previously provided to the user;
receiving, by the mobile computing device from the user of the mobile computing device, a user-provided challenge code, wherein the user receives the user-provided challenge code over a trusted communication channel different from a communication channel over which the mobile computing device receives the first communication;
verifying, by the mobile computing device, the authenticity of the configuration data received from the first communication using the user-provided challenge code, wherein verifying includes generating a candidate verification value from a combination of the configuration data and the user-provided challenge code and comparing the candidate verification value with the verification data received in the first communication, wherein the configuration data is deemed verified when the verification data received in the first communication matches the candidate verification value; and
when the configuration data is deemed verified, then configuring, by the mobile computing device, the first mobile application using the configuration data.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user'"'"'s mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.
36 Citations
20 Claims
-
1. A method performed on a mobile computing device comprising:
-
generating, by a server system, configuration data for a first mobile application, wherein the configuration data includes data security encryption and decryption keys; generating, by the server system a challenge code, and the mobile computing device receiving from the server system a server-generated challenge code via a user interface; generating, by the server system a verification value using the challenge code and the configuration data, wherein the configuration data and the challenge code are encrypted and the resulting ciphers are combined; receiving, by the mobile computing device from the server system, a first communication that includes configuration data and verification data different from the server-originated configuration data, wherein the verification data is generated from a combination of the configuration data and the server-generated challenge code, wherein the first communication comprises an email message having an attachment, and wherein the attachment comprises the configuration data and the verification data; executing, for a user, the first mobile application and displaying an input box allowing the user to enter the challenge code previously provided to the user; receiving, by the mobile computing device from the user of the mobile computing device, a user-provided challenge code, wherein the user receives the user-provided challenge code over a trusted communication channel different from a communication channel over which the mobile computing device receives the first communication; verifying, by the mobile computing device, the authenticity of the configuration data received from the first communication using the user-provided challenge code, wherein verifying includes generating a candidate verification value from a combination of the configuration data and the user-provided challenge code and comparing the candidate verification value with the verification data received in the first communication, wherein the configuration data is deemed verified when the verification data received in the first communication matches the candidate verification value; and when the configuration data is deemed verified, then configuring, by the mobile computing device, the first mobile application using the configuration data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system including a mobile computing device comprising:
-
a data processor; and a data storage device having stored thereon computer executable program code, the computer executable program code, when executed by the data processor, causes the data processor to; generate, by a server system, configuration data for a first mobile application, wherein the configuration data includes data security encryption and decryption keys; generate, by the server system a challenge code, and receive from the server system by the mobile computing device a server-generated challenge code via a user interface; generate, by the server system a verification value using the challenge code and the configuration data, wherein the configuration data and the challenge code are encrypted and the resulting ciphers are combined; receive from the server system a first communication that includes configuration data and verification data different from the server-originated configuration data, wherein the verification data is generated from a combination of the configuration data and the server-generated challenge code, wherein the first communication comprises an email message having an attachment, and wherein the attachment comprises the configuration data and the verification data; execute, for a user, the first mobile application and displaying an input box allowing the user to enter the challenge code previously provided to the user; receive, from the user of the mobile computing device, a user-provided challenge code, wherein the user receives the user-provided challenge code over a trusted communication channel different from a communication channel over which the mobile computing device receives the first communication; verify the authenticity of the configuration data received from the first communication using the user-provided challenge code, wherein verifying includes generating a candidate verification value by applying the secure hash function to a combination of the configuration data and the user-provided challenge code and comparing the candidate verification value with the verification data received in the first communication, wherein the configuration data is deemed verified when the verification data received in the first communication matches the candidate verification value; and when the configuration data is deemed verified, then the mobile computing device configuring the first mobile application using the configuration data. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium having stored thereon computer executable program code, which when executed by a mobile computing device, causes the computer to perform steps of:
-
generating, by a server system, configuration data for a first mobile application, wherein the configuration data includes data security encryption and decryption keys; generating, by the server system a challenge code, and the mobile computing device receiving from the server system a server-generated challenge code via a user interface; generating, by the server system a verification value using the challenge code and the configuration data, wherein the configuration data and the challenge code are encrypted and the resulting ciphers are combined; receiving from the server system a first communication that includes configuration data and verification data different from the server-originated configuration data, wherein the verification data is generated from a combination of the configuration data and the server-generated challenge code, wherein the first communication comprises an email message having an attachment, and wherein the attachment comprises the configuration data and the verification data; executing, for a user, the first mobile application and displaying an input box allowing the user to enter the challenge code previously provided to the user; receiving from the user of the mobile computing device a user-provided challenge code, wherein the user receives the user-provided challenge code over a trusted communication channel different from a communication channel over which the mobile computing device receives the first communication; verifying the authenticity of the configuration data received from the first communication using the user-provided challenge code, wherein verifying includes generating a candidate verification value from a combination of the configuration data and the user-provided challenge code and comparing the candidate verification value with the verification data received in the first communication, wherein the configuration data is deemed verified when the verification data received in the first communication matches the candidate verification value; and when the configuration data is deemed verified, then configuring, by the mobile computing device, the first mobile application using the configuration data. - View Dependent Claims (20)
-
Specification