`US007 665118B2
`
`c12) United States Patent
`Mann et al.
`
`(IO) Patent No.:
`(45) Date of Patent:
`
`US 7,665,118 B2
`*Feb.16,2010
`
`(54) SERVER, COMPUTER MEMORY, AND
`METHOD TO SUPPORT SECURITY POLICY
`MAINTENANCE AND DISTRIBUTION
`
`(75)
`
`Inventors: Dwayne R. Mann, Allen, TX (US);
`Robert W. Heard, Plano, TX (US);
`Christopher D. Burchett, Lewisville,
`TX (US); Ian R. Gordon, Ottawa (CA)
`
`(73) Assignee: Credant Technologies, Inc., Addison,
`TX (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 900 days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`(21) Appl. No.: 10/252,212
`
`(22) Filed:
`
`Sep.23,2002
`
`(65)
`
`Prior Publication Data
`
`US 2006/0147043 Al
`
`Jul. 6, 2006
`
`(51)
`
`Int. Cl.
`H04L 29106
`(2006.01)
`H04K 1100
`(2006.01)
`(2006.01)
`G06F 15/177
`(2006.01)
`G06F 11/30
`(2006.01)
`G06F 21/00
`(52) U.S. Cl. ........................... 726/1; 709/220; 717/168;
`717/174; 380/270; 713/193; 705/54
`( 58) Field of Classification Search . ... ... ... ... .. ... ... 726/1;
`709/220; 717/168, 174; 380/270; 713/193;
`705/54
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,850,444 A * 12/1998 Rune ........................... 705/79
`
`5,987,611 A * 11/1999
`6,088,451 A *
`7/2000
`6,158,010 A * 12/2000
`6,178,506 Bl*
`1/2001
`6,236,852 Bl *
`5/2001
`6,314,409 B2 * 11/2001
`6,366,898 B2 *
`4/2002
`6,453,419 Bl
`9/2002
`6,477,585 Bl
`11/2002
`6,490,679 Bl
`12/2002
`6,633,981 Bl
`10/2003
`6,708,187 Bl*
`3/2004
`6,789,195 Bl
`9/2004
`6,856,800 Bl *
`2/2005
`
`Freund .......................... 726/4
`He et al. ........................ 726/8
`Moriconi et al. ............... 726/1
`Quick, Jr . ................... 713/168
`Veerasamy et al ........... 455/411
`Schneck et al.
`............... 705/54
`Taivalsaari et al. ............. 707/1
`Flint et al.
`Cohen et al.
`Tumblin et al.
`Davis
`Shanumgam et al . ....... 707/201
`Prihoda et al.
`Henry et al.
`................ 455/411
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`
`0759591 Al
`
`2/1997
`
`OTHER PUBLICATIONS
`
`Patent Cooperation Treaty International Search Report from PCT/
`US2003/29347 dated Dec. 23, 2003.
`
`Primary Examiner-Christopher A Revak
`Assistant Examiner-Trang Doan
`(74) Attorney, Agent, or Firm-Haynes and Boone, LLP
`
`(57)
`
`ABSTRACT
`
`In a particular embodiment, a server module deployed on a
`server is disclosed. The server module is connected to a
`wireless network access node. The server module includes a
`database containing user information for multiple wireless
`devices. Each element in the database is attributable to at least
`one authorized wireless device and contains at least one type
`of data file from the following group: (i) wireless connectivity
`permissions, (ii) authorized wireless device identification,
`and (iii) authorized network access node information.
`
`8 Claims, 10 Drawing Sheets
`
`INITIATE SYNCHRONIZATION AT
`THE MOBILE DEVICE
`
`902
`
`AUTHENTICATE CONNECTION BElWEEN MOBILE
`DEVICE AND GATEKEEPER AND GATEKEEPER
`AUTHENTICATES WITH SERVER
`
`904
`
`GATEKEEPER CHECKS SERVER
`FOR NEW POLICIES
`
`906
`
`SERVER CREATES POLICY PACKAGE
`AND SENDS THE POLICY PACKAGE TO
`THE GATEKEEPER
`
`GATEKEEPER INSTALLS POLICIES
`ONTO MOBILE DEVICE
`
`AT MOBILE DEVICE, SHIELD APPLICATION
`DECRYPTS POLICY PACKAGE AND
`ACTIVATES NEW POLICIES
`
`908
`
`910
`
`912
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 001
`
`
`
`US 7,665,118 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`6,941,472 B2 *
`6,963,740 Bl *
`7,024,491 Bl*
`7,069,581 B2 *
`7,093,286 Bl*
`7,257,833 Bl*
`7,318,237 B2 *
`7,340,214 Bl*
`2001/0021926 Al *
`2001/0037467 Al*
`2002/0026582 Al*
`2002/0124053 Al
`2002/0126850 Al*
`2002/0133720 Al *
`
`9/2005 Moriconi et al ............... 726/11
`11/2005 Guthery et al.
