EP1547303A1 - Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite - Google Patents

Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite

Info

Publication number
EP1547303A1
EP1547303A1 EP03797914A EP03797914A EP1547303A1 EP 1547303 A1 EP1547303 A1 EP 1547303A1 EP 03797914 A EP03797914 A EP 03797914A EP 03797914 A EP03797914 A EP 03797914A EP 1547303 A1 EP1547303 A1 EP 1547303A1
Authority
EP
European Patent Office
Prior art keywords
computing device
mobile computing
policy
server
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP03797914A
Other languages
German (de)
English (en)
Other versions
EP1547303A4 (fr
Inventor
Dwayne R. Mann
Robert W. Heard
Christopher D. Burchett
Ian R. Gordon
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Credant Technologies Inc
Original Assignee
Credant Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/252,212 external-priority patent/US7665118B2/en
Priority claimed from US10/252,225 external-priority patent/US7437752B2/en
Priority claimed from US10/252,211 external-priority patent/US7665125B2/en
Priority claimed from US10/252,213 external-priority patent/US20060190984A1/en
Application filed by Credant Technologies Inc filed Critical Credant Technologies Inc
Publication of EP1547303A1 publication Critical patent/EP1547303A1/fr
Publication of EP1547303A4 publication Critical patent/EP1547303A4/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • the present application relates to systems and methods of distributing and enforcing security policies.
  • PDAs personal digital assistants
  • These devices are increasing in diversity and capability as well as number.
  • These devices offer a unique blend of lightweight mobility, convenience and functionality providing an instant-on access to information such as email, calendar, address book and other documents.
  • Many enterprises are developing or have deployed special applications for mobile devices that transform the platform into a mission critical tool and repository for sensitive corporate data.
  • Mobile devices provide an "open door” into the enterprise, especially if lost or stolen.
  • a variety of sensitive information may reside on these devices including passwords and access codes for most corporate databases, network files and applications.
  • These pocket-size devices have become the "password sticky note" of the 21 st century.
  • these devices can enter and exit numerous unknown and ad hoc networks in a single day.
  • corporate data is especially exposed to unauthorized access.
  • IT departments do not know how many non-company issued devices are currently being used by employees. They have no tools to restrict these devices from accessing corporate data. Simply put, current IT departments are not equipped to respond to the emerging computing standard of the mobile device.
  • a server module deployed on a server that is connected to a wireless network access node includes a database containing user information for multiple wireless devices. Each element in the database is attributable to at least one authorized wireless device and contains at least one type of data file from the following group: (i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information.
  • a computer memory in another embodiment, includes a plurality of operating keys for use in connection with security features of a mobile computing device and a root key.
  • the root key is to encrypt the plurality of operating keys.
  • a method of enforcing security policies at a mobile computing device includes receiving a policy at the mobile computing device and enforcing the policy at the mobile computing device by disallowing a user of the mobile computing device from engaging in the use precluded by the use limitation.
  • the policy includes at least one device use limitation.
  • a security method in another embodiment, includes receiving a password from a user of a mobile computing device; deriving a security code from the password by applying a non-linear function; and encrypting the security code using the password as an encryption key.
  • a method of selectively providing a mobile computing device with access to a software application on a server includes receiving a request to access the software application from the mobile computing device and determining whether to grant access to the software application by checking whether the mobile computing device has an installed security program.
  • a method of updating policies and key materials includes providing a shared encryption key that is shared by a server and a client module; encrypting data on the client using the shared encryption key; authenticating a user of a mobile computing device by receiving a password, where the client is resident at the mobile computing device; decrypting the shared key using the password; using the shared key to decrypt updated policies and key materials; and replacing policies and key materials at the mobile computing device with the updated and decrypted policies and key materials.
  • FIG. 1 is a block diagram of an embodiment of a system for use in providing security policy distribution and mobile device management.
  • FIG. 2 is a block diagram of an embodiment of a server within the system of FIG. 1.
  • FIG. 3 is a general diagram that illustrates software layers within the server of FIG.
  • FIG. 4 is an illustrative screen shot of an administrative user interface for use with the server of FIG. 2.
  • FIG. 5 is a block diagram that illustrates functional elements within the gatekeeper of FIG. 1.
  • FIG. 6 is block diagram that illustrates elements within the shield application of the system of FIG. 1.
  • FIG. 7 is a flow chart that illustrates installation of the shield security application onto mobile devices.
  • FIG. 8 is a flow chart that illustrates a method of updating policy information and distributing the updated policy information to a mobile device.
  • FIG. 9 is a flow chart that illustrates another method of updating policy information and distributing the updated policy information to a mobile device.
  • FIG. 10 is a diagram that illustrates key materials and specific key field formats for use with encryption of policy information.
  • the system 100 includes a server 102, a gatekeeper 104, and a client device module 106.
  • the client device module 106 that is used to provide security functionality is also referred to as a shield.
  • the system 100 is a comprehensive enterprise security management software platform for diverse mobile operating systems, applications and devices.
  • the system 100 enables an organization to secure and manage mobile devices easily and cost effectively.
  • the server 102 integrates with existing security policy management systems and allows administrators to centrally create new mobile security policies by extending existing security policies and to distribute them to a diverse population of mobile devices.
