[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20140181842A1 - Secure mobile app connection bus - Google Patents

Secure mobile app connection bus Download PDF

Info

Publication number
US20140181842A1
US20140181842A1 US14/137,845 US201314137845A US2014181842A1 US 20140181842 A1 US20140181842 A1 US 20140181842A1 US 201314137845 A US201314137845 A US 201314137845A US 2014181842 A1 US2014181842 A1 US 2014181842A1
Authority
US
United States
Prior art keywords
app
application
apps
url
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/137,845
Inventor
ManSu Kim
Joshua Sirota
Suresh Kumar Batchu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ivanti Inc
Original Assignee
MobileIron Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MobileIron Inc filed Critical MobileIron Inc
Priority to US14/137,845 priority Critical patent/US20140181842A1/en
Assigned to MOBILE IRON, INC. reassignment MOBILE IRON, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BATCHU, SURESH KUMAR, KIM, MANSU, SIROTA, Joshua
Publication of US20140181842A1 publication Critical patent/US20140181842A1/en
Assigned to IVANTI, INC. reassignment IVANTI, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MobileIron, Inc.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications

Definitions

  • FIG. 1 is a table including applications according to various embodiments.
  • FIG. 2 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • FIG. 3 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • Techniques described herein help the management server and management agent to have a two-way secure application command bus to manage apps (configurations and policies) on mobile devices while keeping the user experience intact.
  • an AppConnect bus is provided in mobile devices, which may be used to send command/information securely between managed apps and a trusted management agent running on the mobile device.
  • VSP stands for Virtual Smartphone Platform by Mobilelron. All managed mobile devices' configuration, policies and apps are managed from here. Mobilelron clients connect to VSP on a periodic basis to update the device status as well as get the new configuration and policies.
  • Sentry is a reverse proxy for enterprise app traffic between mobile devices and the enterprise backend servers.
  • FIG. 1 is a table including applications according to various embodiments.
  • FIG. 2 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • VSP compile this information with parameters specific to user/devices (for example, change $USER_ID$ to actual user id for login, or issuing identity certificate for user/device).
  • VSP will push Compiled and encrypted configuration to management agent (It can be standalone apps on mobile device or agent module part of enterprise apps.) This configuration is decrypted by each target app with proper decryption keys.
  • Management Agent will push received AppConnect configuration to device specific AppConnect Bus with timestamps and checksums.
  • an embedded AppConnect library reads the latest configuration and applies a new configuration if there are changes.
  • the AppConnect library is embedded in the application code of the app, e.g., the app developer embeds the library in the app using a software development kit (SDK) or other tool, or subsequent to app development by the original developer the app is “wrapped” or otherwise modified by adding or changing app code to embed the library.
  • the new configuration if any, may include a new configuration data and/or policy for the app.
  • the configuration may affect or control how the app should work, for example, or a policy may govern how the app should or may behave.
  • An example of policy includes, without limitation, whether the app is permitted to perform copy/paste operations, is it allowed to print, etc.
  • Examples of configuration include, without limitation, which server the app should connect to, etc.
  • Management Agent will read the result. If local policy enforcement is enabled, Management Agent can push predefined configuration to AppConnect bus if local policy condition met.
  • Management agent will update result to VSP.
  • VSP analyzes the result and if it does meet quarantine policy requirement the VSP can send a command to Sentry to quarantine the device. Also this quarantine command will be sent to the device.