`............. 455/410
`4/2006 Hanrnann et al.
`........... 709/248
`.. ... ... .. ... ... ... ... .. 726/3
`6/2006 Fu et al.
`8/2006 King ........................... 726/12
`8/2007 Parekh et al ................... 726/1
`1/2008 Moriconi et al ............... 726/27
`3/2008 Hamberg ................... 455/41.2
`9/2001 Schneck et al.
`............... 705/54
`11/2001 O'Toole et al.
`............. 713/201
`2/2002 Futamura et al. ............ 713/170
`9/2002 Adams et al.
`9/2002 Allen et al .................. 380/277
`9/2002 Sherman et al. ............. 713/201
`
`2002/0144151 Al
`2003/0037033 Al *
`2003/0050062 Al
`2003/0054810 Al
`2003/0081621 Al*
`2003/0172034 Al
`2003/0177389 Al*
`2004/0003285 Al
`2004/0015692 Al
`2004/0064727 Al*
`2004/0192303 Al*
`2004/0203593 Al*
`2005/0254652 Al*
`2006/0234678 Al
`
`10/2002
`2/2003
`3/2003
`3/2003
`5/2003
`9/2003
`9/2003
`1/2004
`1/2004
`4/2004
`9/2004
`10/2004
`11/2005
`10/2006
`
`............. 370/400
`
`Shell et al.
`Nyman et al ................... 707 /l
`Chen et al.
`Chen et al.
`Godfrey et al.
`Schneck et al.
`Albert et al ................. 713/201
`Whelan et al.
`Green et al.
`Yadav ........................ 713/201
`Puthenkulam ........... 455/435.1
`Whelan et al. .............. 455/411
`Engler et al. ................ 380/270
`Juitt et al.
`
`* cited by examiner
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 002
`
`
`
`U.S. Patent
`
`Feb.16,2010
`
`Sheet 1 of 10
`
`US 7,665,118 B2
`
`IDENTITY
`DATA
`EXISTING LDAP
`DIRECTORY
`SOLUTIONS
`
`108
`
`SERVER
`
`104
`
`106
`
`HAND-HELD
`NETWORK
`.......__...i COMPUTER
`SYNC
`IGATEKEEPERI
`I SHIELD
`116
`
`I
`
`102
`
`104
`
`106
`
`110
`
`ADMINISTRATIVE
`INTERFACE
`
`PERSONAL
`SYNC
`IGATEKEEPERI
`
`HAND-HELD
`COMPUTER
`I SHIELD
`116
`
`I
`
`100
`
`FIG. 1
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 003
`
`
`
`U.S. Patent
`
`Feb.16,2010
`
`Sheet 2 of 10
`
`US 7,665,118 B2
`
`114
`
`Gatekeeper
`Interface
`
`Adm in/Web
`Interface
`
`Network Interfaces
`112
`
`Mobile Guardian Server _ .__H_.;T_T_PS_......____S_erv_l_et_t--,... ____ [
`Federating Service
`
`2
`~ ~
`______ _
`
`Service Table
`File (XML)
`
`.---Ke-Se_rv_ic_e__,
`
`Access Control
`Service
`
`Policy Service
`
`Key Material
`
`Customer Mobile
`Auditlogs
`LDAP
`LDAP
`~-------------------------------------------
`
`FIG. 2
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 004
`
`
`
`U.S. Patent
`
`Feb. 16, 2010
`
`Sheet 3 of 10
`
`US 7,665,118 B2
`
`LDAP Listener
`
`LDAP Consolidation Engine
`
`Adapter API
`
`LPDA Adapter
`(JNDI)
`
`Text Adapter
`
`V
`V
`
`V
`
`306
`
`304
`
`302
`
`• LDAP v3
`• NIS
`
`• Structured Text
`• Flat Files
`
`Standard
`
`LJ
`
`Local
`Directory
`Store
`
`FIG. 3
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 005
`
`
`
`U.S. Patent
`
`Feb.16,2010
`
`Sheet 4 of 10
`
`US 7,665,118 B2
`
`Mobile Policy Manager
`
`[Home]
`Roles
`
`[Policies]
`Administration
`Activities]
`Policy Definition for Power User Role
`
`Default
`
`D Apply settings to children of this role too.