  • the server 102 and gatekeeper 104 work together to automatically and securely push these security policies to a specified mobile device.
  • the shield 106 is a trusted computing environment on the mobile device that enacts and enforces the distributed security policies, controls access to the mobile device, and provides data security.
  • the server 102 may be implemented as a web-based application server that provides central creation and management of mobile security policies.
  • the server 102 is preferably implemented with portability, scalability and maintainability in mind using industry standards such as Java, XML and other advanced web technologies.
  • an administrative interface to the server 102 is provided through a secure browser interface allowing the simple delegation of responsibilities and access by any workstation or PC on a local network connected to the server 102.
  • a consolidated LDAP directory (CLD) technique may be used to integrate the server 102 with existing enterprise security infrastructure, such as an existing identity database 108.
  • existing policy and identity management systems are integrated through a real-time interface to directory resources.
  • a layer in the server 102 provides a consolidated view of the external LDAP services and extends these services through policy inheritance and overriding.
  • existing identity directories such as directory 108, can be used without copying data and without changing the data schemas of the existing enterprise security systems.
  • the data passed to the gatekeeper 104 and subsequent mobile devices 106 is derived from security role and is protected through a combination of secure socket layer (SSL) and data encryption.
  • SSL secure socket layer
  • Mobile security policies are formed using the administration interface 110, which is coupled to the server 102 via interface 112, to set and extend policies in a consolidated directory (e.g., LDAP). Once policies are set, a policy package is generated for each user within a role, encrypted with the specific users' encryption key, and forwarded to the gatekeeper 104 for installation on the target mobile device 106. Policy package encryption forms a main pillar of system security. Additionally, SSL communication is used for added privacy and authentication between the server 102 and the gatekeeper 104 over the secure interface 114.
  • a consolidated directory e.g., LDAP
  • the system 100 is designed for robust security management to provide many advanced security features including: centralized management of disconnected devices, automatic versioning and distribution of policies, role-based policy creation and management, seamless integration with existing role repositories and security infrastructure, delegated security management, separation of administrative duties, automatic retrieval of device audit logs, consolidation, alerting and reporting, and mobile device management.
  • the gatekeeper 104 may be implemented as a security management software agent that forms a virtual security layer on existing, third party synchronization systems, such as HotSync, ActiveSycn, and ScoutSync.
  • a function of the gatekeeper 104 is to receive policy packages from the server 102 and install the packages on target mobile devices 106.
  • the gatekeeper 104 operates in two modes to support local and network synchronization. In local mode, the gatekeeper 104 executable operates on desktop and laptop computers forming a security layer on top of personal synchronization tools. In network mode, the gatekeeper 104 executable operates on an enterprise server and forms a security layer on top of a network synchronization application.
  • mobile devices 106 such as personal digital assistants (PDAs)
  • PDAs personal digital assistants
  • the gatekeeper 104 provides for automatic installation of the mobile shield on specified PDAs, application configuration, update and patch management, mobile device configuration management, monitoring, management, and control access to synchronization application, and distribution of device policies, permissions and configurations.
  • the mobile device application, i.e., shield, 106 may be implemented as a trusted computing environment operating as a software layer on top of the mobile device operating system. Security policies are received from the gatekeeper 104 using a two-way authentication process.
  • the policies are used by agent software at the mobile device to encrypt data, and to monitor and control device access, device peripherals, and device software and hardware operations.
  • the mobile device trusted environment approach provides many security features, including: on-device policy enforcement whether connected or disconnected, mandatory access control, data encryption with secure recovery, mandatory synchronization authentication, controlled application access and use, control over hardware ports - infrared (IR), compact flash (CF), universal serial bus (USB), secure digital (SD), multiple profiles - personal and business, and secure audit logs.
  • Sample devices that may accept shield software include personal devices made by Palm, Handspring, Sony, Compaq iPaq, and the HP Jornada 500 series.
  • the server 102 virtually consolidates external LDAP identity and policy data to integrate to existing security infrastructure.
  • the administrative tools on the server 102 allow policy packages to be automatically formed and distributed to each mobile device 106.
  • the gatekeeper 104 monitors synchronization and installs the shield software and policy packages on targeted devices.
  • the shield forms a trusted computing environment by forming a security layer on the mobile operating system to enforce the policies originating from the server 102.
  • the complete system 100 forms a comprehensive, enterprise scale mobile security management system.
  • the system 100 includes components that integrate to external systems. To support a large customer base, multiple platforms are supported for each component. The following sample list identifies illustrative devices and software platforms for integration.
  • the windows2000 operating system an LDAP of MS Active Directory System (ADS), Critical Path, or iPlanet flat files, and the Explorer version 5.0+ browser.
  • ADS MS Active Directory System
  • Critical Path Critical Path
  • iPlanet flat files the Explorer version 5.0+ browser.
  • compatible operating systems include Win98, WinNT 4.0, Win2000,
  • compatible data synchronization software includes HotSync, ActiveSync version 3.1+, server operating system of Win2000, and the network synchronization of ScoutSync version 3.5+.
  • the supported operating systems include PocketPC 2000, PocketPC 2002, and device OS version 3.5+.