  • the device may be configured to perform an action in response to the command, such as wipe all or only enterprise data, not all the use of enterprise apps, etc.
  • VSP will update result to each app configuration and app policies.
  • FIG. 3 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • AppConnect Bus communication bus in devices which send/receive information between applications securely. Depends on device OS and capability, AppConnect Bus can be implemented in different ways depending on the requirements, capabilities, and limitations of the OS.
  • Application configuration Each application requires certain configuration/setting to operate. For example:
  • Information Description Server Server name or IP address to access data information User Identity User name with password or User or device certificate to information identify it to server
  • Application Policies want to force application management policy to application depends on enterprise policy, location, device security state, other application install state or user's group changes.
  • Storage access Block access to device's storage SD, Flash, Photo
  • control PIM access Block access to device Email, Calendar, Contacts or allow to limited control to certain email account, calendar or contacts. For example, only allow to company email, calendar or contacts instead of personal.
  • Sharing device Sharing device, user or list of installed application with apps to allow application add functions based on this information.
  • Application Firewall Application is not build to identify security of it's connected Wi-Fi networks or even it's identity and security of it's connected server. Application Firewall will validate and protect application from receiving untrusted party's data.
  • firewall rules For example firewall rules:
  • Server certificate will be Server validated before allow connection certificate validation Allowed only allow made connection to allowed network network Augmented
  • application Address firewall can use secure DNS server which provide lookup additional security with authentic address information. (for example, opendns) or using host file pushed by management server Content Client side only inspection or Server assisted content inspection inspection to remove any malicious content
  • Enterprise authentication Before allowing access to enterprise command bus (i.e., AppConnect bus), User has to authenticate identity.
  • enterprise command bus i.e., AppConnect bus
  • User ID with Password or preconfigured PIN, onetime password, NFC, 2D Barcode can be used to identify user, for example upon opening a protected app.
  • this pasteboard is used as a place to exchange the AppConnect (secure app connection bus) information/data between apps as disclosed herein.
  • AppConnect secure app connection bus
  • Applications can register their URL scheme with the OS so that either OS or other apps can reference/invoke the app.
  • an application “ABC” can register the URL scheme “abc://” so that anytime OS or other apps need to invoke “ABC” they can call it by the URL “abc://”.
  • OS will look up and see who registered for that URL and call that app.
  • Any data that want to exchange between the apps then we can have the apps register their URLs and the management app can pass the data to those apps using URL mechanism. For example management want to pass the data “12345” to app “ABC” then it can call the URL “abc://12345” and when that app ABC receives the URL it will parse the URL and take the content “12345” for its use.
  • OS provides a common place to store the certificates for the apps to use.
  • that certificate store is used to exchange information between apps.
  • the information is secured such that only the intended recipient app(s) can understand the encrypted message in the keychain.
  • Each app can register for certain file type and that will help management app to put all the enterprise data in an encrypted file and when it tries to open the file the intended app will get called. (for more information http://msdn.microsoft.com/en-us/library/windows/apps/hh464906.aspx)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A secure mobile app connection bus is disclosed. An application URL scheme may be registered with an operating system. Encrypted data may be passed from a management agent to an application using a URL call associated with the application URL scheme. A source of the URL call may be validated.