`
`Description
`
`Local Setting
`
`Effective
`
`Category
`Setting
`
`Device
`[Password]
`[Encryption]
`[Permissions]
`[Check-up]
`[Logging]
`[Rules]
`[Authentication]
`[Configuration]
`Server
`
`Sales
`Sue
`
`Sales
`Jane
`Bill
`Pete
`
`FIG. 4
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 006
`
`
`
`"'""' 00 = N
`
`"'""'
`"'
`UI
`0--,
`O'I
`-....l
`d r.,;_
`
`....
`0 ....
`('D a
`rJJ =(cid:173)
`
`Ul
`
`0
`
`0 ....
`~ ....
`
`N
`"'
`O'I
`
`0
`
`"f'j
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`FIG. 5
`
`512
`
`116
`
`Authentication
`
`514
`
`~
`......
`
`1/F
`Client
`
`502
`
`508
`
`104
`
`Plug-in
`"-._1-Syn~ -
`
`510
`
`1-=:71n/
`
`Audit Log
`
`~ I
`
`Network Module
`
`V
`
`Manager
`Persistence
`
`.. I
`
`Server
`
`1/F
`
`HTTPS
`XML over
`
`114
`
`Encryption
`
`GATEKEEPER
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 007
`
`
`
`....
`0 ....
`Cl's
`.....
`rJJ =(cid:173)
`
`('D
`('D
`
`0
`
`0 ....
`?' ....
`
`0
`
`N
`'-"Cl's
`
`('D
`"f'j
`
`~ = ~
`
`~
`~
`~
`•
`00
`~
`
`"""' 00 = N
`
`"""'
`"'UI
`0--,
`O'I
`-....l
`d r.,;_
`
`FIG. 6
`
`1
`
`DATA
`POLICY
`
`DECRY6JT~ouCY ___
`
`612
`
`ENFORCEMENT
`
`LOG POLICY
`
`I
`
`I
`
`z. DEVICE LJ-t~8D~Ess MODE
`1. PERSONA
`I
`
`MESSAGES~ l ENCRYPTED
`
`LOGS
`
`61 o
`
`~ ENCRYPT LOG
`
`OG USER AUTHENTICATION
`L
`
`DECRYPT /HASH
`DATA ENCRYPT/-+
`AUTHENTICATION
`
`OR RESET
`
`6os__. I MODULE
`
`RETRIEVE USER
`
`INPUT
`
`.___ ___ .. RULES ENGINE I POLICIES
`ENFORCE
`
`614
`
`MODULE
`I AUDIT LOG
`
`ENCRYPTION I
`
`DOWN ALERT
`
`SYSTEM INTERFACE
`
`INTERCEPT SYNC----+-1
`
`I
`
`1
`
`SYSTEM CALLS
`
`INTERCEPT
`
`t
`
`EVENTS 632
`INTERCEPT SYSTEM
`
`BB
`
`604
`
`STORAGE
`
`SYSTEM CALLS
`
`DEVICE OS
`
`DEVICE OS EVENT
`
`HANDLER
`
`1
`
`630
`
`1
`
`1.
`
`COMMUNICATION I
`
`MODULE
`
`602
`
`ALERTS TO USER
`DISPLAY SYNC
`
`I◄
`
`INTERFACE
`
`USER
`
`606
`
`,________. 1. APPLICATION DATA
`
`2. PIM DATA
`
`SYNC:
`
`KEEPER 2. POLICY DATA
`, 1. KEY MATERIAL
`GATE-
`
`3. LOG FILES
`
`TCPAP:
`
`104
`
`, _______ __,
`
`I DISPLAY PERMISSION
`
`ALERTS TO USER
`
`ENCRYPT /DECRYPT
`
`,J.