  • the server 102 is constructed using enterprise scale server technology, such as federated webservices to provide scalability servers and portability of functions, model- view-controller (MVC) web interface techniques to provide maintainability and speed, and consolidated LDAP Directory (CLD) technology to provide compatibility and reduce installation and administrative costs in existing security infrastructures.
  • enterprise scale server technology such as federated webservices to provide scalability servers and portability of functions, model- view-controller (MVC) web interface techniques to provide maintainability and speed, and consolidated LDAP Directory (CLD) technology to provide compatibility and reduce installation and administrative costs in existing security infrastructures.
  • the server 102 architecture is integrated through a web service paradigm, as illustrated in FIG. 2.
  • This paradigm is an industry recognized best practice for developing and integrating enterprise web applications.
  • the web service paradigm is a loosely coupled architecture of processes that is flexible, allows additional functions, and allows replacement of servers as well as increased scale through load balancing and additional servers.
  • the core of the web services approach is in the ability to expose or advertise services through a consolidating interface.
  • many of the key functions of the server 102 such as access control, audit log and security policy management are implemented as individual Java "applications" and advertised or exposed to the internal local area network (LAN) as services.
  • LAN local area network
  • These "applications” operate as web services.
  • Each service can be run as a process or thread on a shared server, on separate servers or in combinations on fewer servers.
  • Scalability and load balancing is achieved by running multiple threads of a service on a single server or on a cluster of servers. Maintenance is simplified by supporting the ability to move services between servers and to replace servers dynamically.
  • the federating web service in FIG. 2 is a proxy type of service that consolidates the internally advertised services and provides the corresponding service to an external user through a hyper-text transfer protocol (HTTP) interface.
  • HTTP hyper-text transfer protocol
  • the federated web service consolidates internal services by proxying the functionality to external users.
  • the location of the services is specified in a service table or configuration file formatted with extensible markup language (XML).
  • Service management is an advantage to the federated services approach. Only a single URL needs to be maintained to provide service to a scalable cluster of servers and services.
  • the federating service has the ability to route application calls dynamically to perform load balancing. Scalability of the federating service is achieved using multiple federating service servers and standard load balancing routers such as Cisco's LocalDirector router.
  • XML extensible Markup Language
  • SOAP Simple Object Access Protocol
  • XML is a markup language similar to HTML for web pages, while SOAP is composed with structures or sentences written in XML.
  • SOAP is the grammar that defines the service call similar to a remote function call.
  • SOAP is an industry standard structure of XML tags that define calling sequences, parameter structures and result variables.
  • XML/SOAP allows an external application, such as the gatekeeper 104, to request a service as a single federated web service URL, to proxy the result to the actual web service and to provide the result back to the gatekeeper 104.
  • Privacy and authentication of the gatekeeper 104 can be achieved using SSL services by using the standard HTTPS protocol in place of HTTP.
  • the administrator interface 112 is provided through use of a lightweight HTTP or web interface. Benefits of this configuration includes wide availability of access from anywhere in the LAN, secure usage through SSL protocol, as well as simple delegation of responsibilities and separation of duties through authentication and access control.
  • the server 102 uses the industry recognized best practice of MVC programming model to implement the graphical user interfaces (GUI) of the administrator console.
  • Model View Controller is similar to web service in that it is a method of providing remote function calls. MVC leverages the federating web service to manage resources. However, MVC provides an additional capability to graphically represent the results of the service to provide a web page representation and a GUI.
  • MVC is the modern evolution of CGI for calling functions from web pages.
  • the CGI approach used a myriad of printlnQ calls to return HTTP data back to the browser for display.
  • Servlets are a server side Java application that perform a specific task and that do not have GUI capabilities. The servlets were used to manage flow while JSP managed the HTML formatting.
  • the MVC model separates servlets into logic (or model) servlets and control servlets resulting in the acronym MVC.
  • the server 102 uses MVC to implement the GUI.
  • a view component is used to format and represent GUI to the browser. JSP and HTML are used to implement the view component.
  • a controller component is used to consolidate, delegate and manage control flow and may be implemented with a Java servlet controller using HTTPS with the federated web service. Finally, the controller delegates work to an appropriate model within the server 102.
  • the model may be implemented as a servlet in Java.
  • the models are used to control setting of policies, accessing roles stored in the LDAP and forming policy packages for distribution.
  • the entire GUI including operation and logic is controlled and managed by the MVC framework. The framework is quickly implemented, and is easily modified, expanded and maintained.
  • LDAP is data directory structure that is commonly used to store identity information and security policies to support authentication and authorization systems. It is understandable that customers want to reuse existing LDAP repositories after investing the time and effort to create an LDAP role-based policy system and populate the system with every user in the company. Furthermore, customers may desire future security systems to use the existing LDAP repositories without compromising the integrity of the system by modifying any database schemas.
  • the server 102 uses a consolidated LDAP directory (CLD) technology to address this integration challenge.
  • CLD consolidated LDAP directory
  • the server 102 uses a layering approach and places a virtual layer above external and internal LDAP systems to provide a federated view of LDAP repositories.
  • FIG. 3 illustrates this approach.
  • the federation works with three layers.
  • the bottom layer 302 is an adapter layer that is specific to a data store format and converts the store representation to a portable format.
  • the middle layer 304 is a core directory engine that performs on-the-fly mapping to transform top-level client requests into the context of each repository and results into federated representations.