Description

    CROSS REFERENCE TO OTHER APPLICATIONS
  • This application claims priority to U.S. Provisional Patent Application No. 61/745,052 entitled SECURE MOBILE APP CONNECTION BUS filed Dec. 21, 2012 which is incorporated herein by reference for all purposes.
    • BACKGROUND OF THE INVENTION
  • Today enterprise users on mobile devices, which may belong to the user or be owned by the enterprise, use apps developed by enterprise in-house developers, or apps from trusted app store or untrusted 3rd party app stores. Each app may have its own way of managing its configuration, policy and data. This makes it difficult for enterprises to manage and enforce apps configuration and policies while securing app data consistently across all apps.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a table including applications according to various embodiments.
  • FIG. 2 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • FIG. 3 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
    •  DETAILED DESCRIPTION
  • Techniques described herein help the management server and management agent to have a two-way secure application command bus to manage apps (configurations and policies) on mobile devices while keeping the user experience intact.
  • In various embodiments, an AppConnect bus is provided in mobile devices, which may be used to send command/information securely between managed apps and a trusted management agent running on the mobile device.
  • Detailed flow of the solution as implemented in some embodiments is described below:
  • VSP stands for Virtual Smartphone Platform by Mobilelron. All managed mobile devices' configuration, policies and apps are managed from here. Mobilelron clients connect to VSP on a periodic basis to update the device status as well as get the new configuration and policies.
  • Sentry is a reverse proxy for enterprise app traffic between mobile devices and the enterprise backend servers.
  • FIG. 1 is a table including applications according to various embodiments.
  • FIG. 2 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • (1) User creates application policies and configuration on VSP. VSP compile this information with parameters specific to user/devices (for example, change $USER_ID$ to actual user id for login, or issuing identity certificate for user/device).
  • (2) VSP will push Compiled and encrypted configuration to management agent (It can be standalone apps on mobile device or agent module part of enterprise apps.) This configuration is decrypted by each target app with proper decryption keys.
  • (3) Management Agent will push received AppConnect configuration to device specific AppConnect Bus with timestamps and checksums.
  • (4) When each app launches for the first time or becomes foreground, an embedded AppConnect library reads the latest configuration and applies a new configuration if there are changes. In some embodiments, the AppConnect library is embedded in the application code of the app, e.g., the app developer embeds the library in the app using a software development kit (SDK) or other tool, or subsequent to app development by the original developer the app is “wrapped” or otherwise modified by adding or changing app code to embed the library. In some embodiments, the new configuration, if any, may include a new configuration data and/or policy for the app. The configuration may affect or control how the app should work, for example, or a policy may govern how the app should or may behave. An example of policy includes, without limitation, whether the app is permitted to perform copy/paste operations, is it allowed to print, etc. Examples of configuration include, without limitation, which server the app should connect to, etc.
  • (5) Each app which applies the changes will update AppConnect bus with result.
  • (6) Management Agent will read the result. If local policy enforcement is enabled, Management Agent can push predefined configuration to AppConnect bus if local policy condition met.
  • (7) Management agent will update result to VSP.
  • (8) VSP analyzes the result and if it does meet quarantine policy requirement the VSP can send a command to Sentry to quarantine the device. Also this quarantine command will be sent to the device. In some embodiments, the device may be configured to perform an action in response to the command, such as wipe all or only enterprise data, not all the use of enterprise apps, etc.
  • (9) VSP will update result to each app configuration and app policies.
  • FIG. 3 is block diagram illustrating embodiments of a system including a secure mobile app connection bus.
  • AppConnect Bus: communication bus in devices which send/receive information between applications securely. Depends on device OS and capability, AppConnect Bus can be implemented in different ways depending on the requirements, capabilities, and limitations of the OS.
  • For example:
  • OS Description
    iOS Application pasteboard with security with encryption
    Registered URL scheme with encrypted payload with source validation
    Shared keychain with injected keychain-access-groups -
    Validated Protocols/URL Scheme: Validating Installed application with
    application's URL scheme, make sure trusted app holds protocols/URL schemes
    required. For example, before install apps, which require URL scheme
    ‘ironvault://’, check it whether it exist on the device.
    Android Certificate based Authenticated intention with encryption
    Windows Shared Certificate store and share protocol registration/file types
    Phone
  • Secure Information sharing between apps: Application naturally shares information with other apps like photo, text, URLS. For security, this information will be encrypted and only distributed to allowed apps using AppConnect Bus.
  • For example:
  • Category Description
    Copy and Paste Secure pasteboard which will encrypt content and
    allowed to share between trusted apps
    File Exchange When a trusted app tries to share a file, it will be shared
    only between trusted apps.
  • The following are examples, without limitation, of configurations, settings, and/or policies that may be communicated and set via the AppConnect bus in some embodiments:
