WO2015078500A1 - Method and system for secure execution of web applications for mobile devices - Google Patents

Method and system for secure execution of web applications for mobile devices Download PDF

Info

Publication number
WO2015078500A1
WO2015078500A1 PCT/EP2013/074938 EP2013074938W WO2015078500A1 WO 2015078500 A1 WO2015078500 A1 WO 2015078500A1 EP 2013074938 W EP2013074938 W EP 2013074938W WO 2015078500 A1 WO2015078500 A1 WO 2015078500A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure
thin
server
web application
application
Prior art date
Application number
PCT/EP2013/074938
Other languages
French (fr)
Inventor
Jetzabel Maritza SERNA OLVERA
Marcel MALET ABULI
Original Assignee
Fundació Privada Barcelona Digital Centre Tecnològic
Caixabank S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fundació Privada Barcelona Digital Centre Tecnològic, Caixabank S.A. filed Critical Fundació Privada Barcelona Digital Centre Tecnològic
Priority to PCT/EP2013/074938 priority Critical patent/WO2015078500A1/en
Publication of WO2015078500A1 publication Critical patent/WO2015078500A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present invention relates generally to the field of mobile applications, and in particular, to the secure execution of remote web applications for mobile devices.
  • a further problem is that a complete security evaluation of applications is not currently performed, nor intended, in any of the current application markets. Even though it is strongly recommended to limit sensitive information, and to carefully choose the applications to be stored and executed on a mobile device, the number of malware attacks and identity thefts is on the rise.
  • the client-server system comprises a set of security components that enables the remote execution of mobile web-based applications in a secure manner wherein any sensitive information is treated and stored in a remote and secure environment under the service provider's control.
  • One of the security components of the client-server solution is the delegation of the responsibility for guaranteeing security to the service provider.
  • This enables the service provider to locate its services in any location that it considers to be a controlled and secure environment.
  • Such trusted environment could be private and locally based, it could be private and remotely based, or it could be a trusted external provider (cloud service provider).
  • cloud service provider a trusted external provider
  • the necessary secure access is provided regardless of the client-side security vulnerabilities that are currently present in the mobile device.
  • the set of applications provided by the service provider containing sensitive information for both final users as well as the service provider, is executed in a controlled environment under its responsibility and control.
  • the invention provides methods and devices that implement various aspects, embodiments, and features of the invention, and are implemented by various means.
  • the various means may comprise, for example, hardware, software, firmware, or a combination thereof, and these techniques may be implemented in any single one, or combination of, the various means.
  • the various means may comprise processing units implemented within one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable gate arrays
  • processors controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.
  • the various means may comprise modules (for example, procedures, functions, and so on) that perform the functions described herein.
  • the software codes may be stored in a memory unit and executed by a processor.
  • the memory unit may be implemented within the processor or external to the processor.
  • FIG. 1 depicts a client-server architecture according to one embodiment of the invention.
  • FIG. 2 depicts a client mobile device according to one aspect of the invention.
  • FIG. 3 depicts more details of the client-server architecture.
  • FIG. 4 depicts a signaling diagram for downloading and activating a trusted component according to one aspect of the invention.
  • FIG. 5 depicts a signaling diagram for downloading and activating a thin client according to another aspect of the invention.
  • Fig. 7 depicts a method of downloading and activating a trusted component according to one aspect of the invention.
  • Fig. 8 depicts a method of downloading and executing a thin client according to another aspect of the invention.
  • FIG. 9 depicts more details of the remote secure server.
  • FIG. 1 depicts a system according to one embodiment of the invention comprising a client-server architecture 100 able to provide secure and remote execution of web applications for mobile devices 140.
  • System 100 comprises at least one mobile device 140 communicating via a communications network 130 to the secure service provider's network 1 10.
  • the communications network 130 is commonly the Internet, however it could be any other combination of public or private access and backbone networks able to provide a communication link between any one mobile device and the server it is communicating with.
  • the service provider's network 1 10 comprises at least one service provider server 120.
  • the mobile devices are clients and are being served by the service provider servers with security components according to the invention.
  • Secure interaction is provided by the provision, from the service provider server to the mobile device, of at least two components.
  • the first component the trusted component
  • the second component the thin client, is provided which enables interacting with components of the secure service provider for performing mobile application functions.
  • the trusted component comprises a computer application to be executed on the client mobile device allowing access to a remote secure application server.
  • the mobile application is not a fully self-contained program or software residing completely on the mobile device.
  • the mobile application's functions are emulated by the thin client in a transparent manner, such that the final user experiences no difference with respect to mobile application fully downloaded and run on the device.
  • any information which might be considered sensitive for the user or the service provider is managed and controlled at the service provider server, and exchanged with the mobile device only as far as necessary for the user's knowledge and interaction.
  • the system's main focus is for service providers (for example, financial institutions, e-commerce companies, or hosts of sensitive and/or confidential information) to remove their applications from a hostile environment to a controlled environment, completely independent from the level of trust of hosts.
  • service providers for example, financial institutions, e-commerce companies, or hosts of sensitive and/or confidential information
  • the rationale behind the proposed architecture is for service providers to offer a set of specific customer oriented services in the form of mobile web applications that are to be executed in a controlled environment by the service providers themselves where potential threats to mobile devices cannot affect the client-server communications or transactions.
  • One of the main advantages is that secure access is provided whilst the performance level and quality of service levels are maintained. Hence real time application updates and/or maintenance are continued without any loss in performance.
  • Secure web applications are owned and managed by a service provider and offered via remote execution in order to minimize the exposure to malicious software attacks at the client device and to avoid affecting operations between clients and service providers. Additionally, the trusted component establishes further secure communications with the service provider, guaranteeing a closed secure link between the mobile device and the secure server prior to the provision of the thin client for executing the secure web application.
  • the trusted component once executed on the mobile device, is configured for establishing the secure channel and collecting and transmitting to the secure server information regarding the mobile device's inherent vulnerabilities, and security related data. Based on this information the secure server determines whether it is safe enough to activate the trusted component for the particular mobile device. Only upon activation is the trusted component allowed to continue operation enabling the subsequent provision of the thin client for secure remote interaction.
  • FIG. 2 depicts a mobile device 200 comprising a Rich Operating System 220 and a secure environment 230.
  • the trusted component and thin client are transmitted from the secure server and installed in the secure environment 230 of the mobile device.
  • the secure environment is seen as an isolated environment independent of the Rich OS, and it provides isolated and secure execution of the other components that are provided only once and are in charge of allowing further communications with the service provider's network.
  • the trusted component 240 allows the client device to establish the secure communication needed to access services hosted in the server, and in particular, to download and execute the thin client.
  • the trusted component is finally received by the mobile device.
  • One manner is direct download to the device, either over-the-air or via pre-installation during device activation.
  • Another manner is indirectly through a different distribution channel, such as trusted third-party content providers (such as App Store, or Google Play).
  • trusted third-party content providers such as App Store, or Google Play.
  • the trusted component is generated and delivered from the secure service provider to a mobile device, in order to setup a secure channel allowing safe thin client delivery and remote browsing using the generated secure channel.
  • the trusted component also provides a risk indication about the device in question.
  • the trusted component In case the device does not pass the risk test, the trusted component is not activated, and no further exchange takes place with the risky device.
  • the trusted component In case the user-related and device-related data received by the secure server via the trusted component results in a positive risk determination, and it is determined that the device is in fact safe, the trusted component is activated and a thin client delivered using the generated secure channel.
  • the secure server delivers the thin-client to be executed in the device, also within the secure environment 230.
  • the thin client provides the components needed to launch web- based mobile applications from the service provider in a transparent manner. Due to the secure link and this additional secure environment applications are executed in a highly secured virtual environment controlled by the service provider, where the user needs not to worry about the security risks, and in this way, avoiding the exposure to malicious software attacks.
  • FIG. 3 depicts the client-server architecture in more detail, comprising the mobile device 130 and the service provider's network 1 10.
  • This figure depicts the state of the system once both the trusted component 310 and the thin client 320 have been downloaded onto the mobile device 130.
  • both components are hosted within the mobile device's secure environment 230. Therefore any of the components of the trusted component or thin client profit from the inherent security provided by the secure environment, which generally comprises software and tamper resistant hardware and which is mainly used to stored electronic signatures, and has a secure data storage.
  • the trusted component of the mobile device comprises a host monitoring component 312, a secure communications component 314 and a secure authenticator 316. These components communicate with the secure service provider 1 10 to establish secure communications, report anomalies detected in the mobile devices and ultimately request thin-clients to provide user access to sensitive applications hosted by the secure service provider.
  • the service provider's network 1 10 may comprise, in addition to at least one secure server 390, an access control manager 340, a connection manager 350, an anomaly detector 360, a client generator 370, and a monitoring tool 380.
  • Each secure server 390 comprises a web application instance 392 as well as a host destination checker 394.
  • the mobile device comprises a secure environment 230, which is a component able to isolate itself from the Rich OS with the main objective of providing protection against attacks, in particular for executing applications in a secure manner.
  • the secure environment mainly comprises a combination of software and hardware components, offering a high level of protection and capable of providing an isolated application execution, and access to secure components such as keyboard, display and data storage. Examples of such environments could be the Trusted Execution Environment from Global Platform, the Samsung Knox Container, a mobile-based micro-visor or a secure and ciphered environment for application storage and execution.
  • the function of the trusted component 310 is guaranteeing the integrity and security of the communication link between the mobile device and secure server.
  • the trusted component is downloaded only once it is stored and executed in the secure environment 230. Although the trusted component is downloaded only once, it is constantly updated by the service provider to ensure its security and integrity.
  • the trusted component limits the protocols accepted within the network so that, for instance. HTTP and HTTPS connections are allowed, but SSH protocol might be blocked, in order to avoid possible intruders to remotely connect to any device.
  • traffic is encapsulated using a tunneling protocol. Tunneling enables communication to be encapsulated inside a permitted protocol, so that the information exchanged between the thin-client and the secure server system will not be discarded by network policies. For instance, going back to the previous example, traffic could be HTTP-encapsulated, since the HTTP protocol was permitted by the policies in place.