`
`CONTENT
`
`2. RETRIEVE LOGS FOR
`
`COMMUNICATION
`
`1. LOG NETWORK
`
`TRANSFER
`
`MATERIAL
`~---.....JSTORE KEY
`
`2. DISPLAY DEVICE LOCK-__ __,1
`1. DISPLAY SYNC ALERT
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 008
`
`
`
`U.S. Patent
`
`Feb. 16, 2010
`
`Sheet 7 of 10
`
`US 7,665,118 B2
`
`INSTALL GATEKEEPER SOFTWARE FROM SERVER TO
`DESKTOP COMPUTER, INCLUDING NETWORK SCRIPTS,
`POLICIES, AND KEY PACKS
`
`702
`
`/
`
`704
`
`/
`
`, ,
`WHEN MOBILE DEVICE IS SYNCHRONIZING TO
`COMPUTER WITH GATEKEEPER, INSTALL SHIELD
`PROGRAM ONTO MOBILE DEVICE
`,,
`REQUEST ONE-TIME PASSWORD, AT
`GATEKEEPER TO SERVER
`
`v706
`
`• r
`
`SERVER EMAILS ONE-TIME PASSWORD
`TO THE MOBILE DEVICE
`
`/708
`
`,,
`AT MOBILE DEVICE, USE ONE-TIME PASSWORD TO
`COMPLETE SHIELD INSTALLATION. ROOT KEY IN KEY
`PACK IS DECRYPTED USING THE ONE-TIME
`PASSWORD. USER THEN ENTERS PIN AND NEW
`PASSWORD AND PHRASE
`
`710
`
`/
`
`,~
`ENCRYPT ROOT KEY WITH NEW PASSWORD
`AND WITH PIN AND WITH PHRASE
`
`712
`
`FIG. 7
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 009
`
`
`
`U.S. Patent
`
`Feb. 16, 2010
`
`Sheet 8 of 10
`
`US 7,665,118 B2
`
`POLICY CHANGE IS MADE BY ADMINISTRATOR AT THE
`SERVER. THE SERVER CREATES NEW POLICY PACKAGE
`
`/802
`
`, ,
`
`SERVER AUTHENTICATES CONNECTION V 804
`
`WITH GATEKEEPER AND SENDS POLICY
`PACKAGE TO GATEKEEPER
`
`GATEKEEPER RECEIVES POLICY PACKAGE
`AND WAITS FOR NEXT SYNCHRONIZATION
`WITH MOBILE DEVICE
`
`/806
`
`MOBILE DEVICE INITIATES
`SYNCHRONIZATION
`
`/808
`
`GATEKEEPER AUTHENTICATES MOBILE DEVICE AND V 810
`
`THEN PUSHES POLICY PACKAGE TO MOBILE DEVICE
`
`',.
`MOBILE DEVICE DECRYPTS POLICIES AND
`ACTIVATES UPDATED POLICIES
`
`/
`
`812
`
`FIG. 8
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 010
`
`
`
`U.S. Patent
`
`Feb. 16, 2010
`
`Sheet 9 of 10
`
`US 7,665,118 B2
`
`INITIATE SYNCHRONIZATION AT
`THE MOBILE DEVICE
`
`902
`
`AUTHENTICATE CONNECTION BElWEEN MOBILE
`DEVICE AND GATEKEEPER AND GATEKEEPER
`AUTHENTICATES WITH SERVER
`
`/ 904
`
`/
`
`GATEKEEPER CHECKS SERVER
`FOR NEW POLICIES
`
`/906
`
`SERVER CREATES POLICY PACKAGE
`AND SENDS THE POLICY PACKAGE TO
`THE GATEKEEPER
`
`v908
`
`GATEKEEPER INSTALLS POLICIES
`ONTO MOB\LE DEVICE
`
`/910
`
`AT MOBILE DEVICE, SHIELD APPLICATION
`DECRYPTS POLICY PACKAGE AND
`ACTIVATES NEW POLICIES
`
`912
`
`/
`
`FIG. 9
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 011
`
`
`
`U.S. Patent
`
`Feb.16,2010
`
`Sheet 10 of 10
`
`US 7,665,118 B2
`
`/1036
`OPERA TING KEYS
`KEY RING
`Data Key (s)
`Policy Key ( d)
`Log key (e)
`Gatekeeper
`Authentication
`Update Key
`Heartbeat Log
`
`1038
`1040
`
`1042
`
`1044
`1046
`1048
`
`1018
`
`1020 PIN
`PASSWOR
`1022
`PHRAS
`CHALLENGE
`
`1024
`
`1016
`. /
`ROOT KEY= (RKi-- 1026
`Epin(RK)
`1028
`Epw(RK)
`1030
`Epp(RK)
`Ecr(RK)
`RNa
`
`1034
`
`1032
`
`/1002
`KEY FIELDS (x5.O9)
`SW
`DATE
`WHO
`LENGTH
`KEY
`Cyclic
`Redundancy
`Check
`
`1004
`1006
`1008
`1010
`1012
`
`1014
`
`ENCRYPT
`
`1050
`
`POLICIES
`
`FIG. 10
`
`MOBILE DEVICE
`STORAGE
`
`1054
`
`1052
`
`1056
`
`POLICY
`PACK
`
`..___ __ __,
`
`}
`
`ENCRYPT
`WITH
`POLICY
`KEY
`
`ENCRYPT
`WITH
`ROOTKEY
`
`}
`
`KEY
`MATERIAL
`PACK
`
`..___ __ __,
`t
`
`LOGS
`
`1058
`
`PUSHED OR PULLED FROM SERVER TO
`SHIELD THROUGH GATEKEEPER
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 012
`
`
`
`US 7,665,118 B2
`
`1
`SERVER, COMPUTER MEMORY, AND
`METHOD TO SUPPORT SECURITY POLICY
`MAINTENANCE AND DISTRIBUTION
`
`BACKGROUND
`
`2
`increased demand on the enterprises ability to manage and
`enforce corporate security on mo bile devices. Many informa(cid:173)
`tion technology (IT) departments do not know how many
`non-company issued devices are currently being used by
`5 employees. They have no tools to restrict these devices from
`accessing corporate data. Simply put, current IT departments
`are not equipped to respond to the emerging computing stan(cid:173)
`dard of the mobile device.