  • Application configuration: Each application requires certain configuration/setting to operate. For example:
  • Information Description
    Server Server name or IP address to access data
    information
    User Identity User name with password or User or device certificate to
    information identify it to server
  • Application Policies: Management system want to force application management policy to application depends on enterprise policy, location, device security state, other application install state or user's group changes.
  • For example:
  • Policy Description
    Hardware Block access by this app to Device's Camera, Bluetooth, NFC, USB,
    control other resources (set by user, group, app, time, location, etc.)
    Storage access Block access to device's storage (SD, Flash, Photo)
    control
    PIM access Block access to device Email, Calendar, Contacts or allow to limited
    control to certain email account, calendar or contacts. For example, only allow
    to company email, calendar or contacts instead of personal.
    Access control Block access to app from system services like AirPrint, Share Email,
    to system Share with other apps
    service
  • Information sharing: Sharing device, user or list of installed application with apps to allow application add functions based on this information.
  • Information Description
    Device Management ID, MAC address, IMEI or other management
    Information token
    Enterprise Enterprise Emergency information
    Information
    Installed Installed Application list with capability (open-in
    applications documents, secure copy paste support etcs)
  • Application Actions: When Enterprise administrator want to send command to application, it will be send to application via command bus.
  • For example:
  • Command Action
    Wipe Wipe Application data and make it first installation state
    (option. Zero-out bytes before detele)
    Remote Enterprise access will be lock until user unlock. While locked
    Lock state any trusted apps's data will not able to accessed by apps.
  • Application Firewall: Application is not build to identify security of it's connected Wi-Fi networks or even it's identity and security of it's connected server. Application Firewall will validate and protect application from receiving untrusted party's data.
  • For example firewall rules:
  • Command Action
    Enforced For each SSL/TLS connections, Server certificate will be
    Server validated before allow connection
    certificate
    validation
    Allowed only allow made connection to allowed network
    network
    Augmented Instead of relying system's DNS server, application
    Address firewall can use secure DNS server which provide
    lookup additional security with authentic address information.
    (for example, opendns) or using host file pushed by
    management server
    Content Client side only inspection or Server assisted content
    inspection inspection to remove any malicious content
  • Enterprise authentication: Before allowing access to enterprise command bus (i.e., AppConnect bus), User has to authenticate identity.
  • For example, User ID with Password or preconfigured PIN, onetime password, NFC, 2D Barcode can be used to identify user, for example upon opening a protected app.
    • EXAMPLES
  • The following examples illustrative aspects of techniques disclosed herein:
  • 1. Application Pasteboard with Security with Encryption
  • a. There is a common application paste board that is available in iOS. Applications can use them for exchange of data within or between applications (for more information read https://developer.apple.com/library/ios/#documentation/general/conceptual/Devpedia-CocoaApp/Pasteboard.html). In some embodiments, this pasteboard is used as a place to exchange the AppConnect (secure app connection bus) information/data between apps as disclosed herein. For example a management agent running on the mobile device will download the configuration or policy from the mobile device management server, and put that data on the pasteboard for recipient app to pick up that data.
  • 2. Registered URL Scheme with Encrypted Payload with Source Validation
  • a. Applications can register their URL scheme with the OS so that either OS or other apps can reference/invoke the app. For example an application “ABC” can register the URL scheme “abc://” so that anytime OS or other apps need to invoke “ABC” they can call it by the URL “abc://”. OS will look up and see who registered for that URL and call that app. Any data that want to exchange between the apps then we can have the apps register their URLs and the management app can pass the data to those apps using URL mechanism. For example management want to pass the data “12345” to app “ABC” then it can call the URL “abc://12345” and when that app ABC receives the URL it will parse the URL and take the content “12345” for its use.
  • 3. Shared Keychain with Injected Keychain-Access-Groups
  • a. OS provides a common place to store the certificates for the apps to use. In some embodiments, that certificate store is used to exchange information between apps. The information is secured such that only the intended recipient app(s) can understand the encrypted message in the keychain.
  • 4. Certificate Based Authenticated Intention with Encryption
  • a. In Android there are intents that can be used to communicate between apps. (more info can be found here
  • https://developer.android.com/reference/android/content/Intent.html). We can encrypt the payload of the intent so that only intended recipient app(s) can understand the payload
  • 5. Shared Certificate Store and Share Protocol Registration/File Types
  • a. Shared certificate store is similar to what I have explained above.
  • b. Shared protocol registration/file types
  • i. Each app can register for certain file type and that will help management app to put all the enterprise data in an encrypted file and when it tries to open the file the intended app will get called. (for more information http://msdn.microsoft.com/en-us/library/windows/apps/hh464906.aspx)