  • a bi-directional communication link is setup between the thin-client and the web application instance while a session is active. While acting as the single communication interface to the secure server system, internal elements are hidden from direct access.
  • server IP addresses are replaced by other proxy addresses, thus effectively hiding the inner network's addressing data as well as the possibility to discover its internal structure.
  • the trusted component requests a thin-client, or thin application, from the service provider.
  • the trusted component performs an integrity check of the thin-client before the thin-client is executed on the device, thereby ensuring it is being provided from a trusted source, and not a hoax, of result of a malware attack.
  • the function of the host monitoring component 312, or means for monitoring the host is monitoring the behavioral patterns of the mobile device.
  • the host monitoring component will report any anomaly or changes detected in the device which are related to the protection of the other components of the secure environment.
  • the host monitoring component's server-side counterpart is the anomaly detector 360.
  • the host monitoring component detects and generates traces, which optionally after compression, are transmitted via encrypted channel 326 to the anomaly detector.
  • the anomaly detector uses this information to ensure the integrity of the secure communications link, or of the execution environment, by updating parameters of the trusted component or thin client.
  • the function of the secure communications component 314, or means for secure communications, is establishing secure communications with the secure service provider 1 10. This additional security provides a guaranteed seal against attacks because the thin client is downloaded within the context of this secure channel, and once executed, data enabling interaction and monitoring of the web application is also exchanged within the context of this secure channel.
  • the secure communications component works together with the secure service provider via communication link in order to access the web application, resulting in a remote and virtualized execution of the web application to be accessed by the user's mobile device.
  • the function of the secure authenticator 316 is generating valid credentials to be able to authenticate the client ' s mobile device to the secure service provider. These credentials can be generated as a one-time password OTP code or an electronic signature.
  • the function of the thin client 320 also known as a one-time application launcher, or means for application launching, is to enable the provision of web application interaction to the final user in a secure and optimized manner.
  • the thin client is code-signed, generated and provided by the secure service provider. Therefore originally it does not exist or reside as such in any of the computing devices.
  • the thin client is valid for a limited period of time and communicates with its server-side counterpart, the secure server 390, which runs a corresponding virtual application session.
  • the virtual application session is configured to communicate with the thin client also during the same limited period.
  • the thin client is configured to open only one identified session communicating with only one specific application hosted in the secure server based on the identified customer and user's device characteristics. The integrity of the thin client is validated using a session key.
  • the thin-client Since the thin-client substitutes a standard locally-run application, however with the most sensitive components run at the secure service provider, it has to be created and downloaded for every new session or expiry of the determined time limit. Therefore the size of the thin client is minimized to assure usability and enable repeated downloading and client execution with minimum impact to network resources as well as the mobile device's processing resources or the user's navigating experience.
  • the thin client is downloaded with a session key, comprised in its code, to map to the corresponding virtualization of the application at the secure server.
  • a session key comprised in its code, to map to the corresponding virtualization of the application at the secure server.
  • the session key is provided.
  • the session key is generated at the server side based on the device and client/customer's characteristics, timestamp. validity period and virtualization used for that particular session.
  • the session key is generated and included in the thin client by the secure service provider.
  • the secure service provider 1 10 can be placed in the service provider' own internal network, or its own private external cloud network, whilst being managed by their own network administrator. On the other hand it can also be placed in a publicly available (non-private) external cloud service provided by a trusted party, so that it is used to provide secure access to the web applications. This is possible since the security provided by the client- server architecture is not only independent of the user's vulnerabilities, but is also independent of the server's location, as long as the systems components are deployed as described. Therefore an administrator refers to both, the service provider's own administrator or one belonging to an external service.
  • the secure service provider 1 10 comprises at least one secure server 390, or secure server means, for every web application virtual session needed.
  • the secure service provider can interact with multiple mobile devices, or even with multiple thin clients within a single mobile device.
  • Each secure server comprises a web application instance 392, or remote application means, as well as a host destination checker 394, or host checking means.
  • the secure server requires session-based authentication with valid credentials identifying which user is willing to access the provided services. This authentication is performed by the access control manager as explained in the following. Once authentication is done via a secure communication channel, the secure server delivers a thin-client valid for a unique session, for a unique customer and for a limited lifetime. The lifetime may be as short as only a few seconds or minutes.
  • Each web application instance comprises either one secure remote browser to access a web application or a remote instance of the cloned device running the mobile application. The number of web application instances will correspond to the number of users simultaneously accessing the sensitive applications.
  • FIG. 9 depicts more details of the secure server 390 comprising two main components for offering the services being run on the mobile device.
  • the first component corresponds to a secure browsing instance 910 which is a virtual instance executing a browser.
  • the second component corresponds to a cloned device instance 920 which is a virtual instance, or emulator, that corresponds to the user's mobile device.
  • it is a virtual instance "emulating" the main features of the mobile device e.g. operating system, hardware components, libraries, and the mobile application itself. Both instances are executed remotely and in a secure and transparent manner. In both cases the connection manager is responsible for managing the virtual instances (secure server instances).
  • the secure server 390 comprises at least one web application instance depending on the number of simultaneous sessions which are active. It additionally comprises physical hardware resources, and a host operating system, which could be Linux, Windows or any other OS, and an isolation layer that enables the server to create completely separate instances.
  • Each web application instance comprises isolated input/output resources, like network access or a file system.
  • Each environment corresponds to a specific user session and might contain either an instance of a secure browser instance which implements a remote browser access or a virtualized implementation of a cloned device running service provider mobile applications.
  • the web application instance temporarily offers the tools needed to access a mobile application and these tools are discarded after use.
  • the secure server of the present invention only requires the features specifically necessary to access a mobile web application.
  • offering complementary features, or different configuration options would pose a new risk, since these options would be available both to legitimate and malicious users. Reducing the available features reduces the attack surface and makes it easy to control the user's actions.
  • not including these extra features generally decreases memory consumption, enabling better scalable web application instance architecture and optimized use of computational resources.
  • the host destination checker 394 operates to allow or deny access to known destinations, such as the different services and/or applications provided by the service provider, and prevent unauthorized redirection to unknown IP or URL destinations.
  • the host destination checker prevents redirection to unknown URLs and/or IP destinations, as well as unauthorized access to URLs and/or IP destinations outside the application ' s domain and/or boundaries.
  • the secure service provider 1 10 comprises at least an access control manager 340, a connection manager 350, an anomaly detector 360, a client generator 370, and a monitoring tool 380.
  • the access control manager 340 has functions prior to the trusted component activation and after its activation. Prior to activation, the access control manager is configured to receive information sent from an executed trusted component in a new mobile device, and determine whether the mobile device is a safe or risky device. In case it is determined that it is a safe device, the trusted component is activated for further operation.
  • the access control managers is configured to identify the user and validate the corresponding credentials in order to deny or grant access to the provided services. Therefore it validates the session key or identifier provided by the thin-client 320 permitting secure information exchange, such as contextual information (geo-location, IP address, user profiling) provided by the host monitoring tool to the anomaly detector.
  • the access control manager authenticates users by verifying their credentials, it manages the access control to any service provided by the service provider network, and it will grant or deny access in correspondence to the user credentials and authorization levels.
  • the connection manager 350 or connection means, ensures the proper management of the web application instances in coordination with the client-side secure communications component 314.
  • the anomaly detector 360 receives from the host monitoring tool 312 all information related to anomalies or unusual behavior detected in the user client device. It also receives context information in order to estimate any possible anomalies with the current user session. Using this information and evaluation the connection manager is able to abort communications, perform a scoring from user and/or device, and ultimately block further communications with a given client. The scoring is done by the anomaly detector, with the information provided by the anomaly detector the connection manager takes the corresponding decisions, such as creating new instances, aborting communications, blocking further communications, and so on.
  • the thin client generator 370 or thin client generating means, generates the unique session-based thin-client to be delivered to the client. This component requires previous authentication, customer identification and secure establishment of the communication channel.
  • the generated thin-client is code- signed enabling integrity inspection once delivered to the user's mobile device.
  • the client generator comprises a code protector, or code protecting means, for generating a unique version of the thin-client by applying, among others, ciphering and obfuscation techniques.
  • the monitoring tool 380 or means for monitoring, monitors the status of the different components of the secure service provider and performs risk estimation in order to take further actions according to the estimated determined risk.
  • the client-server architecture operates in two linked phases.
  • a trusted component is downloaded onto the mobile device.
  • the trusted component sets up a secure channel between the mobile device and the secure service provider which is used for all exchange of data and information between the mobile device and the secure service provider. This channel is used to receive user-related and device- related information permitting a risk determination of the device.
  • the trusted component is activated for further operation.
  • a thin client is downloaded onto the mobile device through the secure channel.
  • the thin client deploys a number of components and performs a series of steps which permit the user of the mobile device to interact with a web application instance hosted on the server. This is done in such a manner that the whole process is transparent to the user, in the sense that the user experience is the same for this client-server architecture or a local download and execution of an application being fully run on the device itself.
  • a user willing to access mobile web applications offered by a particular service provider downloads the trusted component and completes the registration process.
  • the trusted component establishes communications with the service provider to continuously send current traces of user's and device's behavioral patterns.
  • the user will be able to launch the trusted component which is locally installed in the user's device. From the available applications shown in the GUI menu of the trusted component the user can select the desired/corresponding application.
