GB2603672A - System and method of securing access to a secure remote server and database on a mobile device - Google Patents
System and method of securing access to a secure remote server and database on a mobile device Download PDFInfo
- Publication number
- GB2603672A GB2603672A GB2204776.5A GB202204776A GB2603672A GB 2603672 A GB2603672 A GB 2603672A GB 202204776 A GB202204776 A GB 202204776A GB 2603672 A GB2603672 A GB 2603672A
- Authority
- GB
- United Kingdom
- Prior art keywords
- secure
- secure connection
- database
- user
- secured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/302—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Evolutionary Computation (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A new and novel system and method for reliably, securely, and affordably isolating and securing remote access to a secure cloud-based server and database, specifically, a NicheRMS police database, through a secured application, such as the NicheRMS application, over a secure network connection, such as a Citrix Independent Computing Architecture (ICA) connection, wherein the data in the sensitive database is accessed, and only present in a secured workspace and never transmitted locally to the endpoint devices.
Claims (22)
1. A method for connecting to a secure database through a cloud workspace comprising, authenticating a user, the user utilizing a user device, having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace; having established the first secure connection, accessing the cloud workspace having a secured application client by the user, the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database.
2. The method of claim 1 wherein the secured application client is a NicheRMS application.
3. The method of claim 1 wherein the secured database is a NicheRMS database.
4. The method of claim 1 wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
5. The method of claim 1, wherein authenticating a user includes utilizing two-factor authentication.
6. The method of claim 1, wherein the user device is a user device having smartcard derived credentials and authenticating the user further includes a smartcard authenticator application affirmatively authenticating the user, provided the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials.
7. The method of claim 1, wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace .
8. The method of claim 1, wherein the user device is a mobile device.
9. The method of claim 1, wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet.
10. The method of claim 1, wherein at least one of the first secure connection and the second secure connection is a dedicated connection.
11. A system for connecting a cloud workspace containing a clientâ s private data and systems to a secured cloud database comprising: a user device, the user device, once authenticated, forming a first secure connection to a server infrastructure; at least one cloud workspace, the cloud workspace being a virtualized operating system having a secured application client, connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non-volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN, the server infrastructure further passing the first secure connection to the cloud workspace; the first VLAN enabling a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
12. The system of claim 11, wherein the site-to-site secure connection server can only establish the second secure connection with the site-to-site secure connection client.
13. The system of claim 11, wherein the user device is a mobile device.
14. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet.
15. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is a dedicated connection.
16. The system of claim 11, wherein the cloud workspace maintains the second secure connection if the first secure connection is closed.
17. The system of claim 11, wherein each of the at least one cloud workspace is deleted daily and wherein the at least one cloud workspace is formed by the server infrastructure upon formation of the first secure connection.
18. The system of claim 11, wherein the server infrastructure comprises one or more servers, each of the servers having one or more processor, one or more non-transitory memory, and one or more communication components.
19. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is an encrypted connection.
20. The system of claim 11, wherein each of the one or more non-volatile memory is encrypted.
21. A server infrastructure comprising: a plurality of servers, each server comprising: one or more processor; one or more communication component, the communication component configured to accept a first secure connection from a user device to a cloud workspace, the first secure connection established by a cloud workspace client application on the user device and based at least in part on a smartcard authenticator, the communication component further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network and configured to enable data communication between each of the plurality of servers and the one or more modem.