Claims (1)

What is claimed is:
1. A method, comprising:
registering an application URL scheme with an operating system;
passing encrypted data from a management agent to an application using a URL call associated with the application URL scheme; and
validating a source of the URL call.
US14/137,845 2012-12-21 2013-12-20 Secure mobile app connection bus Abandoned US20140181842A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/137,845 US20140181842A1 (en) 2012-12-21 2013-12-20 Secure mobile app connection bus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201261745052P 2012-12-21 2012-12-21
US14/137,845 US20140181842A1 (en) 2012-12-21 2013-12-20 Secure mobile app connection bus

Publications (1)

Publication Number Publication Date
US20140181842A1 true US20140181842A1 (en) 2014-06-26

Family

ID=50976128

Family Applications (3)

Application Number Title Priority Date Filing Date
US14/137,845 Abandoned US20140181842A1 (en) 2012-12-21 2013-12-20 Secure mobile app connection bus
US14/137,745 Active US9059974B2 (en) 2012-12-21 2013-12-20 Secure mobile app connection bus
US14/690,311 Active US9537835B2 (en) 2012-12-21 2015-04-17 Secure mobile app connection bus

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/137,745 Active US9059974B2 (en) 2012-12-21 2013-12-20 Secure mobile app connection bus
US14/690,311 Active US9537835B2 (en) 2012-12-21 2015-04-17 Secure mobile app connection bus

Country Status (4)

Country Link
US (3) US20140181842A1 (en)
EP (1) EP2936733B1 (en)
CN (1) CN105027493B (en)
WO (1) WO2014100756A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141444B2 (en) * 2013-07-31 2015-09-22 Vmware, Inc. Inter-application communication on mobile platforms
CN106254522A (en) * 2016-09-07 2016-12-21 努比亚技术有限公司 A kind of based terminal system, method and terminal
CN106528304A (en) * 2016-10-31 2017-03-22 努比亚技术有限公司 Shared adapter, configuration method and calling method and device thereof and mobile terminal
WO2017173162A1 (en) * 2016-03-31 2017-10-05 Dexcom, Inc. Systems and methods for inter-app communications
US11389090B2 (en) 2018-12-19 2022-07-19 Dexcom, Inc. Intermittent monitoring
US20220365666A1 (en) * 2021-05-17 2022-11-17 Apple Inc. Devices, Methods, and Graphical User Interfaces for Automatically Providing Shared Content to Applications
US11875016B2 (en) 2021-05-17 2024-01-16 Apple Inc. Devices, methods, and graphical user interfaces for displaying media items shared from distinct applications
US12093521B2 (en) 2021-05-17 2024-09-17 Apple Inc. Devices, methods, and graphical user interfaces for automatically providing shared content to applications