  • the trusted component through the system authenticator, provides the corresponding credentials (credential can consist of single or two authentication factor), and pass them to the secure communication component, which in turn establishes a secure channel to communicate with the service provider.
  • the access control manager Upon reception the access control manager receives the request and performs credential validations. After successful credential validation the access control manager communicates with the communication manager which receives additional information from the anomaly detector as well as from the monitoring component.
  • a secure server web application instance is created, and based on several characteristics and parameters (for example client device fingerprint, timestamp, client credentials, virtual instance id, and so on) the thin-client is generated and delivered to the end user. The thin-client is valid for one specific session and client device.
  • the loaded secure virtual instance at the secure server is then ready to interact with the thin-client.
  • the trusted component downloads the thin-client and performs security and integrity checks. Once validated the thin-client is executed and, through the secure communications component which is responsible for establishing secure communications, establishes the session to interact with the web application instance.
  • the session key is provided in order for the session mapper to identify the corresponding virtual instance which will be isolated from others.
  • the web application instance renders the contents generated in the destination mobile web application. The contents are rendered in the form of images formatted according to the mobile device characteristics (known from the fingerprint), which are displayed by the user's secure display provided by the secure environment of the client device, in this way reducing considerably the processing to be performed by the client, and moreover adding security to the overall client-server transactions.
  • the thin-client therefore receives properly formatted images corresponding to the device's display characteristics, and therefore the client device will not process any additional code or locally store any additional sensitive information.
  • the thin-client is configured with the capability of retrieving instructions input by the user via the device's secure keyboard. These instructions are simply routed from the thin-client to the trusted component and from the trusted component to the web application instance allowing effective user interaction.
  • FIG. 7 depicts a method 700 of downloading and activating a trusted component according to one embodiment of the invention.
  • FIG. 4 depicts the corresponding signaling diagram 400. This embodiment represents the actions performed by the different components of the client-server architecture to perform the abovementioned first phase of trusted component download and execution.
  • the method starts in step 710, or 410, by a request from the mobile device 140 to the secure service provider for a mobile application.
  • the request comprises, amongst other information, the user's credentials.
  • the request is received by an access control manager 340 which performs a series of authentication checks.
  • One of the authentication checks is verifying 720 whether the user's credentials match those stored in a service provider database of registered and authorized users.
  • Another authentication check comprises storing 730 a copy of the device fingerprint, in case used for validation purposes, as described.
  • the access control manager coordinates with the connection manager 350 to generate a trusted component for delivery to the client device. Before delivery the access control manager associates the trusted component with the device. Subsequently, the trusted component is delivered 740, or 420, to the mobile device.
  • the trusted component has to undergo an activation procedure by the secure service provider.
  • the installation 750 process leads to a user registration procedure 760, wherein the user registers with the service provider so that corresponding additional validations 770 are performed.
  • the trusted source is not the service provider itself, but an external third party.
  • the trusted component can be requested from an external "valid" or "trusted” source such as an application market (such as currently existent App Store, or Google Play), or any other trusted third party.
  • the trusted component delivered by a third party is validated by the service provider before a web application service is enabled for the particular user and device.
  • the trusted component is activated 780 and an activation response sent 440 to the user. At this point the trusted component is ready for execution in order to grant access 790 to the secure service provider.
  • Fig. 8 depicts a method 800 of downloading and executing a thin client according to one embodiment of the invention.
  • FIG. 5 depicts the corresponding signaling diagram 500.
  • This embodiment represents the actions performed by the different components of the client-server architecture to perform the abovementioned second phase of thin-client download and execution.
  • the secure service provider delivers and maintains updates of the trusted component which serves as a gateway to access sensitive mobile applications hosted in the secure service provider. Therefore the secure service provider delivers a new virtual environment to the client device in each session. This is done by the secure server creating a virtual instance where the client device, instead of accessing a locally installed sensitive mobile application, accesses a remote instance of the mobile web application.
  • the method starts in step 810, or 510, by a request from the trusted component now being executed in the mobile device 140 to the secure service provider for web application access.
  • a client generator at the secure service provider After validating 815 the access, a client generator at the secure service provider generates 835 a virtual instance within a secure server environment together with its corresponding thin client.
  • the virtual instance may be a virtual browser instance or virtualized mobile application running an instance of the cloned device.
  • the thin client is delivered 840, or 520, to the mobile device.
  • the access validation comprises receiving 815 user credentials and the setting up 820 of a secure communications channel targeted for that user.
  • the mobile device also performs an integrity check 845 to make sure the thin client being received is not a fake client, and if positive 850, proceeds with the thin client installation and execution 855.
  • the thin client sets up a connection with its counterpart web application instance hosted on the secure server.
  • Each client-server instance or session has a corresponding session key in order for the session mapper to identify the corresponding virtual instance 860 which is isolated from others.
  • each web application instance is a virtual container running independently from other parallel-running instances. The data and processes running inside belong to one specific session and cannot be accessed from outside, and vice versa.
  • a container is an isolated environment that provides an abstraction of an operating system.
  • each container replicates an independent web application instance, which consists either on a replica from the mobile device running the collection of sensitive mobile applications, or a secure browser instance allowing web application access to the mobile device. This adds further security as the container environment prevents malicious attacks to other virtual environments since it will not be possible to automatically propagate throughout the server.
  • the session mapper will match the session identifier with the corresponding instance and will send the access response.
  • a positive access response is sent 540 to the mobile device. Exchange of information and data enable the user of the mobile device to perform the standard actions offered by the web application in a transparent manner.
  • the trusted component will work on the basis of the determined lifetime of the thin-client.
  • the last time interaction is checked 865 and it is determined 870 whether the pre-established timeout has been reached. In case positive, the process proceeds to shutting down 880 the service by cleaning up the secure environment at the client device and the secure server dismantling at the secure service provider, and notifying the client device of the termination of the service.
  • the web application instance renders the contents generated in the destination mobile web application in the form of images formatted according to the mobile device characteristics. These images are displayed by the device's display provided by the secure environment of the client device. In this way the processing necessary is minimized while security is maximized at the client side. In other words, the thin-client receives properly formatted images corresponding to the device's display characteristics, and therefore does not need to process any additional code or locally store any additional sensitive information.
  • the thin-client is configured with the capability of retrieving instructions input by the user via the device's keyboard or mouse (as the case may be). These instructions are simply routed from the thin client to the trusted component and from the trusted component to the web application instance running on the secure server, thereby allowing effective transparent user interaction.
  • a monitoring tool is downloaded and installed together with the trusted component.
  • the function of this tool is to collect 890 all types of evidence for anomaly detection (for example, permission patterns, operating system broadcast monitoring, user behavior patterns, and others), and continuously sends traces via the secure communications component to the secure service provider.
  • a trace is a message comprising historical and status information.
  • the secure service provider receives the traces and the anomaly detector analyzes them in order to make a risk assessment based on the scoring of the user/device, and furthermore take the proper decision such as trusted component temporary isolation, or permanent deactivation.
  • FIG. 6 depicts this process 600, wherein after successful installation and registration, the trusted component 310 continuously communicates with the secure service provider to provide 610 traces of different patterns detected in the client.
  • the anomaly detector 360 analyzes the anomalies detected and makes a risk assessment, based on which it associates a scoring to the client device to support decision making.
  • a response is sent 620 notifying the trusted component of the action to be taken, such as continuing normal operation, temporary isolation, or permanent deactivation.
  • the access control manager in conjunction with the connection manager, orchestrates the communication with the secure communications component of the trusted component in the client device in a secure and transparent manner.
  • the connection manager communicates with the monitoring tool which is in charge of monitoring resources and events of every instance and the overall system status.
  • the anomaly detector provides a scoring of the communicating device.
  • the invention provides additional security by implementing a client-server architecture consisting of a secure server providing a double component implementation wherein at first a trusted component, such as a secure client application, establishes secure communications after having determined the safe nature of the device, in combination with a second component, such as a thin-client, for enabling secure content delivery as the web-based mobile applications are remotely executed. Both components are generated and delivered from the service provider server. Upon installation, a set of parameters which uniquely link the trusted component to the environment where it has been installed are therefore used to generate the thin-client, in such a way that the thin-client will be linked to the trusted component.
  • a trusted component such as a secure client application
  • the secure web application is configured to communicate with the device at the server in order to provide a secure execution of web application via a virtualized environment containing either a browsing instance or device cloned instance running the web-based mobile applications for the end user.
  • the service provider server determines a lifetime of the thin-client which is based on the unique characteristics of the trusted component installation, which ensures the security of the overall remote execution session. Once the valid time indicated by the lifetime expires, the trusted component is not able to provide access to the remote applications, and thin client stops executing, unless the lifetime is refreshed, updated, or a new lifetime assigned and linked to both components.
  • the various means may comprise software modules residing in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • the various means may comprise logical blocks, modules, and circuits may be implemented or performed with a general purpose processor, a digital signal processor (DSP), and application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general- purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • the various means may comprise computer-readable media including, but not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips, etc.), optical disks (e.g., compact disk (CD), digital versatile disk (DVD), etc.), smart cards, and flash memory devices (e.g., EPROM, card, stick, key drive, etc.).
  • various storage media described herein can represent one or more devices and/or other machine- readable media for storing information.
  • the term "machine-readable medium" can include, without being limited to, various media capable of storing, containing, and/or carrying instruction(s) and/or data.
  • a computer program product may include a computer readable medium having one or more instructions or codes operable to cause a computer to perform the functions described herein.