  • the top level 306 is a front-end listener that converts the directory engine results into proper LDAP format. The result is a powerful method for integrating disparate customer identity data stores into a unified view for simplified server installations.
  • An access control service provides authentication for administrator logins and for gatekeeper 104 communications. This service interfaces to the LDAP repository of identities and permissions to provide control for system and data access. Administrators are authenticated through a login screen presented by a browser with JSP. The JSP requests authentication with the user name and password through the servlet interface of the federated service. The request is proxied to the access control service for completion. The authentication may be performed with LDAP version 3 operations through the CLD and may alternatively be performed using private key encryption type authentication systems.
  • the gatekeeper 104 is authenticated using SSL server certificates and realm authentication.
  • An SSL connection is created to provide communications between the server 102 and gatekeeper 104.
  • the server 102 is authenticated to the gatekeeper 104 through SSL certificate authentication.
  • an SSL channel is constructed for privacy.
  • a name/password pair per realm authentication
  • Successful match of name and password provides authentication of the gatekeeper 104 to the server 102.
  • a policy service provides management of the role-based policies as well as creation of the policy files.
  • the policy management service is provided to the administration console and allows definition of the policy values for both roles (or groups) and individual users. Once the policies have been defined for a population of users, the administrator can select to publish the policies. The publication process is the act of forming the secure policy files and automatically pushing the policy files out to the individual shield application 106.
  • An example screen shot of the policy management service is shown in FIG. 4.
  • the system 100 provides a key management service that generates and archives password keys for encryption operations in the shield 106.
  • Symmetric encryption keys are generated using techniques such as industry standard X9.17. Symmetric keys are used to protect data on the mobile device. These data encryption keys are generated uniquely for each mobile device and are stored on both the server 102 and the shield 106 to enable data protection while allowing secure data recovery with administrator intervention.
  • Asymmetric or public/private key pairs are created with the elliptical curve cryptography (ECC) key algorithm and are used to encrypt policy files and audit log files. Separate key pairs are generated for each device and individually for the policy files and the audit logs. The key pairs are stored on the server 102 for secure data recovery through administrator intervention.
  • ECC elliptical curve cryptography
  • the private audit log key is stored on the shield 106 to encrypt audit log information to support transference off of the device.
  • the public policy file key is stored on the shield 106 to allow the software to authenticate and extract the policy items from the encrypted policy files.
  • the opposite keys are used on the server 102 to decrypt audit log files and to encrypt policy files in support of the device.
  • a policy file is a collection of policy items combined into a single data package and formatted with XML.
  • the policy file is transferred from the server 102 to the mobile device for security configuration and enforcement.
  • the policy file is actually a number of files; one main index file and another for each category of policies defined.
  • Each category file contains a series of policies that define the permissions and behavior of the shield 106.
  • Three items define each policy: category, key and value name.
  • a key may have zero or more name/value pairs associated with it.
  • the server 102 encodes the policy file with ECC asymmetric encryption and transfers the file to the mobile device.
  • the key pair corresponding to the policy management of an individual mobile device is created and managed by the server 102.
  • the private key is stored on the server 102 and used to encrypt the policy file.
  • the public key is stored on the mobile device by the shield application 106.
  • the policy file is transferred to the mobile device during synchronization, after authentication is performed.
  • the public key stored in the shield is used to open the policy file.
  • Policy data falls into the following categories: I/O, storage, applications, and authentication.
  • I/O input/O
  • storage storage
  • applications applications
  • authentication The following tables specify sample types of policy data: Permission Policies
  • volumeMount_Enable Storage True/False Boolean True Palm DB, VFS Manager (File system mounting) CE:
  • the system 100 also provides a logging service. Each event defined in the logging service has a corresponding registered policy. This will enable the administrator to control which events are written to the audit logs.
  • a log file is a record of events that is generated by the shield software 106.
  • the shield 106 initially stores the file locally. During synchronization, the log file is automatically transferred through the gatekeeper 104 to the server 102. After synchronization, the shield 106 initializes a new file.
  • the server 102 automatically appends the new log to the previous synchronized logs to form a consolidated log. Server access to the log is provided through an open database connectivity (ODBC) interface to allow custom or third party reporting tools to be used.
  • ODBC open database connectivity
  • the log files are locally protected against tampering with elliptical curve algorithm asymmetric encryption.
  • the key pair corresponding to the on-device audit logs of an individual mobile device is created and managed by the server 102.
  • the public key is stored on the server and used to open the audit log after synchronization.
  • the private key is stored on the mobile device by the shield application 106 and is used to add new event records to the event log.
  • An initial value or seed is transferred from the server 102 to the mobile device in a secure mode during synchronization. This seed is updated through the encryption process as records are added to the audit log. This forms an encryption thread through the event recording process. Additionally, a time stamp from the server is used to initialize the file.
  • the initial time stamp combined with periodic time events in the file allows monitoring of the mobile device clock to prevent time tampering.
