Electronic device for selecting key to be used for encryption on basis of amount of information of data to be encrypted, and operation method of electronic device
US-12126718-B2 · Oct 22, 2024 · US
Validating the identity of an application for application management
US9838398B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9838398-B2 |
| Application number | US-201615006348-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 26, 2016 |
| Priority date | Mar 29, 2013 |
| Publication date | Dec 5, 2017 |
| Grant date | Dec 5, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: installing an application at a first location of a computing device, at least one token being embedded in the application; storing, at a second location of the computing device and separately from the application, application metadata comprising at least one corresponding token, wherein each of the at least one corresponding token corresponds to one of the at least one token embedded in the application; challenging the application to provide a response prior to granting the application access to a computing resource; obtaining the at least one corresponding token from the application metadata stored at the computing device; generating an expected response that is based, at least in part, on the at least one corresponding token obtained from the application metadata; comparing the expected response to the response received from the application; and either granting or denying the application access to the computing resource based on whether the expected response matches the response received. 2. The computer-implemented method of claim 1 , wherein: challenging the application to provide the response comprises challenging the application responsive to receipt, from the application, of a request to access the computing resource. 3. The computer-implemented method of claim 1 , wherein: challenging the application to provide the response comprises challenging the application responsive to a launch of the application at the computing device. 4. The computer-implemented method of claim 1 , wherein: generating the expected response comprises generating an expected application signature for the application. 5. The computer-implemented method of claim 4 , wherein: generating the expected application signature further comprises obtaining at least one first corresponding token from the application metadata. 6. The computer-implemented method of claim 5 , wherein: generating the expected application signature further comprises deriving at least one second token from the application. 7. The computer-implemented method of claim 6 , wherein: deriving the at least one second token comprises hashing a component of the application. 8. The computer-implemented method of claim 7 , wherein: the component comprises one of a binary of the application, an icon of the application, or a framework of the application. 9. The computer-implemented method of claim 6 , wherein: generating the expected application signature further comprises arranging, in a predetermined order, the at least one first corresponding token and the at least one second token. 10. The computer-implemented method of claim 4 , further comprising: providing a nonce to the application; wherein generating the expected response further comprises generating an expected hash value based on the application signature and the nonce; and wherein comparing the expected response to the response received from the application comprises comparing the expected hash value to a hash value received from the application. 11. A computer-implemented method comprising: receiving, at an application installed at a first location of a computing device, a challenge to provide a response prior to obtaining access to a computing resource; generating, by the application, a response that is based, at least in part, on a token embedded in the application; providing, by the application, the response for comparison to an expected response that has been generated based, at least in part, on a corresponding token obtained from application metadata stored at a second location of the computing device separately from the application installed at the computing device, wherein the corresponding token obtained from the application metadata corresponds to the token embedded in the application; and obtaining, by the application, access to the computing resource responsive to a determination that the expected response matches the response provided by the application. 12. The computer-implemented method of claim 11 , wherein: generating the response comprises generating, by the application, an application signature. 13. The computer-implemented method of claim 12 , wherein: generating the application signature comprises extracting, by the application, the token embedded in the application. 14. The computer-implemented method of claim 13 , wherein: generating the application signature comprises deriving at least one second token from the application. 15. The computer-implemented method of claim 14 wherein: deriving the at least one second token comprises hashing a component of the application; and the component comprises one of a binary of the application, an icon of the application, or a framework of the application. 16. The computer-implemented method of claim 14 , wherein: generating the application signature comprises arranging, in a predetermined order, the token extracted from the application and at least one of the second tokens. 17. The computer-implemented method of claim 12 , further comprising: receiving a nonce; and wherein generating the response further comprises generating a hash value based on the application signature and the nonce; and wherein providing the response for comparison to the expected response comprises providing the hash value to an expected hash value. 18. A computer-implemented method comprising: embedding a token in an application; providing, to a computing device for storage at a first location of the computing device, application metadata comprising a corresponding token that corresponds to the token embedded in the application; including, in the application, a management framework that configures the application to: (i) generate, in response to receiving a challenge, a response that is based, at least in part, on the token embedded in the application, and (ii) provide the response for comparison to an expected response that has been generated at the computing device based, at least in part, the corresponding token that has been obtained from the application metadata stored at the computing device; and providing the application to the computing device for installation at a second location of the computing device and separately from the application metadata. 19. The computer-implemented method of claim 18 , wherein: the management framework configures the application to generate the response by generating an application signature based, at least in part, on the token embedded in the application. 20. The computer-implemented method of claim 19 , wherein: the management framework configures the application to generate the application signature by extracting the token embedded in the application and arranging, in a predetermined order, the token extracted from the application and at least one second token derived from the application.
Assignees
Inventors
Classifications
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Program or device authentication · CPC title
Test or assess software · CPC title
- G06F21/33Primary
using certificates · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9838398B2 cover?
- A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate th…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/33. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).