Abstract

The invention provides methods and apparatus, in a client-server architecture, for service providers to offer a set of specific customer oriented services in the form of mobile web applications that are to be executed in a controlled environment where potential threats to mobile devices cannot affect the client-server communications or transactions. The controlled environment comprises secure web applications owned and managed by a service provider and offered via the execution of a remote browser within a secure communication channel specifically setup taking into account the client's characteristics. Therefore exposure to malicious software attacks are minimized at the client device as well as threats to mobile devices cannot affect the client-server communications or transactions between clients and service providers.

Description

METHOD AND SYSTEM FOR SECURE EXECUTION OF WEB
APPLICATIONS FOR MOBILE DEVICES
TECHNICAL FIELD
[001] The present invention relates generally to the field of mobile applications, and in particular, to the secure execution of remote web applications for mobile devices.
BACKGROUND OF THE INVENTION
[002] The use of mobile devices, or wireless communication devices (from now on mobile devices), has been continuously increasing during the last years. Current mobile devices are often used to perform sensitive tasks, becoming potential targets for an attacker. These sensitive tasks can normally comprise exchange and communication of personal confidential information and identification, as well as financial data during online commercial transaction. It is generally undesirable for this information to be readily available to unauthorized third parties.
[003] Since mobile applications are different from traditional personal computing PC systems, PC oriented solutions are not always applicable. Browsers in mobile devices inherit the same problems existing with traditional PC systems, such as susceptibility to viruses, malware and other destructive content. Such content is normally injected into the mobile device during browsing sessions. However, mobile devices have the particular disadvantage that current prevention and detections systems, often used in traditional PC systems, are not fully applicable to mobile devices. The main reason being the limited resources available for full processing in mobile devices as compared to PCs.
[004] In addition to the commonly known security risks such as insecure browsers, there are now thousands of third-party application developers. Thus, a number of applications are commonly available which do not guarantee proper security against other insecure or malicious applications resident within the same mobile device or environment. Such malicious applications raise a number of additional security issues, which disadvantageously result in loss of money, privacy, and among others, identity theft. Recent reports have shown that dozens if not hundreds of popular free applications released in well-known mobile application markets include this so-called malware injection.
[005] A further problem is that a complete security evaluation of applications is not currently performed, nor intended, in any of the current application markets. Even though it is strongly recommended to limit sensitive information, and to carefully choose the applications to be stored and executed on a mobile device, the number of malware attacks and identity thefts is on the rise.
[006] Since the widespread installation of mobile applications on devices has proliferated only recently, there are no effective security solutions provided to counter-act the malware. Existing developments in the mobile application field is targeted to improving resource management within the mobile device, and specifically targeted to increased performance in resource constrained devices. By delegating portions of the code execution to different components of the system without providing the corresponding security support, the security risks are considerably increased. Therefore these implementations fail to properly address the security issues, and instead, their solutions increase the set of potential security and privacy threats.
[007] All of these concerns are common to all types of applications available on the market. However, for service providers who develop applications directed to a target customer, or client base, these problems are exacerbated. Even though these custom-made applications are "clean", its contents, as well as data exchanged, could well be eavesdropped, or infected, by malicious applications residing on the same mobile device, once the applications are stored and executed on the mobile devices of their clients. The security risk this generally implies negatively affects the integrity of the service provider's product as well as infra-structure. One such example is the case where the service provider is a financial institution, dealing with financial products, or a confidential data warehouse, dealing with confidential personal information, or different aspects of a person's or institution's private environment. Even though utmost care is taken to provide a secure and confidential environment, applications downloaded independently onto the end-user's devices can compromise the integrity of the whole secure and confidential environment. Furthermore, this compromise is outside the service provider's control.
[008] Therefore a need exists to effectively solve the abovementioned problems, and in particular, provide a guaranteed secure environment for delivering and executing applications on mobile devices storing or communicating sensitive information.
SUMMARY
[009] It is therefore an object of the present invention to provide solutions to the above mentioned problems. In particular it is the objective of the invention to provide a client-server system that allows secure execution of remote web applications as controlled by a service provider which orchestrates both secure communications and secure web content delivery.
[0010] The client-server system comprises a set of security components that enables the remote execution of mobile web-based applications in a secure manner wherein any sensitive information is treated and stored in a remote and secure environment under the service provider's control.
[0011] One of the security components of the client-server solution is the delegation of the responsibility for guaranteeing security to the service provider. This enables the service provider to locate its services in any location that it considers to be a controlled and secure environment. Such trusted environment could be private and locally based, it could be private and remotely based, or it could be a trusted external provider (cloud service provider). Hence the necessary secure access is provided regardless of the client-side security vulnerabilities that are currently present in the mobile device. Hence the set of applications provided by the service provider, containing sensitive information for both final users as well as the service provider, is executed in a controlled environment under its responsibility and control.
[0012] In particular, it is the object of the present invention to provide an apparatus in a mobile device for accessing at least one secure remote web application run on a remote server. [0013] It is another object of the present invention to provide a system in a server for providing secure remote web application access for mobile devices.
[0014] It is another object of the present invention to provide a method in a mobile device for accessing at least one secure remote web application run on a remote server.
[0015] It is another object of the present invention to provide a method in a server for providing secure remote web application access for mobile devices.
[0016] It is another object of the present invention to provide a computer readable medium comprising instructions, once executed on a computer, for performing the steps of a method in a mobile device for accessing at least one secure remote web application run on a remote server.
[0017] It is another object of the present invention to provide a computer readable medium comprising instructions, once executed on a computer, for performing the steps of a method in a server for providing secure remote web application access for mobile devices.
[0018] The invention provides methods and devices that implement various aspects, embodiments, and features of the invention, and are implemented by various means. The various means may comprise, for example, hardware, software, firmware, or a combination thereof, and these techniques may be implemented in any single one, or combination of, the various means.
[0019] For a hardware implementation, the various means may comprise processing units implemented within one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.
[0020] For a software implementation, the various means may comprise modules (for example, procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in a memory unit and executed by a processor. The memory unit may be implemented within the processor or external to the processor.
[0021] Various aspects, configurations and embodiments of the invention are described. In particular the invention provides methods, apparatus, systems, processors, program codes, computer readable media, and other apparatuses and elements that implement various aspects, configurations and features of the invention, as described below.
BRIEF DESCRIPTION OF THE DRAWING(S)
[0022] The features and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify corresponding elements in the different drawings. Corresponding elements may also be referenced using different characters.
[0023] FIG. 1 depicts a client-server architecture according to one embodiment of the invention.
[0024] FIG. 2 depicts a client mobile device according to one aspect of the invention.
[0025] FIG. 3 depicts more details of the client-server architecture.
[0026] FIG. 4 depicts a signaling diagram for downloading and activating a trusted component according to one aspect of the invention.
[0027] FIG. 5 depicts a signaling diagram for downloading and activating a thin client according to another aspect of the invention.
[0028] Fig. 7 depicts a method of downloading and activating a trusted component according to one aspect of the invention.
[0029] Fig. 8 depicts a method of downloading and executing a thin client according to another aspect of the invention.
[0030] FIG. 9 depicts more details of the remote secure server.
DETAILED DESCRIPTION OF THE INVENTION
[0031] FIG. 1 depicts a system according to one embodiment of the invention comprising a client-server architecture 100 able to provide secure and remote execution of web applications for mobile devices 140. System 100 comprises at least one mobile device 140 communicating via a communications network 130 to the secure service provider's network 1 10. The communications network 130 is commonly the Internet, however it could be any other combination of public or private access and backbone networks able to provide a communication link between any one mobile device and the server it is communicating with. The service provider's network 1 10 comprises at least one service provider server 120.
[0032] Therefore in this configuration the mobile devices are clients and are being served by the service provider servers with security components according to the invention. Secure interaction is provided by the provision, from the service provider server to the mobile device, of at least two components. The first component, the trusted component, is provided to the mobile device for setting up a secure communication link to the server. Once this secure link has been setup, the second component, the thin client, is provided which enables interacting with components of the secure service provider for performing mobile application functions.
[0033] The trusted component comprises a computer application to be executed on the client mobile device allowing access to a remote secure application server. The mobile application is not a fully self-contained program or software residing completely on the mobile device. The mobile application's functions are emulated by the thin client in a transparent manner, such that the final user experiences no difference with respect to mobile application fully downloaded and run on the device. However, any information which might be considered sensitive for the user or the service provider is managed and controlled at the service provider server, and exchanged with the mobile device only as far as necessary for the user's knowledge and interaction.
