Secure mobile framework

US 9,565,212 B2
Filed: 04/01/2013
Issued: 02/07/2017
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a gateway associated with an enterprise, an authentication request from a remote user device to access a service provided by the enterprise, wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, andwherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device;

generating a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access;

transmitting the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and

receiving, from the remote user device, the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client side security mechanisms, binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system.

54 Citations

View as Search Results

25 Claims

1. A method comprising:
- receiving, at a gateway associated with an enterprise, an authentication request from a remote user device to access a service provided by the enterprise, wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, andwherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device;
  
  generating a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access;
  
  transmitting the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and
  
  receiving, from the remote user device, the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising generating a user binding token based on a user identifier and an application identifier.
  - 3. The method of claim 2, wherein generating the framework authentication token includes binding an enterprise authentication token, the user binding token, and a framework authentication token expiration date.
  - 4. The method of claim 3, further comprising digitally signing the framework authentication token.
  - 5. The method of claim 1, further comprising:
    - performing an operating system integrity check to determine when an expected operating system integrity is present; and
      
      denying the remote user device access to the gateway when the expected operating system integrity is not present.
  - 6. The method of claim 1, wherein the remote user device includes a secure container for storing data related to the service and the security policy provides a set of requirements indicating access controls for the application and secure container.
  - 7. The method of claim 6, wherein the framework authentication token is stored in the secure container.
  - 8. The method of claim 6, wherein access to the secure container is dependent on successful validation of a user credential and a successful operating system integrity check.
  - 9. The method of claim 1, wherein the security policy identifies a password structure and a password duration based on the service.
  - 10. The method of claim 1, further comprising:
    - monitoring interactions between the enterprise managed application and the service; and
      
      generating, upon violation of one or more fraud policies, an elevated authentication request or a termination of access to the gateway and the service.
  - 11. The method of claim 1, wherein the service includes an e-mail service, a trading service, a payment processing service, a customer relationship management service, an inventory system service, a business intelligence service, a healthcare service, a student information service, or a reservation service.
  - 12. The method of claim 1, wherein the service includes a secure service or a service containing sensitive information.

13. A non-transitory computer-readable storage medium containing a set of instructions that when executed by one or more processors cause a machine to:
- receive an authentication request from a remote user device to access a service provided by an enterprise,wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, and wherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device;
  
  generate a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access;
  
  transmit the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and
  
  receive the connection request based on the framework authentication token and the security policy, wherein a service authenticator determines if the remote user device is authorized to access the service.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the set of instructions when executed by the one or more processors further cause the machine to generate a user binding token based on a user identifier and an application identifier.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein generating the framework authentication token includes binding an enterprise authentication token, the user binding token, and a framework authentication token expiration date.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the set of instructions when executed by the one or more processors further cause the machine to digitally sign the framework authentication token.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein the set of instructions when executed by the one or more processors further cause the machine to:
    - perform an operating system integrity check to determine when an expected operating system integrity is present; and
      
      deny the remote user device access when the expected operating system integrity is not present.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the remote user device includes a secure container for storing data related to the service and the security policy provides a set of requirements indicating access controls for the application and secure container.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the framework authentication token is stored in the secure container.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein access to the secure container is dependent on successful validation of a user credential and a successful operating system integrity check.
  - 21. The non-transitory computer-readable storage medium of claim 13, wherein the security policy identifies a password structure and a password duration based on the service.
  - 22. The non-transitory computer-readable storage medium of claim 13, wherein the set of instructions when executed by the one or more processors further cause the machine to:
    - monitor interactions between the enterprise managed application and the service; and
      
      generate, upon violation of one or more fraud policies, an elevated authentication request or a termination of access to a gateway and the service.
  - 23. The non-transitory computer-readable storage medium of claim 13, wherein the service includes an e-mail service, a trading service, a payment processing service, a customer relationship management service, an inventory system service, a business intelligence service, a healthcare service, a student information service, or a reservation service.
  - 24. The non-transitory computer-readable storage medium of claim 13, wherein the service includes a secure service or a service containing sensitive information.

25. A system comprising:
- a processor;
  
  a communication port to receive an authentication request from a remote user device to access a service provided by an enterprise,wherein the authentication request originates from an application managed by the enterprise and which runs on the remote user device, and wherein the authentication request comprises a password, an identifier of the remote user device, an application family, and a type of the device;
  
  a framework authentication system, controlled by the processor, to generate a framework authentication token using the received password, identifier of the remote user device, application family, and type of device, and a security policy based on the service provided by the enterprise that the remote user device is requesting to access, wherein the framework authentication system uses the communication port to transmit the framework authentication token and the security policy to the remote user device, wherein the remote user device ensures compliance with the security policy before generating a connection request to connect to the service; and
  
  a service authenticator to determine, upon receiving the connection request based on the framework authentication token and the secure policy, if the remote user device is authorized to access the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synchronoss Technologies Incorporated
Original Assignee
SNCR, LLC
Inventors
Faltyn, Daniel, Smith, Andrew J. R.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BELL, KALISH K

Application Number

US13/854,837
Publication Number

US 20130263212A1
Time in Patent Office

1,408 Days
Field of Search

726 1- 3, 726/27, 709/203, 709/225, 709/229
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Secure mobile framework

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile framework

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links