`Accordingly, there is a need for an improved system and
`10 method of handing security policies with respect to mobile
`devices.
`
`SUMMARY
`
`1. Field of the Invention
`The present application relates to systems and methods of
`distributing and enforcing security policies.
`2. Description of the Related Art
`The use of mobile devices, such as personal digital assis(cid:173)
`tants (PDAs), in corporate environments is projected to grow
`significantly over the next 3-5 years. These smart devices are
`increasing in diversity and capability as well as number.
`These devices offer a unique blend of lightweight mobility, 15
`convenience and functionality providing an instant-on access
`to information such as email, calendar, address book and
`other documents. Many enterprises are developing or have
`deployed special applications for mobile devices that trans(cid:173)
`form the platform into a mission critical tool and repository 20
`for sensitive corporate data.
`As a result, mobile devices have become indispensable
`tools for business communications. The use of these devices
`is expected to grow rapidly according to industry experts.
`The prevalence and power of mobile computing devices 25
`and the increasing availability of wireless connectivity rep(cid:173)
`resents a paradigm shift in how people will use computers and
`access data. The current use and diversity of these devices are
`impacting the integrity of corporate IT infrastructures in
`many ways. These devices connect to the corporate network 30
`in multiple, unsecured and difficult to monitor transient ways.
`Cradles are used to 'synch' the devices to laptops or desktops
`using serial or USB lines. Modems and wired or wireless
`networks are used. Cell phones are converging with PDAs to
`provide a new generation of devices that may access corpo- 35
`rate data in an expanding network of advanced cellular access
`points. Finally, since these devices have significant storage,
`computing power and operate in a connected and discon(cid:173)
`nected mode, security management and control of these
`devices remains an important challenge.
`Mobile devices provide an "open door" into the enterprise,
`especially if lost or stolen. A variety of sensitive information
`may reside on these devices including passwords and access
`codes for most corporate databases, network files and appli(cid:173)
`cations. These pocket-size devices have become the "pass- 45
`word sticky note" of the 21st century. In a wireless "always(cid:173)
`on" world, these devices can enter and exit numerous
`unknown and ad hoc networks in a single day. At industry
`tradeshows, cyber-cafes or industry networking environ(cid:173)
`ments, corporate data is especially exposed to unauthorized 50
`access.
`These devices have become large walking repositories for
`business confidential information. Mobile professionals fre(cid:173)
`quently synch or copy proprietary corporate information
`from laptops, such as financial results, launch plans, person(cid:173)
`nel information, client records or application specific infor(cid:173)
`mation. The large memory capacity of mobile devices and the
`plummeting price of after market memory cards make it more
`likely that users will store additional information on their
`devices.
`The emerging corporate use and capabilities of these
`devices make unique challenges for an enterprise scale
`mobile security solution. Because mobile devices often oper(cid:173)
`ate in a disconnected mode, on-device policy enforcement is
`required.
`The number of mobile devices entering the enterprise and
`the complexity of the security requirements is placing an
`
`In a particular embodiment, a server module deployed on a
`server that is connected to a wireless network access node is
`disclosed. The server module includes a database containing
`user information for multiple wireless devices. Each element
`in the database is attributable to at least one authorized wire(cid:173)
`less device and contains at least one type of data file from the
`following group: (i) wireless connectivity permissions, (ii)
`authorized wireless device identification, and (iii) authorized
`network access node information.