[0034] The system's main focus is for service providers (for example, financial institutions, e-commerce companies, or hosts of sensitive and/or confidential information) to remove their applications from a hostile environment to a controlled environment, completely independent from the level of trust of hosts. The rationale behind the proposed architecture is for service providers to offer a set of specific customer oriented services in the form of mobile web applications that are to be executed in a controlled environment by the service providers themselves where potential threats to mobile devices cannot affect the client-server communications or transactions. One of the main advantages is that secure access is provided whilst the performance level and quality of service levels are maintained. Hence real time application updates and/or maintenance are continued without any loss in performance. [0035] Secure web applications are owned and managed by a service provider and offered via remote execution in order to minimize the exposure to malicious software attacks at the client device and to avoid affecting operations between clients and service providers. Additionally, the trusted component establishes further secure communications with the service provider, guaranteeing a closed secure link between the mobile device and the secure server prior to the provision of the thin client for executing the secure web application.
[0036] The trusted component, once executed on the mobile device, is configured for establishing the secure channel and collecting and transmitting to the secure server information regarding the mobile device's inherent vulnerabilities, and security related data. Based on this information the secure server determines whether it is safe enough to activate the trusted component for the particular mobile device. Only upon activation is the trusted component allowed to continue operation enabling the subsequent provision of the thin client for secure remote interaction.
[0037] FIG. 2 depicts a mobile device 200 comprising a Rich Operating System 220 and a secure environment 230. The trusted component and thin client are transmitted from the secure server and installed in the secure environment 230 of the mobile device. The secure environment is seen as an isolated environment independent of the Rich OS, and it provides isolated and secure execution of the other components that are provided only once and are in charge of allowing further communications with the service provider's network. The trusted component 240 allows the client device to establish the secure communication needed to access services hosted in the server, and in particular, to download and execute the thin client.
[0038] In practice there are several different manners in which the trusted component is finally received by the mobile device. One manner is direct download to the device, either over-the-air or via pre-installation during device activation. Another manner is indirectly through a different distribution channel, such as trusted third-party content providers (such as App Store, or Google Play). Independent from the precise distribution route taken, the skilled person will understand that the trusted component is generated and delivered from the secure service provider to a mobile device, in order to setup a secure channel allowing safe thin client delivery and remote browsing using the generated secure channel.
[0039] In an aspect it also provides a risk indication about the device in question. In case the device does not pass the risk test, the trusted component is not activated, and no further exchange takes place with the risky device. On the other hand, in case the user-related and device-related data received by the secure server via the trusted component results in a positive risk determination, and it is determined that the device is in fact safe, the trusted component is activated and a thin client delivered using the generated secure channel.
[0040] Once the secure link is configured, the secure server delivers the thin-client to be executed in the device, also within the secure environment 230. As mentioned, the thin client provides the components needed to launch web- based mobile applications from the service provider in a transparent manner. Due to the secure link and this additional secure environment applications are executed in a highly secured virtual environment controlled by the service provider, where the user needs not to worry about the security risks, and in this way, avoiding the exposure to malicious software attacks.
[0041] FIG. 3 depicts the client-server architecture in more detail, comprising the mobile device 130 and the service provider's network 1 10. This figure depicts the state of the system once both the trusted component 310 and the thin client 320 have been downloaded onto the mobile device 130. As mentioned, both components are hosted within the mobile device's secure environment 230. Therefore any of the components of the trusted component or thin client profit from the inherent security provided by the secure environment, which generally comprises software and tamper resistant hardware and which is mainly used to stored electronic signatures, and has a secure data storage.
[0042] On the client side, the trusted component of the mobile device comprises a host monitoring component 312, a secure communications component 314 and a secure authenticator 316. These components communicate with the secure service provider 1 10 to establish secure communications, report anomalies detected in the mobile devices and ultimately request thin-clients to provide user access to sensitive applications hosted by the secure service provider. [0043] On the server side the service provider's network 1 10 may comprise, in addition to at least one secure server 390, an access control manager 340, a connection manager 350, an anomaly detector 360, a client generator 370, and a monitoring tool 380. Each secure server 390 comprises a web application instance 392 as well as a host destination checker 394.
[0044] In the following each component of the client and server side is explained in more detail, followed by a description of the processes involved as they interact with each other.
CLIENT SIDE COMPONENTS
[0045] As mentioned, the mobile device comprises a secure environment 230, which is a component able to isolate itself from the Rich OS with the main objective of providing protection against attacks, in particular for executing applications in a secure manner. The secure environment mainly comprises a combination of software and hardware components, offering a high level of protection and capable of providing an isolated application execution, and access to secure components such as keyboard, display and data storage. Examples of such environments could be the Trusted Execution Environment from Global Platform, the Samsung Knox Container, a mobile-based micro-visor or a secure and ciphered environment for application storage and execution.
[0046] The function of the trusted component 310 is guaranteeing the integrity and security of the communication link between the mobile device and secure server. The trusted component is downloaded only once it is stored and executed in the secure environment 230. Although the trusted component is downloaded only once, it is constantly updated by the service provider to ensure its security and integrity.
[0047] The trusted component limits the protocols accepted within the network so that, for instance. HTTP and HTTPS connections are allowed, but SSH protocol might be blocked, in order to avoid possible intruders to remotely connect to any device. In order to ensure this compatibility and transparent integration, traffic is encapsulated using a tunneling protocol. Tunneling enables communication to be encapsulated inside a permitted protocol, so that the information exchanged between the thin-client and the secure server system will not be discarded by network policies. For instance, going back to the previous example, traffic could be HTTP-encapsulated, since the HTTP protocol was permitted by the policies in place. Hence a bi-directional communication link is setup between the thin-client and the web application instance while a session is active. While acting as the single communication interface to the secure server system, internal elements are hidden from direct access. In one aspect of the invention, server IP addresses are replaced by other proxy addresses, thus effectively hiding the inner network's addressing data as well as the possibility to discover its internal structure.
[0048] Once authentication has been successfully performed, the secure channel has been established, and the trusted component activated, the trusted component requests a thin-client, or thin application, from the service provider. The trusted component performs an integrity check of the thin-client before the thin-client is executed on the device, thereby ensuring it is being provided from a trusted source, and not a hoax, of result of a malware attack.
[0049] The function of the host monitoring component 312, or means for monitoring the host, is monitoring the behavioral patterns of the mobile device. In particular, the host monitoring component will report any anomaly or changes detected in the device which are related to the protection of the other components of the secure environment. The host monitoring component's server-side counterpart is the anomaly detector 360. The host monitoring component detects and generates traces, which optionally after compression, are transmitted via encrypted channel 326 to the anomaly detector. The anomaly detector uses this information to ensure the integrity of the secure communications link, or of the execution environment, by updating parameters of the trusted component or thin client.
[0050] The function of the secure communications component 314, or means for secure communications, is establishing secure communications with the secure service provider 1 10. This additional security provides a guaranteed seal against attacks because the thin client is downloaded within the context of this secure channel, and once executed, data enabling interaction and monitoring of the web application is also exchanged within the context of this secure channel. The secure communications component works together with the secure service provider via communication link in order to access the web application, resulting in a remote and virtualized execution of the web application to be accessed by the user's mobile device.
[0051] The function of the secure authenticator 316, or means for secure authentication, is generating valid credentials to be able to authenticate the client's mobile device to the secure service provider. These credentials can be generated as a one-time password OTP code or an electronic signature.
[0052] The function of the thin client 320, also known as a one-time application launcher, or means for application launching, is to enable the provision of web application interaction to the final user in a secure and optimized manner. The thin client is code-signed, generated and provided by the secure service provider. Therefore originally it does not exist or reside as such in any of the computing devices. The thin client is valid for a limited period of time and communicates with its server-side counterpart, the secure server 390, which runs a corresponding virtual application session. The virtual application session is configured to communicate with the thin client also during the same limited period. The thin client is configured to open only one identified session communicating with only one specific application hosted in the secure server based on the identified customer and user's device characteristics. The integrity of the thin client is validated using a session key.
[0053] Since the thin-client substitutes a standard locally-run application, however with the most sensitive components run at the secure service provider, it has to be created and downloaded for every new session or expiry of the determined time limit. Therefore the size of the thin client is minimized to assure usability and enable repeated downloading and client execution with minimum impact to network resources as well as the mobile device's processing resources or the user's navigating experience.
[0054] The thin client is downloaded with a session key, comprised in its code, to map to the corresponding virtualization of the application at the secure server. Once the secure communication channel has been established, the session key is provided. The session key is generated at the server side based on the device and client/customer's characteristics, timestamp. validity period and virtualization used for that particular session. The session key is generated and included in the thin client by the secure service provider. SERVER SIDE COMPONENTS
[0055] The secure service provider 1 10 can be placed in the service provider' own internal network, or its own private external cloud network, whilst being managed by their own network administrator. On the other hand it can also be placed in a publicly available (non-private) external cloud service provided by a trusted party, so that it is used to provide secure access to the web applications. This is possible since the security provided by the client- server architecture is not only independent of the user's vulnerabilities, but is also independent of the server's location, as long as the systems components are deployed as described. Therefore an administrator refers to both, the service provider's own administrator or one belonging to an external service.
[0056] The secure service provider 1 10 comprises at least one secure server 390, or secure server means, for every web application virtual session needed. The secure service provider can interact with multiple mobile devices, or even with multiple thin clients within a single mobile device. Each secure server comprises a web application instance 392, or remote application means, as well as a host destination checker 394, or host checking means.