  • This method of on-device audit logging provides a secure and private audit log that is easily maintained by the server, detects gaps in time and in logging sequence, and is tamper resistant to provide a robust, on-device monitoring system.
  • the gatekeeper 104 includes a persistence network 502, a server interface 504, a client interface 506, an encryption module 508, an audit module 510, a synchronization plug-in module 512, and an authentication module 514.
  • the gatekeeper 104 communicates with the server 102 using HTTPS and XML over the interface 114 and communicates with the mobile device 106 via the synchronization interface 116, such as with SKID3 and XML.
  • the shield application 106 includes a communication module 602, a storage area 604, a user interface 606, encryption module 608, audit and log module 610, policy rule engine 612, and system interface 614.
  • the communication module 602 communicates with external systems such as the gatekeeper.
  • the communication module receives application data, personal information data (PIM), new key materials and policy data from the gatekeeper 104.
  • PIM personal information data
  • the application data and PIM data are stored in the general device storage 604. This general storage may be encrypted by the encryption module 608.
  • the new key materials are decrypted by the encryption module 608 and stored in the key data store in 608.
  • the policy data is decrypted by the encryption module 608 and stored in the rules engine store 612.
  • the user interface module 606 communicates with the device user to authenticate the user and unlock the device.
  • the user interface may retrieve any of a plurality of data such as PIN (personal identification number), password, answer to a question or response to a challenge.
  • Authentication is tested by decrypting data in the encryption module 608 with the retrieved data. Upon successful decryption, authentication is approved.
  • a similar authentication test can be hashing the retrieved information and comparing the information with data stored in the encryption module 608.
  • the user interface 606 also displays alerts such as sync in progress or device is locked.
  • the audit log module 610 stores system event data, such as successful or unsuccessful authentication attempts, in the encrypted log store of 610.
  • the events are encrypted by the encryption module 608 and transferred to the gatekeeper 104 by the communications module 602.
  • the rules engine 612 provides authorization based on the policy data in its store.
  • the policies are retrieved from the communications module 602 during connectivity to the gatekeeper 104 and enforces the policies at all times whether connected or disconnected.
  • the policy data is retrieved from the gatekeeper 104 by the communications module 602 in an encrypted form.
  • the encryption module 608 decrypts the data prior to storage on the policy data store in 612.
  • the rules engine receives authorization requests from a plurality of modules and responds with authorization based on the policies stored within.
  • the policy engine can signal the user interface 606 to lock the device if a user action is denied or an unauthorized event occurs.
  • the rules engine 612 can enforce which devices to which the communications module 602 can communicate.
  • the policy database may contain a list of devices that can be communicated with, a list of devices that cannot be communicated with or a list of keys stored in the encryption module 608 with which can be used to authenticate devices. If an external device is included in the list of approved devices to communicate with, the rules engine 612 grants authorization to the communication module 602 to communicate with the external device. If an external device is included in the list of disapproved devices to communicate with, the rules engine denies authorization to the communications module 602 to communicate with the external device. If a plurality of keys is listed in the policy database, then the rules engine can request the encryption module 608 to perform a challenge response with an external device to determine authentication. If the authentication is successful, the rules engine 612 may grant authorization to the communications module 602 to communicate with the external device. Otherwise, the rules engine may deny authorization to the communications module 602 to communicate with an external device.
  • the rules engine 612 and user interface 606 can enforce a personal or business mode.
  • the user interface 606 can authenticate a user in either personal mode or business mode.
  • the mode is determined from the data retrieved from the user interface indicating which mode the user requests.
  • the rules engine authorizes what actions can be performed in each mode. Additionally, the rules engine can authorize which data items in the general data store 604 can be displayed by the user interface 606, can be accessed by a plurality of modules, or can be transferred by the communications module 602.
  • the system interface 614 communicates using intercepted events with an external event handler, such as OS event handler 630 and communicates, by intercepting system calls, with external operating systems, such as OS 632.
  • the system interface 614 authorizes system calls and events by intercepting the system calls and events, requesting authorization from the policy engine 612, and granting or denying the system calls or events.
  • gatekeeper software 104 including network scripts, policies, and key materials, is installed from the server 102 to a desktop computer, or other suitable gatekeeper platform, at 702.
  • the shield software application 106 i.e., security software for the mobile computing device
  • the gatekeeper 104 requests a one- time use password from the server 102, at 706.
  • the server 102 emails the one-time use password to the user of the mobile computing device, at 708.
  • the mobile computing device user can then use the one-time password to complete installation of the security shield application.
  • the root key for the key pack is decrypted using the one-time password, allowing access for the user to enter a new password, a personal identification number (PIN), and a password phrase, and optionally other user identification information, such as the user's mothers maiden name or pet name, at 710.
  • the root key is then encrypted using each of the above user information entries, including the new password, the PIN, the phrase, and the user's answers to key questions, at 712.
  • the above process of having a mobile computing device user initiate security operations may be accomplished using user interface software, such as by providing prompting screens to facilitate entry of the user information.
  • a method for distributing a new or modified security policy information to a mobile device is illustrated.
  • a policy change or a new policy is added by an administrator connected to the server 102 and the server 102, in response to the administrator request, creates a new policy package.