`In another embodiment, a computer memory is disclosed.
`The computer memory includes a plurality of operating keys
`for use in connection with security features of a mobile com(cid:173)
`puting device and a root key. The root key is to encrypt the
`plurality of operating keys.
`In another embodiment, a method of enforcing security
`policies at a mobile computing device is provided. The
`method includes receiving a policy at the mobile computing
`device and enforcing the policy at the mobile computing
`device by disallowing a user of the mobile computing device
`from engaging in the use precluded by the use limitation. The
`policy includes at least one device use limitation.
`In another embodiment, a security method is provided. The
`security method includes receiving a password from a user of
`a mobile computing device; deriving a security code from the
`password by applying a non-linear function; and encrypting
`the security code using the password as an encryption key.
`In another embodiment, a method of selectively providing
`a mobile computing device with access to a software appli(cid:173)
`cation on a server is provided. The method includes receiving
`a request to access the software application from the mobile
`computing device and determining whether to grant access to
`the software application by checking whether the mobile
`computing device has an installed security program.
`In a further embodiment, a method of updating policies and
`key materials is provided. The method includes providing a
`shared encryption key that is shared by a server and a client
`module; encrypting data on the client using the shared
`encryption key; authenticating a user of a mobile computing
`device by receiving a password, where the client is resident at
`55 the mobile computing device; decrypting the shared key
`using the password; using the shared key to decrypt updated
`policies and key materials; and replacing policies and key
`materials at the mobile computing device with the updated
`and decrypted policies and key materials.
`
`40
`
`60
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG.1 is a block diagram of an embodiment of a system for
`use in providing security policy distribution and mobile
`65 device management.
`FIG. 2 is a block diagram of an embodiment of a server
`within the system of FIG. 1.
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 013
`
`
`
`US 7,665,118 B2
`
`3
`FIG. 3 is a general diagram that illustrates software layers
`within the server of FIG. 2.
`FIG. 4 is an illustrative screen shot of an administrative
`user interface for use with the server of FIG. 2.
`FIG. 5 is a block diagram that illustrates functional ele(cid:173)
`ments within the gatekeeper of FIG. 1.
`FIG. 6 is block diagram that illustrates elements within the
`shield application of the system of FIG. 1.
`FIG. 7 is a flow chart that illustrates installation of the
`shield security application onto mobile devices.
`FIG. 8 is a flow chart that illustrates a method of updating
`policy information and distributing the updated policy infor(cid:173)
`mation to a mobile device.
`FIG. 9 is a flow chart that illustrates another method of
`updating policy information and distributing the updated
`policy information to a mobile device.
`FIG. 10 is a diagram that illustrates key materials and
`specific key field formats for use with encryption of policy
`information.
`The use of the same reference symbols in different draw(cid:173)
`ings indicates similar or identical items.
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`Referring to FIG. 1, a system 100 for use in enterprise
`security management is disclosed. The system 100 includes a
`server 102, a gatekeeper 104, and a client device module 106.
`The client device module 106 that is used to provide security
`functionality is also referred to as a shield. The system 100 is
`a comprehensive enterprise security management software
`platform for diverse mobile operating systems, applications
`and devices. The system 100 enables an organization to
`secure and manage mobile devices easily and cost effectively.
`The server 102 integrates with existing security policy man(cid:173)
`agement systems and allows administrators to centrally cre(cid:173)
`ate new mobile security policies by extending existing secu(cid:173)
`rity policies and to distribute them to a diverse population of
`mobile devices. The server 102 and gatekeeper 104 work
`together to automatically and securely push these security
`policies to a specified mobile device. The shield 106 is a
`trusted computing environment on the mobile device that
`enacts and enforces the distributed security policies, controls
`access to the mobile device, and provides data security.
`The server 102 may be implemented as a web-based appli(cid:173)
`cation server that provides central creation and management
`of mobile security policies. The server 102 is preferably
`implemented with portability, scalability and maintainability
`in mind using industry standards such as Java, XML and other
`advanced web technologies. To provide easy control and
`accessibility, an administrative interface to the server 102 is
`provided through a secure browser interface allowing the
`simple delegation of responsibilities and access by any work(cid:173)
`station or PC on a local network connected to the server 102.
`A consolidated LDAP directory (CLD) technique may be
`used to integrate the server 102 with existing enterprise secu(cid:173)
`rity infrastructure, such as an existing identity database 108.