[0057] The secure server requires session-based authentication with valid credentials identifying which user is willing to access the provided services. This authentication is performed by the access control manager as explained in the following. Once authentication is done via a secure communication channel, the secure server delivers a thin-client valid for a unique session, for a unique customer and for a limited lifetime. The lifetime may be as short as only a few seconds or minutes. Each web application instance comprises either one secure remote browser to access a web application or a remote instance of the cloned device running the mobile application. The number of web application instances will correspond to the number of users simultaneously accessing the sensitive applications.
[0058] FIG. 9 depicts more details of the secure server 390 comprising two main components for offering the services being run on the mobile device. The first component corresponds to a secure browsing instance 910 which is a virtual instance executing a browser. The second component corresponds to a cloned device instance 920 which is a virtual instance, or emulator, that corresponds to the user's mobile device. In other words, it is a virtual instance "emulating" the main features of the mobile device e.g. operating system, hardware components, libraries, and the mobile application itself. Both instances are executed remotely and in a secure and transparent manner. In both cases the connection manager is responsible for managing the virtual instances (secure server instances).
[0059] The secure server 390 comprises at least one web application instance depending on the number of simultaneous sessions which are active. It additionally comprises physical hardware resources, and a host operating system, which could be Linux, Windows or any other OS, and an isolation layer that enables the server to create completely separate instances. Each web application instance comprises isolated input/output resources, like network access or a file system. Each environment corresponds to a specific user session and might contain either an instance of a secure browser instance which implements a remote browser access or a virtualized implementation of a cloned device running service provider mobile applications.
[0060] The web application instance temporarily offers the tools needed to access a mobile application and these tools are discarded after use. In other words, the secure server of the present invention only requires the features specifically necessary to access a mobile web application. Moreover, offering complementary features, or different configuration options, would pose a new risk, since these options would be available both to legitimate and malicious users. Reducing the available features reduces the attack surface and makes it easy to control the user's actions. Furthermore, not including these extra features generally decreases memory consumption, enabling better scalable web application instance architecture and optimized use of computational resources.
[0061] Therefore the operating system and applications inside the web application instance are tailored to support all the functionalities needed to access and navigate but not offering any other not required. The secure server offers this way high scalability to attend a high number of users while the provider can strictly control the actions that a user can perform while interacting with its applications, since the provider itself is supplying tailored tools to facilitate access to his own web applications. [0062] The host destination checker 394 operates to allow or deny access to known destinations, such as the different services and/or applications provided by the service provider, and prevent unauthorized redirection to unknown IP or URL destinations. The host destination checker prevents redirection to unknown URLs and/or IP destinations, as well as unauthorized access to URLs and/or IP destinations outside the application 's domain and/or boundaries. This is useful for example when users attempt to benefit from the system using it for different purposes, for example as a proxy. It is considered a security measure to avoid users to freely navigate into Internet and deliberately visit malicious sites to perform different task making free use of the available resources, and in this way the correct used of resources of the assigned virtual instance can be guaranteed. Hence the host destination checker 394 makes sure that even authorized users cannot hack the system and avail themselves or more services or resources than those assigned by the service provider.
[0063] In addition to the secure server 390, the secure service provider 1 10 comprises at least an access control manager 340, a connection manager 350, an anomaly detector 360, a client generator 370, and a monitoring tool 380.
[0064] The access control manager 340, or access control means, has functions prior to the trusted component activation and after its activation. Prior to activation, the access control manager is configured to receive information sent from an executed trusted component in a new mobile device, and determine whether the mobile device is a safe or risky device. In case it is determined that it is a safe device, the trusted component is activated for further operation.
[0065] After this activation step, the access control managers is configured to identify the user and validate the corresponding credentials in order to deny or grant access to the provided services. Therefore it validates the session key or identifier provided by the thin-client 320 permitting secure information exchange, such as contextual information (geo-location, IP address, user profiling) provided by the host monitoring tool to the anomaly detector. The access control manager authenticates users by verifying their credentials, it manages the access control to any service provided by the service provider network, and it will grant or deny access in correspondence to the user credentials and authorization levels. [0066] The connection manager 350, or connection means, ensures the proper management of the web application instances in coordination with the client-side secure communications component 314.
[0067] The anomaly detector 360, or means for detecting anomalies, receives from the host monitoring tool 312 all information related to anomalies or unusual behavior detected in the user client device. It also receives context information in order to estimate any possible anomalies with the current user session. Using this information and evaluation the connection manager is able to abort communications, perform a scoring from user and/or device, and ultimately block further communications with a given client. The scoring is done by the anomaly detector, with the information provided by the anomaly detector the connection manager takes the corresponding decisions, such as creating new instances, aborting communications, blocking further communications, and so on.
[00S8] The thin client generator 370, or thin client generating means, generates the unique session-based thin-client to be delivered to the client. This component requires previous authentication, customer identification and secure establishment of the communication channel. The generated thin-client is code- signed enabling integrity inspection once delivered to the user's mobile device. The client generator comprises a code protector, or code protecting means, for generating a unique version of the thin-client by applying, among others, ciphering and obfuscation techniques.
[00S9] The monitoring tool 380, or means for monitoring, monitors the status of the different components of the secure service provider and performs risk estimation in order to take further actions according to the estimated determined risk.
OPERATSON
[0070] As mentioned, the client-server architecture operates in two linked phases. In a first phase a trusted component is downloaded onto the mobile device. On execution, the trusted component sets up a secure channel between the mobile device and the secure service provider which is used for all exchange of data and information between the mobile device and the secure service provider. This channel is used to receive user-related and device- related information permitting a risk determination of the device. In case determined the device is a safe device, the trusted component is activated for further operation.
[0071] In a second phase, a thin client is downloaded onto the mobile device through the secure channel. On execution, the thin client deploys a number of components and performs a series of steps which permit the user of the mobile device to interact with a web application instance hosted on the server. This is done in such a manner that the whole process is transparent to the user, in the sense that the user experience is the same for this client-server architecture or a local download and execution of an application being fully run on the device itself.
[0072] A user willing to access mobile web applications offered by a particular service provider downloads the trusted component and completes the registration process. On installation the trusted component establishes communications with the service provider to continuously send current traces of user's and device's behavioral patterns. Once the user has successfully accomplished the first phase (trusted component download, installation and registration), the user will be able to launch the trusted component which is locally installed in the user's device. From the available applications shown in the GUI menu of the trusted component the user can select the desired/corresponding application.
[0073] The trusted component, through the system authenticator, provides the corresponding credentials (credential can consist of single or two authentication factor), and pass them to the secure communication component, which in turn establishes a secure channel to communicate with the service provider. Upon reception the access control manager receives the request and performs credential validations. After successful credential validation the access control manager communicates with the communication manager which receives additional information from the anomaly detector as well as from the monitoring component. After checking the security aspects and the resources availability a secure server web application instance is created, and based on several characteristics and parameters (for example client device fingerprint, timestamp, client credentials, virtual instance id, and so on) the thin-client is generated and delivered to the end user. The thin-client is valid for one specific session and client device. The loaded secure virtual instance at the secure server is then ready to interact with the thin-client.
[0074] On the client side, the trusted component downloads the thin-client and performs security and integrity checks. Once validated the thin-client is executed and, through the secure communications component which is responsible for establishing secure communications, establishes the session to interact with the web application instance. The session key is provided in order for the session mapper to identify the corresponding virtual instance which will be isolated from others. Once the session has been successfully established, the web application instance renders the contents generated in the destination mobile web application. The contents are rendered in the form of images formatted according to the mobile device characteristics (known from the fingerprint), which are displayed by the user's secure display provided by the secure environment of the client device, in this way reducing considerably the processing to be performed by the client, and moreover adding security to the overall client-server transactions.
[0075] The thin-client therefore receives properly formatted images corresponding to the device's display characteristics, and therefore the client device will not process any additional code or locally store any additional sensitive information. In order to provide user input, the thin-client is configured with the capability of retrieving instructions input by the user via the device's secure keyboard. These instructions are simply routed from the thin-client to the trusted component and from the trusted component to the web application instance allowing effective user interaction.
[0076] Fig. 7 depicts a method 700 of downloading and activating a trusted component according to one embodiment of the invention. FIG. 4 depicts the corresponding signaling diagram 400. This embodiment represents the actions performed by the different components of the client-server architecture to perform the abovementioned first phase of trusted component download and execution. The method starts in step 710, or 410, by a request from the mobile device 140 to the secure service provider for a mobile application.