  • the policy package contains the new or modified policy.
  • the server 102 authenticates a connection with the gatekeeper 104 and upon successful authentication, sends the policy package to the gatekeeper 104, at 804.
  • the authentication between the device and gatekeeper may be implemented using a mutual challenge-response algorithm that uses a shared key as a shared secret for determining authentication.
  • the process is a two step challenge-response that may begin with ether the device or the gatekeeper.
  • the device initiates the challenge.
  • a random number is calculated by the device and sent to the gatekeeper as a challenge.
  • the gatekeeper and the device compute the expected answer in parallel and in private.
  • the answer can be calculated by any one way function of the shared key and challenge value.
  • the key can be appended to the challenge and input to a hashing algorithm such as MD5 for calculation of a message digest.
  • the gatekeeper responds to the device by returning the computed response.
  • the gatekeeper calculates a random number for the return challenge.
  • the next step repeats the first step but in reverse roles.
  • the gatekeeper challenges the device with the random number. Each computes the expected response privately.
  • the device returns the calculated value as the response. If the values match, then the second phase is passed. If either phase fails, then the entire process is failed. Both steps must pass in order to be successful.
  • the gatekeeper 104 receives the policy package and waits for the next data synchronization communication with the mobile computing device, at 806.
  • the gatekeeper 104 authenticates the mobile computing device.
  • the gatekeeper 104 upon successful authentication of the mobile computing device, pushes the policy package to the mobile computing device, at 810.
  • the mobile computing device decrypts the policies and activates the new or modified security policies, at 812. If authentication of either the gatekeeper 104, from the server 102, or the mobile computing device from the gatekeeper 104 fails, then the updated policy package is not distributed and the administrator may be notified.
  • a method where a mobile computing device requests policy updates is shown.
  • the mobile computing device initiates synchronization with the gatekeeper 104, at 902.
  • the connections between the mobile computing device and the gatekeeper 104 and between the gatekeeper 104 and the server 102 is authenticated, at 904.
  • the gatekeeper 104 checks the server 102 for new policies, at 906.
  • the server 102 creates a policy package based on new and modified policies and sends the policy package to the gatekeeper 104, at 908.
  • the gatekeeper 104 installs the new and/or modified policies onto the mobile computing device, at 910.
  • the security application i.e., the shield application 106
  • the root key 1016 is encrypted using a user's PIN 1018, password 1020, phrase 1022, and challenge 1024 (i.e., answer to key questions).
  • the root key 1016 is then used to encrypt a set of operating keys 1036 referred to as a key ring.
  • the operating keys 1036 include a data key 1038, a policy key 1040, a log key 1042, a gatekeeper authentication element 1044, an updating key 1046, and a heartbeat log key 1048.
  • the data key 1038 is linked to unlock data storage 1054 within the mobile computing device.
  • the policy key 1040 is used to access policies 1050 and the log key 1042 is used to access log files 1052 that track historical mobile device user activities.
  • the log key is the public key used with a public key encryption algorithm to encrypt data into the event log that tracks historical mobile device user activities.
  • the gatekeeper authentication key is used by the device in a challenge-response algorithm to prove its identity with the gatekeeper.
  • the key is used as a shared secret to compute the response to a challenge.
  • the update key is used to decrypt new keys sent by the server to the device as replacements to any of the plurality of keys.
  • the heartbeat key is used similar to the gatekeeper authentication key for authenticating between the device and the server.
  • the challenge and response between the device and server is used as a heartbeat to monitor the device.
  • the policy package that includes the policy pack 1056, encrypted using the policy key, and a key material pack 1058 that has been encrypted using the root key 1016.
  • the policy package may be pushed from the server 102, via the gatekeeper 104, to the mobile computing device 106 or may be pulled from the mobile computing device from the server 102, via the gatekeeper 104. Methods for distributing the policy package were described above with respect to FIGs. 8 and 9.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne, dans un mode de réalisation particulier, un module de serveur déployé sur un serveur (102). Ce module de serveur est connecté à un noeud d'accès (104) de réseau radio. Ce module de serveur comprend une base de données (108) contenant des informations utilisateurs concernant de multiples dispositifs radio (106). Chaque élément de la base de données (108) peut être attribué à au moins un dispositif radio autorisé (106) et contient au moins un type de fichier de données du groupe suivant : (i) permissions de connexion sans fil, (ii) identification dispositif sans fil autorisée et (iii) information de noeud d'accès au réseau autorisée. Dans un autre mode de réalisation, elle concerne un procédé servant à appliquer des polices de sécurité au niveau d'un dispositif informatique mobile (106). Ce procédé consiste à recevoir une police de ce dispositif mobile (106) et à appliquer la police au niveau dudit dispositif (106) par interdiction à l'utilisateur de ce dispositif (106) de s'impliquer dans une utilisation non autorisée par la limite d'utilisation. Cette police comprend au moins une limite d'utilisation de dispositif.
EP03797914A 2002-09-23 2003-09-19 Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite Withdrawn EP1547303A4 (fr)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US252212 2002-09-23
US10/252,212 US7665118B2 (en) 2002-09-23 2002-09-23 Server, computer memory, and method to support security policy maintenance and distribution
US252213 2002-09-23
US10/252,225 US7437752B2 (en) 2002-09-23 2002-09-23 Client architecture for portable device with security policies
US252225 2002-09-23
US252211 2002-09-23
US10/252,211 US7665125B2 (en) 2002-09-23 2002-09-23 System and method for distribution of security policies for mobile devices
US10/252,213 US20060190984A1 (en) 2002-09-23 2002-09-23 Gatekeeper architecture/features to support security policy maintenance and distribution
PCT/US2003/029347 WO2004028070A1 (fr) 2002-09-23 2003-09-19 Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite