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US20150074825A1 (en) * 2012-04-20 2015-03-12 Jonathan Blake System and method for controlling privacy settings of user interface with internet applications
WO2014117094A2 (en) * 2013-01-25 2014-07-31 Innopath Software, Inc. Device management service
US9015328B2 (en) * 2013-03-07 2015-04-21 Fiserv, Inc. Single sign-on processing for associated mobile applications
KR102015108B1 (en) * 2013-03-12 2019-10-22 한국전자통신연구원 Method and user device and web server for providing using cache into browser among heterogeneous service
EP2974125B1 (en) * 2013-03-14 2019-04-24 Intel Corporation Systems, methods, and computer program products for providing a universal persistence cloud service
US9535681B2 (en) 2013-03-15 2017-01-03 Qualcomm Incorporated Validating availability of firmware updates for client devices
US9225742B2 (en) * 2014-03-24 2015-12-29 Airwatch Llc Managed real-time communications between user devices
US9729520B2 (en) * 2014-05-05 2017-08-08 Citrix Systems, Inc. Facilitating communication between mobile applications
US9548976B2 (en) * 2014-05-06 2017-01-17 Okta, Inc. Facilitating single sign-on to software applications
US9674699B2 (en) * 2014-08-15 2017-06-06 Sap Se System and methods for secure communication in mobile devices
US9419799B1 (en) * 2014-08-22 2016-08-16 Emc Corporation System and method to provide secure credential
US9100390B1 (en) 2014-09-05 2015-08-04 Openpeak Inc. Method and system for enrolling and authenticating computing devices for data usage accounting
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
US9485615B2 (en) 2014-09-26 2016-11-01 At&T Intellectual Property I, L.P. Local peer-to-peer network for providing recommendations and enforcing security policies
US10103872B2 (en) * 2014-09-26 2018-10-16 Intel Corporation Securing audio communications
WO2016112338A1 (en) * 2015-01-08 2016-07-14 Intertrust Technologies Corporation Cryptographic systems and methods
WO2016128015A1 (en) * 2015-02-09 2016-08-18 Telefonaktiebolaget Lm Ericsson (Publ) A system for improved traffic handling in a network
US11115814B2 (en) * 2015-06-29 2021-09-07 Here Global B.V. Use of encryption to provide positioning support services
US10477392B2 (en) * 2015-06-29 2019-11-12 Here Global B.V. Supporting a versioning of parameters
US11424931B2 (en) * 2016-01-27 2022-08-23 Blackberry Limited Trusted execution environment
US10754929B2 (en) * 2016-02-19 2020-08-25 Blackberry Limited Sharing contents between applications
US10075583B2 (en) 2016-04-13 2018-09-11 Microsoft Technology Licensing, Llc Suppressing indications of incoming communications in user interfaces
US10579238B2 (en) 2016-05-13 2020-03-03 Sap Se Flexible screen layout across multiple platforms
US10353534B2 (en) 2016-05-13 2019-07-16 Sap Se Overview page in multi application user interface
CN106101072A (en) * 2016-05-30 2016-11-09 上海小蚁科技有限公司 For transmitting the system and method for video data on network
US10070316B2 (en) 2016-06-16 2018-09-04 Samsung Electronics Co., Ltd. Permission delegation framework
US9977898B1 (en) * 2016-10-31 2018-05-22 International Business Machines Corporation Identification and recovery of vulnerable containers
CN106569880B (en) * 2016-11-07 2020-12-22 Tcl科技集团股份有限公司 Method and system for dynamically sharing resources between Android applications
US11238505B2 (en) 2017-03-01 2022-02-01 International Business Machines Corporation Model trading in a device
CN107154932A (en) * 2017-04-07 2017-09-12 北京深思数盾科技股份有限公司 The access control method and device of a kind of application
CN107608798A (en) * 2017-08-04 2018-01-19 阿里巴巴集团控股有限公司 A kind of method for processing business and equipment
US10470040B2 (en) 2017-08-27 2019-11-05 Okta, Inc. Secure single sign-on to software applications
US11108556B2 (en) * 2018-06-08 2021-08-31 Vmware, Inc. Unmanaged secure inter-application data communications
US11228563B2 (en) * 2018-12-18 2022-01-18 Citrix Systems, Inc. Providing micro firewall logic to a mobile application
US11586750B2 (en) 2019-03-21 2023-02-21 Blackberry Limited Managing access to protected data file content
CN110083465B (en) * 2019-04-26 2021-08-17 上海连尚网络科技有限公司 Data transmission method between boarded applications
US11017064B2 (en) 2019-05-14 2021-05-25 Bank Of America Corporation Authentication using interprogram communication
US11640482B2 (en) * 2020-06-02 2023-05-02 The Toronto-Dominion Bank System and method for providing trusted links between applications
US20220318438A1 (en) * 2021-04-06 2022-10-06 Comcast Cable Communications, Llc Systems and methods for data security on a mobile device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130275560A1 (en) * 2012-04-12 2013-10-17 Absolute Software Corporation Configuration of third party applications in a sandboxed environment
US20140068593A1 (en) * 2012-08-31 2014-03-06 Jpmorgan Chase Bank, N.A. System and Method for Sharing Information in a Private Ecosystem