[0077] The request comprises, amongst other information, the user's credentials. The request is received by an access control manager 340 which performs a series of authentication checks. One of the authentication checks is verifying 720 whether the user's credentials match those stored in a service provider database of registered and authorized users. Another authentication check comprises storing 730 a copy of the device fingerprint, in case used for validation purposes, as described.
[0078] Once the authentication is complete, the access control manager coordinates with the connection manager 350 to generate a trusted component for delivery to the client device. Before delivery the access control manager associates the trusted component with the device. Subsequently, the trusted component is delivered 740, or 420, to the mobile device.
[0079] Once downloaded, the trusted component has to undergo an activation procedure by the secure service provider. Once the trusted component has been stored in the mobile device the installation 750 process leads to a user registration procedure 760, wherein the user registers with the service provider so that corresponding additional validations 770 are performed. This aspect is particularly advantageous when the trusted source is not the service provider itself, but an external third party. As mentioned, the trusted component can be requested from an external "valid" or "trusted" source such as an application market (such as currently existent App Store, or Google Play), or any other trusted third party. Hence the trusted component delivered by a third party is validated by the service provider before a web application service is enabled for the particular user and device. After registration 430 the trusted component is activated 780 and an activation response sent 440 to the user. At this point the trusted component is ready for execution in order to grant access 790 to the secure service provider.
[0080] Fig. 8 depicts a method 800 of downloading and executing a thin client according to one embodiment of the invention. FIG. 5 depicts the corresponding signaling diagram 500. This embodiment represents the actions performed by the different components of the client-server architecture to perform the abovementioned second phase of thin-client download and execution. In general terms the secure service provider delivers and maintains updates of the trusted component which serves as a gateway to access sensitive mobile applications hosted in the secure service provider. Therefore the secure service provider delivers a new virtual environment to the client device in each session. This is done by the secure server creating a virtual instance where the client device, instead of accessing a locally installed sensitive mobile application, accesses a remote instance of the mobile web application.
[0081] The method starts in step 810, or 510, by a request from the trusted component now being executed in the mobile device 140 to the secure service provider for web application access. After validating 815 the access, a client generator at the secure service provider generates 835 a virtual instance within a secure server environment together with its corresponding thin client. The virtual instance may be a virtual browser instance or virtualized mobile application running an instance of the cloned device. Subsequently the thin client is delivered 840, or 520, to the mobile device.
[0082] The access validation comprises receiving 815 user credentials and the setting up 820 of a secure communications channel targeted for that user. The mobile device also performs an integrity check 845 to make sure the thin client being received is not a fake client, and if positive 850, proceeds with the thin client installation and execution 855.
[0083] Once running, the thin client sets up a connection with its counterpart web application instance hosted on the secure server. Each client-server instance or session has a corresponding session key in order for the session mapper to identify the corresponding virtual instance 860 which is isolated from others. Hence each web application instance is a virtual container running independently from other parallel-running instances. The data and processes running inside belong to one specific session and cannot be accessed from outside, and vice versa.
[0084] A container is an isolated environment that provides an abstraction of an operating system. In this case, each container replicates an independent web application instance, which consists either on a replica from the mobile device running the collection of sensitive mobile applications, or a secure browser instance allowing web application access to the mobile device. This adds further security as the container environment prevents malicious attacks to other virtual environments since it will not be possible to automatically propagate throughout the server. On the server side the session mapper will match the session identifier with the corresponding instance and will send the access response. [0085] After session mapping a positive access response is sent 540 to the mobile device. Exchange of information and data enable the user of the mobile device to perform the standard actions offered by the web application in a transparent manner. As mentioned, the trusted component will work on the basis of the determined lifetime of the thin-client. The last time interaction is checked 865 and it is determined 870 whether the pre-established timeout has been reached. In case positive, the process proceeds to shutting down 880 the service by cleaning up the secure environment at the client device and the secure server dismantling at the secure service provider, and notifying the client device of the termination of the service.
[0086] In case the timeout has not lapsed, once the session has been successfully established, the web application instance renders the contents generated in the destination mobile web application in the form of images formatted according to the mobile device characteristics. These images are displayed by the device's display provided by the secure environment of the client device. In this way the processing necessary is minimized while security is maximized at the client side. In other words, the thin-client receives properly formatted images corresponding to the device's display characteristics, and therefore does not need to process any additional code or locally store any additional sensitive information.
[0087] In order to provide user input, the thin-client is configured with the capability of retrieving instructions input by the user via the device's keyboard or mouse (as the case may be). These instructions are simply routed from the thin client to the trusted component and from the trusted component to the web application instance running on the secure server, thereby allowing effective transparent user interaction.
[0088] According to one aspect of the invention, a monitoring tool is downloaded and installed together with the trusted component. The function of this tool is to collect 890 all types of evidence for anomaly detection (for example, permission patterns, operating system broadcast monitoring, user behavior patterns, and others), and continuously sends traces via the secure communications component to the secure service provider. A trace is a message comprising historical and status information. [0089] The secure service provider receives the traces and the anomaly detector analyzes them in order to make a risk assessment based on the scoring of the user/device, and furthermore take the proper decision such as trusted component temporary isolation, or permanent deactivation.
[0090] FIG. 6 depicts this process 600, wherein after successful installation and registration, the trusted component 310 continuously communicates with the secure service provider to provide 610 traces of different patterns detected in the client. As mentioned, on reception the anomaly detector 360 analyzes the anomalies detected and makes a risk assessment, based on which it associates a scoring to the client device to support decision making. A response is sent 620 notifying the trusted component of the action to be taken, such as continuing normal operation, temporary isolation, or permanent deactivation.
[0091] The access control manager, in conjunction with the connection manager, orchestrates the communication with the secure communications component of the trusted component in the client device in a secure and transparent manner. The connection manager communicates with the monitoring tool which is in charge of monitoring resources and events of every instance and the overall system status. In addition, the anomaly detector provides a scoring of the communicating device. Once all this information is collected and validated, different actions are undertaken depending on the risk estimation. One such action is the creation or destruction of a web application instance by the connection manager. Another action is creating new instances, or aborting communications, or blocking further communications.
[0092] Therefore, the invention provides additional security by implementing a client-server architecture consisting of a secure server providing a double component implementation wherein at first a trusted component, such as a secure client application, establishes secure communications after having determined the safe nature of the device, in combination with a second component, such as a thin-client, for enabling secure content delivery as the web-based mobile applications are remotely executed. Both components are generated and delivered from the service provider server. Upon installation, a set of parameters which uniquely link the trusted component to the environment where it has been installed are therefore used to generate the thin-client, in such a way that the thin-client will be linked to the trusted component. It is worth mentioning that the trusted component by itself cannot provide remote access to web applications, thus the need for an additional component such as the thin- client, which has been generated considering parameters such as common user and device features, characteristics, and statistically collected data. The secure web application is configured to communicate with the device at the server in order to provide a secure execution of web application via a virtualized environment containing either a browsing instance or device cloned instance running the web-based mobile applications for the end user.
[0093] One such parameter is the lifetime. The service provider server determines a lifetime of the thin-client which is based on the unique characteristics of the trusted component installation, which ensures the security of the overall remote execution session. Once the valid time indicated by the lifetime expires, the trusted component is not able to provide access to the remote applications, and thin client stops executing, unless the lifetime is refreshed, updated, or a new lifetime assigned and linked to both components.
[0094] Furthermore, it is to be understood that the embodiments, realizations, and aspects described herein may be implemented by various means in hardware, software, firmware, middleware, microcode, or any combination thereof. Various aspects or features described herein may be implemented, on one hand, as a method or process or function, and on the other hand as an apparatus, a device, a system, or computer program accessible from any computer-readable device, carrier, or media. The methods or algorithms described may be embodied directly in hardware, in a software module executed by a processor, or a combination of the two.
[0095] The various means may comprise software modules residing in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
[0096] The various means may comprise logical blocks, modules, and circuits may be implemented or performed with a general purpose processor, a digital signal processor (DSP), and application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described. A general- purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
[0097] The various means may comprise computer-readable media including, but not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips, etc.), optical disks (e.g., compact disk (CD), digital versatile disk (DVD), etc.), smart cards, and flash memory devices (e.g., EPROM, card, stick, key drive, etc.). Additionally, various storage media described herein can represent one or more devices and/or other machine- readable media for storing information. The term "machine-readable medium" can include, without being limited to, various media capable of storing, containing, and/or carrying instruction(s) and/or data. Additionally, a computer program product may include a computer readable medium having one or more instructions or codes operable to cause a computer to perform the functions described herein.
[0098] What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination, or permutation, of components and/or methodologies for purposes of describing the aforementioned embodiments. However one of ordinary skill in the art will recognize that many further combinations and permutations of various embodiments are possible within the general inventive concept derivable from a direct and objective reading of the present disclosure. Accordingly, it is intended to embrace all such alterations, modifications and variations that fall within scope of the appended claims.