Publications (2)

Publication Number Publication Date
EP1547303A1 true EP1547303A1 (fr) 2005-06-29
EP1547303A4 EP1547303A4 (fr) 2009-09-02

Family

ID=32034384

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03797914A Withdrawn EP1547303A4 (fr) 2002-09-23 2003-09-19 Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite

Country Status (4)

Country Link
EP (1) EP1547303A4 (fr)
JP (1) JP2006500657A (fr)
AU (1) AU2003276898A1 (fr)
WO (1) WO2004028070A1 (fr)

Families Citing this family (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2872979A1 (fr) * 2004-07-09 2006-01-13 France Telecom Systeme d'acces controle a des informations contenues dans un terminal
US7286834B2 (en) 2004-07-13 2007-10-23 Sbc Knowledge Ventures, Lp System and method for location based policy management
US7730485B2 (en) 2004-08-10 2010-06-01 At&T Intellectual Property I, L.P. System and method for advertising to a Wi-Fi device
US7774365B2 (en) * 2004-08-31 2010-08-10 Morgan Stanley Organizational reference data and entitlement system
US20060236364A1 (en) * 2005-03-31 2006-10-19 Nokia Corporation Policy based method, device, system and computer program for controlling external connection activity
US7773569B2 (en) * 2005-05-19 2010-08-10 Meshnetworks, Inc. System and method for efficiently routing data packets and managing channel access and bandwidth in wireless multi-hopping networks
WO2007053848A1 (fr) * 2005-11-01 2007-05-10 Mobile Armor, Llc Controle de securite dynamique centralise pour un reseau de dispositifs mobiles
US7747647B2 (en) 2005-12-30 2010-06-29 Microsoft Corporation Distributing permission information via a metadirectory
US20070288989A1 (en) * 2006-06-09 2007-12-13 Nokia Corporation Method, electronic device, apparatus, system and computer program product for updating an electronic device security policy
US8725123B2 (en) 2008-06-05 2014-05-13 Headwater Partners I Llc Communications device with secure data path processing agents
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8924543B2 (en) 2009-01-28 2014-12-30 Headwater Partners I Llc Service design center for device assisted services
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8270952B2 (en) 2009-01-28 2012-09-18 Headwater Partners I Llc Open development system for access service providers
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8924469B2 (en) 2008-12-18 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US12166596B2 (en) 2009-01-28 2024-12-10 Disney Enterprises, Inc. Device-assisted services for protecting network capacity
US9351193B2 (en) 2009-01-28 2016-05-24 Headwater Partners I Llc Intermediate networking devices
US12432130B2 (en) 2009-01-28 2025-09-30 Headwater Research Llc Flow tagging for service policy implementation
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US9253663B2 (en) 2009-01-28 2016-02-02 Headwater Partners I Llc Controlling mobile device communications on a roaming network based on device state
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US12389218B2 (en) 2009-01-28 2025-08-12 Headwater Research Llc Service selection set publishing to device agent with on-device service selection
US12452377B2 (en) 2009-01-28 2025-10-21 Headwater Research Llc Service design center for device assisted services
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US8606911B2 (en) 2009-03-02 2013-12-10 Headwater Partners I Llc Flow tagging for service policy implementation
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US12388810B2 (en) 2009-01-28 2025-08-12 Headwater Research Llc End user device that secures an association of application to service policy with an application certificate check
US11973804B2 (en) 2009-01-28 2024-04-30 Headwater Research Llc Network service plan design
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US8793758B2 (en) 2009-01-28 2014-07-29 Headwater Partners I Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US8893009B2 (en) 2009-01-28 2014-11-18 Headwater Partners I Llc End user device that secures an association of application to service policy with an application certificate check
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US11985155B2 (en) 2009-01-28 2024-05-14 Headwater Research Llc Communications device with secure data path processing agents
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US8351898B2 (en) 2009-01-28 2013-01-08 Headwater Partners I Llc Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account
US12543031B2 (en) 2009-01-28 2026-02-03 Headwater Research Llc Adapting network policies based on device service processor configuration
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
JP5578096B2 (ja) * 2011-01-28 2014-08-27 コニカミノルタ株式会社 表示システム
US9154826B2 (en) 2011-04-06 2015-10-06 Headwater Partners Ii Llc Distributing content and service launch objects to mobile devices
US10291658B2 (en) 2011-11-09 2019-05-14 Microsoft Technology Licensing, Llc Techniques to apply and share remote policies on mobile devices
WO2014159862A1 (fr) 2013-03-14 2014-10-02 Headwater Partners I Llc Portage de justificatif d'identité automatisé pour des dispositifs mobiles
US10108965B2 (en) * 2015-07-14 2018-10-23 Ujet, Inc. Customer communication system including service pipeline
CN108765715B (zh) * 2018-05-31 2022-02-01 广州十分网络技术有限公司 多消费终端综合管理方法、服务器及系统
US11108831B2 (en) * 2019-01-04 2021-08-31 Vmware, Inc. Machine policy configuration for managed devices
CN111490980B (zh) * 2020-03-30 2022-03-08 贵阳块数据城市建设有限公司 一种工业互联网数据传输加密方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5850444A (en) * 1996-09-09 1998-12-15 Telefonaktienbolaget L/M Ericsson (Publ) Method and apparatus for encrypting radio traffic in a telecommunications network
US6253081B1 (en) * 1998-08-12 2001-06-26 Bellsouth Intellect Pty Corp Method and system for providing roaming service in a telecommunications system that is partially enabled for local number portability
US6178506B1 (en) * 1998-10-23 2001-01-23 Qualcomm Inc. Wireless subscription portability
US6236852B1 (en) * 1998-12-11 2001-05-22 Nortel Networks Limited Authentication failure trigger method and apparatus
US6308067B1 (en) * 1999-11-30 2001-10-23 At&T Corp. Wireless communications system and method of operation for reducing fraud