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ535126A (en) 2001-05-14 2005-09-30 Ntt Docomo Inc System for managing program stored in storage unit of mobile terminal
WO2002096151A1 (en) 2001-05-22 2002-11-28 Flarion Technologies, Inc. Authentication system for mobile entities
KR100520116B1 (en) * 2003-05-16 2005-10-10 삼성전자주식회사 A method for discributing the key to mutual nodes to code a key on mobile ad-hoc network and network device using thereof
WO2005125072A2 (en) * 2004-06-22 2005-12-29 Nds Limited Digital rights management system
US20090100264A1 (en) 2006-04-28 2009-04-16 Yuichi Futa Communication device and communication system
ATE508551T1 (en) 2006-05-16 2011-05-15 Sap Ag CONTEXT SENSITIVITY BASED CRYPTOGRAPHY
JP4224084B2 (en) * 2006-06-26 2009-02-12 株式会社東芝 COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL PROGRAM
US7917963B2 (en) * 2006-08-09 2011-03-29 Antenna Vaultus, Inc. System for providing mobile data security
US8458775B2 (en) * 2006-08-11 2013-06-04 Microsoft Corporation Multiuser web service sign-in client side components
US8837724B2 (en) 2007-03-27 2014-09-16 Qualcomm Incorporated Synchronization test for device authentication
US9280769B2 (en) * 2008-05-14 2016-03-08 Visa Cape Town (Pty) Ltd. Mobile commerce payment system
EP2353269A1 (en) * 2008-11-07 2011-08-10 Mobile TAG Method for accessing a plurality of services by a mobile terminal user, and related secure device
KR100928467B1 (en) * 2009-02-02 2009-11-25 주식회사 파수닷컴 Clipboard security system and method thereof
US20100306076A1 (en) * 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
US20110154015A1 (en) * 2009-12-21 2011-06-23 Tareq Mahmud Rahman Method For Segmenting A Data File, Storing The File In A Separate Location, And Recreating The File
US20110179268A1 (en) 2010-01-20 2011-07-21 Microsoft Corporation Protecting applications with key and usage policy
TW201201041A (en) * 2010-06-21 2012-01-01 Zhe-Yang Zhou Data security method and system
US20120066767A1 (en) * 2010-09-13 2012-03-15 Nokia Corporation Method and apparatus for providing communication with a service using a recipient identifier
US9501628B2 (en) * 2010-09-22 2016-11-22 International Business Machines Corporation Generating a distrubition package having an access control execution program for implementing an access control mechanism and loading unit for a client
US8621168B2 (en) * 2010-12-17 2013-12-31 Google Inc. Partitioning the namespace of a contactless smart card
US8327006B2 (en) * 2011-02-24 2012-12-04 Jibe Mobile Endpoint device and article of manufacture for application to application communication over a network
US20120302212A1 (en) * 2011-05-25 2012-11-29 Critical Medical Solutions, Inc. Secure mobile radiology communication system
US20120303310A1 (en) * 2011-05-26 2012-11-29 First Data Corporation Systems and Methods for Providing Test Keys to Mobile Devices
US8695060B2 (en) * 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US20140032733A1 (en) 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
EP2600275A1 (en) * 2011-12-02 2013-06-05 Nxp B.V. Method for accessing a secure storage, secure storage and system comprising the secure storage
US8607043B2 (en) * 2012-01-30 2013-12-10 Cellco Partnership Use of application identifier and encrypted password for application service access
US9405723B2 (en) * 2012-05-02 2016-08-02 Kony, Inc. Mobile application management systems and methods thereof
US9087191B2 (en) 2012-08-24 2015-07-21 Vmware, Inc. Method and system for facilitating isolated workspace for applications
US9286477B2 (en) 2012-08-29 2016-03-15 Symantec Corporation Secure app ecosystem with key and data exchange according to enterprise information control policy

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130275560A1 (en) * 2012-04-12 2013-10-17 Absolute Software Corporation Configuration of third party applications in a sandboxed environment
US20140068593A1 (en) * 2012-08-31 2014-03-06 Jpmorgan Chase Bank, N.A. System and Method for Sharing Information in a Private Ecosystem

