发明名称 |
Secure configuration of mobile application |
摘要 |
Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data. |
申请公布号 |
US9331995(B2) |
申请公布日期 |
2016.05.03 |
申请号 |
US201414258903 |
申请日期 |
2014.04.22 |
申请人 |
SAP SE |
发明人 |
Schneider Juergen;El Khoury Paul;Lechner Sami |
分类号 |
G06F7/04;H04L29/06;H04W4/00;H04W12/06;G06F21/43;G06F21/57;H04N7/16;G06F9/445;H04W12/02 |
主分类号 |
G06F7/04 |
代理机构 |
Fountainhead Law Group PC |
代理人 |
Fountainhead Law Group PC |
主权项 |
1. A computer-implemented method of configuring an application program of a mobile computing device, the method comprising:
establishing a secure network connection between the mobile computing device and a server computer system; authenticating a user of the mobile computing device against the server computer system via the secure network connection; receiving, at the server computer system, a configuration request via the secure network connection from the mobile computing device, the configuration request indicative of a user's request for configuring the application program; and in response to receiving the configuration request:
generating a challenge code;sending the challenge code via the secure network connection to the mobile computing device;encrypting configuration data using a symmetric key, wherein the symmetric key is the challenge code or the symmetric key is derived from the challenge code;sending the configuration data in encrypted form via the secured network connection to the mobile computing device; andsending a verification value from the server computer system to the mobile computing device either via an additional communication channel that is different from the secure network connection or as a separate communication over the same secure network connection, wherein the verification value is a hash-based message authentication code (HMAC) produced by applying a secure hash function to a combination of the configuration data with the challenge code, whereby the mobile computing device, in response to receiving the configuration data and the verification value, invokes a configuration program module to:
prompt the user to enter a challenge code via a user interface;decrypt the configuration data in encrypted form upon entry of the challenge code via an input component of the mobile computing device;verify the configuration data using the challenge code entered by the user and the verification value received via the additional communication channel; andconfigure the application program using the configuration data in response to verification of the configuration data. |
地址 |
Walldorf DE |