Claims

1 . A system in a server for providing secure remote web application access for mobile devices, wherein the system comprises: means for receiving a request for a web application;
means for generating and transmitting, to the mobile device, a trusted component for establishing a secure channel;
means for generating and transmitting, to the mobile device, a thin application through the established secure channel, the thin application allowing access to a web application run on the server.
2. The system of claim 1 , wherein the thin application is configured for allowing access to the web application for a limited predetermined time.
3. The system of claim 2, wherein the request comprises mobile device specific information, and wherein the means for generating the thin application is configured for generating the thin application based on the device-specific information.
4. The system of claim 2, further comprising means for secure authentication configured for generating credentials for the trusted component and thin application.
5. The system of claim 4 wherein the means for secure authentication is configured for verifying the trusted component and thin application credentials and configured for associating the trusted component and the thin client with the device based on the credential verification.
6. The system of claim 4 wherein the means for secure authentication is configured for activating the trusted component based on the credential verification.
7. The system of claim 2, wherein the means for generating the thin application comprises means for protecting the thin application code via encryption and/or obfuscation techniques.
8. The system of claim 2, further comprising secure server means configured for generating a web application instance, the web application instance configured for exchanging web application information with the thin client.
9. The system of claim 8, wherein the secure server means further comprises host checking means configured for allowing or denying access to the thin client.
10. The system of claim 8, wherein the secure server means is configured for generating the web application instance within a virtual container secure environment.
1 1 . The system of claim 2, wherein web application information is transmitted to the thin client in the form of images.
12. The system of claim 2, further comprising means for user registration configured to receive and store user-related information, such as personal identification and device-related information such as the device fingerprint.
13. The system of claim 2, further comprising means for detecting anomalies, based on traces received from the thin application.
14. An apparatus in a mobile device for accessing at least one secure remote web application run on a remote server, wherein the apparatus comprises: means for requesting a web application; means for receiving and executing a trusted component for establishing a secure channel with the server;
means for receiving and executing a thin application through the established secure channel, the thin application allowing access to the web application run on the server.
15. The apparatus of claim 14, wherein the thin application is configured for allowing access to the web application for a limited predetermined time.
16. The apparatus of claim 15, wherein web application information is received in the form of images, and wherein the apparatus further comprising means for displaying the images, as well as means for receiving user input.
17. The apparatus of claim 15, wherein the request comprises mobile device specific information.
18. The apparatus of claim 15, wherein the trusted component and thin application are stored and executed within a mobile device secure environment.
19. The apparatus of claim 15, further comprising means for monitoring the thin application interaction with the user and the remote web application instance, and further comprising means for generating and transmitting traces comprising this information.
20. The apparatus of claim 15, further comprising means for verifying the integrity of the thin client based on a session identifier received from the server through the secure channel.
21 . A method in a server for providing secure remote web application access for mobile devices, wherein the method comprises: receiving a request for a web application; generating and transmitting a trusted component to the mobile device for establishing a secure channel;
generating and transmitting, to the mobile device, a thin application through the established secure channel, the thin application allowing access to a web application run on the server.
22. A method in a mobile device for accessing at least one secure remote web application run on a remote server, wherein the method comprises: requesting a web application;
receiving and executing a trusted component for establishing a secure channel with the server;
receiving and executing a thin application through the established secure channel, the thin application allowing access to the web application run on the server.
23. A computer readable medium comprising instructions for performing the method steps of claim 21 once executed on a processor in a server.
24. A computer readable medium comprising instructions for performing the method steps of claim 22 once executed on a processor in a mobile device.
PCT/EP2013/074938 2013-11-28 2013-11-28 Method and system for secure execution of web applications for mobile devices WO2015078500A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2013/074938 WO2015078500A1 (en) 2013-11-28 2013-11-28 Method and system for secure execution of web applications for mobile devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2013/074938 WO2015078500A1 (en) 2013-11-28 2013-11-28 Method and system for secure execution of web applications for mobile devices

Publications (1)

Publication Number Publication Date
WO2015078500A1 true WO2015078500A1 (en) 2015-06-04

Family

ID=49681022

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/074938 WO2015078500A1 (en) 2013-11-28 2013-11-28 Method and system for secure execution of web applications for mobile devices

Country Status (1)

Country Link
WO (1) WO2015078500A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3247084A1 (en) * 2016-05-17 2017-11-22 Nolve Developments S.L. Server and method for providing secure access to web-based services
US10230693B2 (en) 2015-01-29 2019-03-12 WebCloak, LLC Safechannel encrypted messaging system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020009940A1 (en) * 2000-05-15 2002-01-24 May Raymond Jeffrey Targeted elastic laminate having zones of different polymer materials
WO2013079113A1 (en) * 2011-12-01 2013-06-06 Fundacio Privada Barcelona Digital Centre Tecnologic Secure cloud browsing client-server system and method of secure remote browsing using the same

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020009940A1 (en) * 2000-05-15 2002-01-24 May Raymond Jeffrey Targeted elastic laminate having zones of different polymer materials
WO2013079113A1 (en) * 2011-12-01 2013-06-06 Fundacio Privada Barcelona Digital Centre Tecnologic Secure cloud browsing client-server system and method of secure remote browsing using the same

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10230693B2 (en) 2015-01-29 2019-03-12 WebCloak, LLC Safechannel encrypted messaging system
EP3247084A1 (en) * 2016-05-17 2017-11-22 Nolve Developments S.L. Server and method for providing secure access to web-based services
WO2017198740A1 (en) * 2016-05-17 2017-11-23 Nolve Developments S.L. Server and method for providing secure access to web-based services
US11232167B2 (en) 2016-05-17 2022-01-25 Randed Technologies Partners S.L. Server and method for providing secure access to web-based services

Similar Documents

Publication Publication Date Title
Gou et al. Analysis of various security issues and challenges in cloud computing environment: a survey
US11223480B2 (en) Detecting compromised cloud-identity access information
US20180367528A1 (en) Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
US9774590B1 (en) Bypassing certificate pinning
EP3453136B1 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
JP6222592B2 (en) Mobile application identity verification for mobile application management
KR101704329B1 (en) Securing results of privileged computing operations
US11947693B2 (en) Memory management in virtualized computing environments
KR20160005113A (en) Secured access to resources using a proxy
WO2012021722A1 (en) Disposable browser for commercial banking
Mozumder et al. Cloud computing security breaches and threats analysis
JP2017228264A (en) System and method for secure online authentication
JP6590807B2 (en) Method and system for controlling the exchange of privacy sensitive information
US10812272B1 (en) Identifying computing processes on automation servers
Kumar et al. Exploring security issues and solutions in cloud computing services–a survey
Bai et al. All your sessions are belong to us: Investigating authenticator leakage through backup channels on android
US10826901B2 (en) Systems and method for cross-channel device binding
CN106576050B (en) Three-tier security and computing architecture
KR101619928B1 (en) Remote control system of mobile
EP3429155B1 (en) Providing credentials in an automated machine-to-machine communication system environment
WO2015078500A1 (en) Method and system for secure execution of web applications for mobile devices
Borazjani Security issues in cloud computing
Phumkaew et al. Android forensic and security assessment for hospital and stock-and-trade applications in thailand
KR101975041B1 (en) Security broker system and method for securing file stored in external storage device
US20230308433A1 (en) Early termination of secure handshakes

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13798640

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 15/09/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 13798640

Country of ref document: EP

Kind code of ref document: A1