22. A secure device comprising: a wireless transceiver; a microprocessor coupled to the wireless transceiver; a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to: receive a request to connect to a secured database from a secured application on a cloud server workspace; route the request to the wireless transceiver; enable the wireless transceiver to transmit the request to one or more secured database servers; receive a response from the wireless transceiver from the one or more secured database servers for authentication; generate a request to the secured application for authentication; route the request for authentication to the secured application; receive a response from the secured application that its monitoring function is disabled; route the response to the wireless transceiver; enable the wireless transceiver to transmit the response to one or more secured database servers; receive a response from the wireless transceiver from the one or more secured database for two-factor authentication.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2019/054497 WO2021066834A1 (en) | 2019-10-03 | 2019-10-03 | System and method of securing access to a secure remote server and database on a mobile device |
Publications (2)
Publication Number | Publication Date |
---|---|
GB202204776D0 GB202204776D0 (en) | 2022-05-18 |
GB2603672A true GB2603672A (en) | 2022-08-10 |
Family
ID=68290388
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB2204776.5A Pending GB2603672A (en) | 2019-10-03 | 2019-10-03 | System and method of securing access to a secure remote server and database on a mobile device |
Country Status (4)
Country | Link |
---|---|
AU (1) | AU2019469058A1 (en) |
CA (1) | CA3074371A1 (en) |
GB (1) | GB2603672A (en) |
WO (1) | WO2021066834A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11356446B1 (en) * | 2019-05-21 | 2022-06-07 | Paul Nacinovich | Medical record data card |
US11611549B2 (en) * | 2019-10-03 | 2023-03-21 | Fset Inc | System and method of securing access to a secure remote server and database on a mobile device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100250497A1 (en) * | 2007-01-05 | 2010-09-30 | Redlich Ron M | Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor |
US20130061310A1 (en) * | 2011-09-06 | 2013-03-07 | Wesley W. Whitmyer, Jr. | Security server for cloud computing |
GB2541040A (en) * | 2015-08-05 | 2017-02-08 | Intralinks Inc | Systems and methods of secure data exchange |
-
2019
- 2019-10-03 CA CA3074371A patent/CA3074371A1/en active Pending
- 2019-10-03 GB GB2204776.5A patent/GB2603672A/en active Pending
- 2019-10-03 AU AU2019469058A patent/AU2019469058A1/en active Pending
- 2019-10-03 WO PCT/US2019/054497 patent/WO2021066834A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100250497A1 (en) * | 2007-01-05 | 2010-09-30 | Redlich Ron M | Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor |
US20130061310A1 (en) * | 2011-09-06 | 2013-03-07 | Wesley W. Whitmyer, Jr. | Security server for cloud computing |
GB2541040A (en) * | 2015-08-05 | 2017-02-08 | Intralinks Inc | Systems and methods of secure data exchange |
Also Published As
Publication number | Publication date |
---|---|
AU2019469058A1 (en) | 2022-04-28 |
CA3074371A1 (en) | 2021-04-03 |
GB202204776D0 (en) | 2022-05-18 |
WO2021066834A1 (en) | 2021-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10142326B2 (en) | Attribute-based access control | |
US9626497B2 (en) | Sharing USB key by multiple virtual machines located at different hosts | |
US11295302B2 (en) | Network system and method for transferring cryptocurrencies between a user account and a receiving account | |
US10083445B2 (en) | Authentication for network access related applications | |
US10298577B1 (en) | Credential vending to processes | |
US9178868B1 (en) | Persistent login support in a hybrid application with multilogin and push notifications | |
EP2963884B1 (en) | Bidirectional authorization system, client and method | |
US9948616B2 (en) | Apparatus and method for providing security service based on virtualization | |
US10833859B2 (en) | Automating verification using secure encrypted phone verification | |
US20060075486A1 (en) | Self-contained token device for installing and running a variety of applications | |
US9374360B2 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
KR20150092890A (en) | Security-Enhanced Device based on Virtualization and the Method thereof | |
US11856101B2 (en) | Remote secured terminal | |
GB2603672A (en) | System and method of securing access to a secure remote server and database on a mobile device | |
US20220014353A1 (en) | Method by which device shares digital key | |
US10033721B2 (en) | Credential translation | |
Angelogianni et al. | How many FIDO protocols are needed? Surveying the design, security and market perspectives | |
CN103152344A (en) | Digital-certificate-based cryptographic operation method and device | |
US11606205B2 (en) | Causal total order broadcast protocols using trusted execution environments | |
US10484379B2 (en) | System and method for providing least privilege access in a microservices architecture | |
KR102081875B1 (en) | Methods for secure interaction between users and mobile devices and additional instances | |
US11481759B2 (en) | Method and system for implementing a virtual smart card service | |
US20240195807A1 (en) | Location coordinate-based user authentication with device loss security tolerance | |
US20240056455A1 (en) | User authentication based on periodic sampling of location coordinates | |
KR20140023085A (en) | A method for user authentication, a authentication server and a user authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40078225 Country of ref document: HK |