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141444B2 (en) * 2013-07-31 2015-09-22 Vmware, Inc. Inter-application communication on mobile platforms
US11826549B2 (en) 2016-03-31 2023-11-28 Dexcom, Inc. Methods for providing an alert or an alarm to a user of a mobile communications device
US11969578B2 (en) 2016-03-31 2024-04-30 Dexcom, Inc. Methods for providing an alert or an alarm to a user of a mobile communications device
WO2017173162A1 (en) * 2016-03-31 2017-10-05 Dexcom, Inc. Systems and methods for inter-app communications
US10596318B2 (en) 2016-03-31 2020-03-24 Dexcom, Inc. Systems and methods for inter-app communications
US10980941B2 (en) 2016-03-31 2021-04-20 Dexcom, Inc. Methods for providing an alert or an alarm to a user of a mobile communications device
US12064601B2 (en) 2016-03-31 2024-08-20 Dexcom, Inc. Methods for providing an alert or an alarm to a user of a mobile communications device
CN106254522A (en) * 2016-09-07 2016-12-21 努比亚技术有限公司 A kind of based terminal system, method and terminal
CN106528304A (en) * 2016-10-31 2017-03-22 努比亚技术有限公司 Shared adapter, configuration method and calling method and device thereof and mobile terminal
US11998322B2 (en) 2018-12-19 2024-06-04 Dexcom, Inc. Intermittent monitoring
US12016685B2 (en) 2018-12-19 2024-06-25 Dexcom, Inc. Intermittent monitoring
US11389090B2 (en) 2018-12-19 2022-07-19 Dexcom, Inc. Intermittent monitoring
US11875016B2 (en) 2021-05-17 2024-01-16 Apple Inc. Devices, methods, and graphical user interfaces for displaying media items shared from distinct applications
US20220365666A1 (en) * 2021-05-17 2022-11-17 Apple Inc. Devices, Methods, and Graphical User Interfaces for Automatically Providing Shared Content to Applications
US11941237B2 (en) * 2021-05-17 2024-03-26 Apple Inc. Devices, methods, and graphical user interfaces for automatically providing shared content to applications
US12093521B2 (en) 2021-05-17 2024-09-17 Apple Inc. Devices, methods, and graphical user interfaces for automatically providing shared content to applications

Also Published As

Publication number Publication date
EP2936733A4 (en) 2016-10-19
WO2014100756A1 (en) 2014-06-26
US9537835B2 (en) 2017-01-03
US20150319143A1 (en) 2015-11-05
US9059974B2 (en) 2015-06-16
EP2936733A1 (en) 2015-10-28
EP2936733B1 (en) 2018-08-22
US20140181518A1 (en) 2014-06-26
CN105027493A (en) 2015-11-04
CN105027493B (en) 2018-09-07

Similar Documents

Publication Publication Date Title
US20140181842A1 (en) Secure mobile app connection bus
US11949656B2 (en) Network traffic inspection
US10958662B1 (en) Access proxy platform
CN109155780B (en) Device authentication based on tunnel client network request
JP6609086B1 (en) Implementing non-intrusive security for federated single sign-on (SSO)
US9866382B2 (en) Secure app-to-app communication
CN102047262B (en) Authentication for distributed secure content management system
CA2912608C (en) Selectively performing man in the middle decryption
JP5021215B2 (en) Reliable third-party authentication for web services
US9210128B2 (en) Filtering of applications for access to an enterprise network
JP2023514736A (en) Method and system for secure communication
US10178127B2 (en) Secured mobile communications device
US20160261576A1 (en) Method, an apparatus, a computer program product and a server for secure access to an information management system
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
US20180332003A1 (en) Certificate pinning by a tunnel endpoint
Echeverria et al. Authentication and authorization for IoT devices in disadvantaged environments
Haddon Zero trust networks, the concepts, the strategies, and the reality
Manzoor Securing device connectivity in the industrial internet of things (IoT)
CA3102920A1 (en) A secure method to replicate on-premise secrets in a computing environment
Walsh et al. Intra-cloud and inter-cloud authentication
US20230054201A1 (en) Edge-based enterprise network security appliance and system
Äyräs Authenticating MQTT messages using JWT: creating a PKI
Evavold et al. Creating a Secure Connected Vehicle
Real et al. Designing an open source IoT Hub: bridging interoperability and security gaps with MQTT and your Android device

Legal Events

Date Code Title Description
AS Assignment

Owner name: MOBILE IRON, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIM, MANSU;SIROTA, JOSHUA;BATCHU, SURESH KUMAR;REEL/FRAME:032360/0134

Effective date: 20140128

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: IVANTI, INC., UTAH

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOBILEIRON, INC.;REEL/FRAME:061327/0751

Effective date: 20220801