Also Published As

Publication number Publication date
JP2006500657A (ja) 2006-01-05
WO2004028070A1 (fr) 2004-04-01
EP1547303A4 (fr) 2009-09-02
AU2003276898A1 (en) 2004-04-08

Similar Documents

Publication Publication Date Title
US7665118B2 (en) Server, computer memory, and method to support security policy maintenance and distribution
US7665125B2 (en) System and method for distribution of security policies for mobile devices
US7437752B2 (en) Client architecture for portable device with security policies
US20060190984A1 (en) Gatekeeper architecture/features to support security policy maintenance and distribution
WO2004028070A1 (fr) Serveur, memoire informatique et procede servant a supporter la maintenance et la distribution d'une police de securite
CN111783075B (zh) 基于密钥的权限管理方法、装置、介质及电子设备
CN103067399B (zh) 无线发射/接收单元
US9130920B2 (en) Monitoring of authorization-exceeding activity in distributed networks
CN110489996B (zh) 一种数据库数据安全管理方法及系统
US20070143824A1 (en) System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US9686262B2 (en) Authentication based on previous authentications
US20070186275A1 (en) Enterprise-wide security system for computer devices
CN109558721A (zh) 客户端应用程序的安全单点登录和条件访问
CN103152179A (zh) 一种适用于多应用系统的统一身份认证方法
CN110708156B (zh) 一种通信方法、客户端及服务器
CN112202713B (zh) 一种Kubernetes环境下用户数据安全保护方法
CN106533693B (zh) 轨道车辆监控检修系统的接入方法和装置
EP2795522B1 (fr) Techniques permettant de stocker des informations confidentielles destinées à des centres mondiaux de traitement de données
KR101133210B1 (ko) 모바일 클라이언트 단말기의 보안인증시스템
Kuzminykh et al. Mechanisms of ensuring security in Keystone service
Ho et al. Oracle Database Advanced Security Administrator's Guide 11g Release 2 (11.2) E40393-07
CN118432864A (zh) 基于互联网的安全分析方法
CN119030706A (zh) 一种应用于crm的量子密码安全应用系统及方法
Salvador et al. A Human Centered Security Protocol for Ubiquitous Environments
Roselin Selvarani Secured Paradigm for Mobile Databases

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20050413

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20090805

17Q First examination report despatched

Effective date: 20091204

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20111015