| 发明名称 |
Configuration Profile Validation on iOS Based on Root Certificate Validation |
| 摘要 |
An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by using a validation certificate to validate against a root certificate embedded in a configuration profile installed on the device. The configuration profile is configured to be non-removable, so it cannot be remove or updated, except by another configuration profile signed by the same authority. Validation against the embedded root certificate thereby implicitly confirms the presence of the configuration profile and validates the content of the configuration profile. |
| 申请公布号 |
US2014289510(A1) |
申请公布日期 |
2014.09.25 |
| 申请号 |
US201313848333 |
申请日期 |
2013.03.21 |
| 申请人 |
VMware, Inc. |
发明人 |
TUCH Harvey;ZEREN Mark;NEWELL Craig F. |
| 分类号 |
H04L29/06;H04L9/32 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method to confirm that a configuration profile has been installed on a mobile device, the mobile device comprising a processor configured to perform operations comprising:
receiving, by an application installed on the mobile device and configured to permit or deny access to certain resources on the device, a digital certificate from a server that has previously transmitted a configuration profile to the mobile device, wherein (i) the configuration profile specifies security-related properties to be implemented by an operating system on the mobile device including a property specifying that the configuration profile cannot be removed from the mobile device, (ii) the configuration profile includes a root certificate, and (iii) the digital certificate has been signed by the root certificate; requesting the operating system to confirm that the received digital certificate is trusted by the operating system; receiving a confirmation from the operating system that the digital certificate is trusted if the configuration profile has been installed by the operation system and the operating system has installed the root certificate as a trusted certificate, thereby enabling the operating system to verify that the digital certificate was signed by a trusted certificate; and permitting, by the application, access to the certain resources on the device. |
| 地址 |
Palo Alto CA US |