`Existing policy and identity management systems are inte(cid:173)
`grated through a real-time interface to directory resources. A
`layer in the server 102 provides a consolidated view of the
`external LDAP services and extends these services through
`policy inheritance and over-riding. As a result, existing iden(cid:173)
`tity directories, such as directory 108, can be used without
`copying data and without changing the data schemas of the
`existing enterprise security systems.
`The data passed to the gatekeeper 104 and subsequent
`mobile devices 106 is derived from security role and is pro(cid:173)
`tected through a combination of secure socket layer (SSL)
`
`4
`and data encryption. Mobile security policies are formed
`using the administration interface 110, which is coupled to
`the server 102 via interface 112, to set and extend policies in
`a consolidated directory ( e.g., LDAP). Once policies are set,
`5 a policy package is generated for each user within a role,
`encrypted with the specific users' encryption key, and for(cid:173)
`warded to the gatekeeper 104 for installation on the target
`mobile device 106. Policy package encryption forms a main
`pillar of system security. Additionally, SSL communication is
`10 used for added privacy and authentication between the server
`102 and the gatekeeper 104 over the secure interface 114. The
`system 100 is designed for robust security management to
`provide many advanced security features including: central(cid:173)
`ized management of disconnected devices, automatic ver-
`15 sioning and distribution of policies, role-based policy cre(cid:173)
`ation and management, seamless integration with existing
`role repositories and security infrastructure, delegated secu(cid:173)
`rity management, separation of administrative duties, auto(cid:173)
`matic retrieval of device audit logs, consolidation, alerting
`20 and reporting, and mobile device management.
`The gatekeeper 104 may be implemented as a security
`management software agent that forms a virtual security layer
`on existing, third party synchronization systems, such as
`HotSync, ActiveSycn, and ScoutSync.A function of the gate-
`25 keeper 104 is to receive policy packages from the server 102
`and install the packages on target mobile devices 106. The
`gatekeeper 104 operates in two modes to support local and
`network synchronization. In local mode, the gatekeeper 104
`executable operates on desktop and laptop computers form-
`30 ing a security layer on top of personal synchronization tools.
`In network mode, the gatekeeper 104 executable operates on
`an enterprise server and forms a security layer on top of a
`network synchronization application. When the gatekeeper
`104 is deployed, mobile devices 106, such as personal digital
`35 assistants (PD As), are required to authenticate and to request
`permission to synchronize before the third party data syn(cid:173)
`chronization tool is allowed to launch. Additionally, the gate(cid:173)
`keeper 104 provides for automatic installation of the mobile
`shield on specified PDAs, application configuration, update
`40 and patch management, mobile device configuration man(cid:173)
`agement, monitoring, management, and control access to
`synchronization application, and distribution of device poli(cid:173)
`cies, permissions and configurations.
`The mobile device application, i.e., shield, 106, may be
`45 implemented as a trusted computing environment operating
`as a software layer on top of the mobile device operating
`system. Security policies are received from the gatekeeper
`104 using a two-way authentication process. The policies are
`used by agent software at the mobile device to encrypt data,
`50 and to monitor and control device access, device peripherals,
`and device software and hardware operations. The mobile
`device trusted environment approach provides many security
`features, including: on-device policy enforcement whether
`connected or disconnected, mandatory access control, data
`55 encryption with secure recovery, mandatory synchronization
`authentication, controlled application access and use, control
`over hardware ports-infrared (IR), compact flash (CF), uni(cid:173)
`versal serial bus (USB), secure digital (SD), multiple pro(cid:173)
`files-personal and business, and secure audit logs. Sample
`60 devices that may accept shield software include personal
`devices made by Palm, Handspring, Sony, Compaq iPaq, and
`the HP Jornada 500 series.
`To summarize, all three major components of the system
`100 interoperate substantially seamlessly and transparently to
`65 the user to enable a secure mobile environment without mate(cid:173)
`rially deterring from the user's experience. The server 102
`virtually consolidates external LDAP identity and policy data
`
`MOBILEIRON, INC. - EXHIBIT 1005
`Page 014
`
`
`
`US 7,665,118 B2
`
`25
`
`5
`to integrate to existing security infrastructure. The adminis(cid:173)
`trative tools on the server 102 allow policy packages to be
`automatically formed and distributed to each mobile device
`106. The gatekeeper 104 monitors synchronization and
`installs the shield software and policy packages on targeted 5
`devices. Finally, the shield forms a trusted computing envi(cid:173)
`ronment by forming a security layer on the mobile operating
`system to enforce the policies originating from the server 102.
`The complete system 100 forms a comprehensive, enterprise
`scale mobile security management system.
`The system 100 includes components that integrate to
`external systems. To support a large customer base, multiple
`platforms are supported for each component. The following
`sample list identifies illustrative devices and software plat(cid:173)
`forms for integration. At the server 102, the windows2000 15
`operating system, an LDAP of MS Active Directory System
`(ADS), Critical Path, or iPlanet flat files, and the Explorer
`version 5.0+ browser. At the gatekeeper 104, compatible
`operating systems include Win98, WinNT 4.0, Win2000,
`WinXP, compatible data synchronization software includes 20
`HotSync, ActiveSync version 3.1+, server operating system
`of Win2000, and the network synchronization of ScoutSync
`version 3.5+. For the shield, the supported operating systems
`include PocketPC 2000, PocketPC 2002, and device OS ver(cid:173)
`sion 3.5+.
`The server 102 is constructed using enterprise scale server
`technology, such as federated webservices to provide scal(cid:173)
`ability servers and portability of functions, model-view-con(cid:173)
`troller (MVC) web interface techniques to provide maintain(cid:173)
`ability and speed, and consolidated LDAP Directory (CLD)
`technology to provide compatibility and reduce installation
`and administrative costs in existing security infrastructures.
`The server 102 architecture is integrated through a web
`service paradigm, as illustrated in FIG. 2. This paradigm is an
`industry recognized best practice for developing and integrat(cid:173)
`ing enterprise web applications. The web service paradigm is
`a loosely coupled architecture of processes that is flexible,
`allows additional functions, and allows replacement of serv-
`ers as well as increased scale through load balancing and
`additional servers.
`The core of the web services approach is in the ability to
`expose or advertise services through a consolidating inter(cid:173)
`face. Referring to FIG. 2 many of the key functions of the
`server 102 such as access control, audit log and security
`policy management are implemented as individual Java
`"applications" and advertised or exposed to the internal local
`area network (LAN) as services. These "applications" oper-
`ate as web services. Each service can be run as a process or
`thread on a shared server, on separate servers or in combina(cid:173)
`tions on fewer servers. Scalability and load balancing is 50
`achieved by running multiple threads of a service on a single
`server or on a cluster of servers. Maintenance is simplified by
`supporting the ability to move services between servers and to
`replace servers dynamically.
`The federating web service in FIG. 2 is a proxy type of 55
`service that consolidates the internally advertised services
`and provides the corresponding service to an external user
`through a hyper-text transfer protocol (HTTP) interface. The
`federated web service consolidates internal services by
`proxying the functionality to external users. The location of 60
`the services is specified in a service table or configuration file
`formatted with eXtensible markup language (XML). Service
`management is an advantage to the federated services
`approach. Only a single URL needs to be maintained to
`provide service to a scalable cluster of servers and services. 65
`The federating service has the ability to route application
`calls dynamically to perform load balancing. Scalability of
`
`6
`the federating service is achieved using multiple federating
`service servers and standard load balancing routers such as
`Cisco's LocalDirector router.
`The federating services and external users may be inte(cid:173)
`grated through industry standard scripting protocols XML
`(eXtensible Markup Language) and SOAP (Simple Object
`Access Protocol). XML is a markup language similar to
`HTML for web pages, while SOAP is composed with struc(cid:173)
`tures or sentences written in XML. With web services, XML
`10 is the alphabet that represents data while SOAP is the gram(cid:173)
`mar that defines the service call similar to a remote function
`call. Specifically, XML provides a tagged markup language
`that allows portable data representation between services.
`SOAP is an industry standard structure of XML tags that
`define calling sequences, parameter structures and result vari(cid:173)
`ables. These protocols are supported over the ubiquitous
`HTTP communication channels of the web.
`As a result, XML/SOAP allows an external application,
`such as the gatekeeper 104, to request a service as a single
`federated web service URL, to proxy the result to the actual
`web service and to provide the result back to the gatekeeper
`104. Privacy and authentication of the gatekeeper 104 can be
`achieved using SSL services by using the standard HTTPS
`protocol in place of HTTP.
`The administrator interface 112 is provided through use of
`a lightweight HTTP or web interface. Benefits of this con(cid:173)
`figuration includes wide availability of access from anywhere
`in the LAN, secure usage through SSL protocol, as well as
`simple delegation of responsibilities and separation of duties
`30 through authentication and access control.
`The server 102 uses the industry recognized best practice
`ofMVC programming model to implement the graphical u