GB2603672A - System and method of securing access to a secure remote server and database on a mobile device - Google Patents

System and method of securing access to a secure remote server and database on a mobile device Download PDF

Info

Publication number
GB2603672A
GB2603672A GB2204776.5A GB202204776A GB2603672A GB 2603672 A GB2603672 A GB 2603672A GB 202204776 A GB202204776 A GB 202204776A GB 2603672 A GB2603672 A GB 2603672A
Authority
GB
United Kingdom
Prior art keywords
secure
secure connection
database
user
secured
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2204776.5A
Other versions
GB202204776D0 (en
Inventor
Brown David
Rivers Al
Rivers Travis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fset Inc
Fset Inc
Original Assignee
Fset Inc
Fset Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fset Inc, Fset Inc filed Critical Fset Inc
Publication of GB202204776D0 publication Critical patent/GB202204776D0/en
Publication of GB2603672A publication Critical patent/GB2603672A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/302Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Abstract

A new and novel system and method for reliably, securely, and affordably isolating and securing remote access to a secure cloud-based server and database, specifically, a NicheRMS police database, through a secured application, such as the NicheRMS application, over a secure network connection, such as a Citrix Independent Computing Architecture (ICA) connection, wherein the data in the sensitive database is accessed, and only present in a secured workspace and never transmitted locally to the endpoint devices.

Claims (22)

1. A method for connecting to a secure database through a cloud workspace comprising, authenticating a user, the user utilizing a user device, having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace; having established the first secure connection, accessing the cloud workspace having a secured application client by the user, the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database.
2. The method of claim 1 wherein the secured application client is a NicheRMS application.
3. The method of claim 1 wherein the secured database is a NicheRMS database.
4. The method of claim 1 wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
5. The method of claim 1, wherein authenticating a user includes utilizing two-factor authentication.
6. The method of claim 1, wherein the user device is a user device having smartcard derived credentials and authenticating the user further includes a smartcard authenticator application affirmatively authenticating the user, provided the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials.
7. The method of claim 1, wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace .
8. The method of claim 1, wherein the user device is a mobile device.
9. The method of claim 1, wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet.
10. The method of claim 1, wherein at least one of the first secure connection and the second secure connection is a dedicated connection.
11. A system for connecting a cloud workspace containing a clientâ s private data and systems to a secured cloud database comprising: a user device, the user device, once authenticated, forming a first secure connection to a server infrastructure; at least one cloud workspace, the cloud workspace being a virtualized operating system having a secured application client, connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non-volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN, the server infrastructure further passing the first secure connection to the cloud workspace; the first VLAN enabling a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
12. The system of claim 11, wherein the site-to-site secure connection server can only establish the second secure connection with the site-to-site secure connection client.
13. The system of claim 11, wherein the user device is a mobile device.
14. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet.
15. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is a dedicated connection.
16. The system of claim 11, wherein the cloud workspace maintains the second secure connection if the first secure connection is closed.
17. The system of claim 11, wherein each of the at least one cloud workspace is deleted daily and wherein the at least one cloud workspace is formed by the server infrastructure upon formation of the first secure connection.
18. The system of claim 11, wherein the server infrastructure comprises one or more servers, each of the servers having one or more processor, one or more non-transitory memory, and one or more communication components.
19. The system of claim 11, wherein at least one of the first secure connection and the second secure connection is an encrypted connection.
20. The system of claim 11, wherein each of the one or more non-volatile memory is encrypted.
21. A server infrastructure comprising: a plurality of servers, each server comprising: one or more processor; one or more communication component, the communication component configured to accept a first secure connection from a user device to a cloud workspace, the first secure connection established by a cloud workspace client application on the user device and based at least in part on a smartcard authenticator, the communication component further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network and configured to enable data communication between each of the plurality of servers and the one or more modem.
22. A secure device comprising: a wireless transceiver; a microprocessor coupled to the wireless transceiver; a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to: receive a request to connect to a secured database from a secured application on a cloud server workspace; route the request to the wireless transceiver; enable the wireless transceiver to transmit the request to one or more secured database servers; receive a response from the wireless transceiver from the one or more secured database servers for authentication; generate a request to the secured application for authentication; route the request for authentication to the secured application; receive a response from the secured application that its monitoring function is disabled; route the response to the wireless transceiver; enable the wireless transceiver to transmit the response to one or more secured database servers; receive a response from the wireless transceiver from the one or more secured database for two-factor authentication.
GB2204776.5A 2019-10-03 2019-10-03 System and method of securing access to a secure remote server and database on a mobile device Pending GB2603672A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2019/054497 WO2021066834A1 (en) 2019-10-03 2019-10-03 System and method of securing access to a secure remote server and database on a mobile device

Publications (2)

Publication Number Publication Date
GB202204776D0 GB202204776D0 (en) 2022-05-18
GB2603672A true GB2603672A (en) 2022-08-10

Family

ID=68290388

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2204776.5A Pending GB2603672A (en) 2019-10-03 2019-10-03 System and method of securing access to a secure remote server and database on a mobile device

Country Status (4)

Country Link
AU (1) AU2019469058A1 (en)
CA (1) CA3074371A1 (en)
GB (1) GB2603672A (en)
WO (1) WO2021066834A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11356446B1 (en) * 2019-05-21 2022-06-07 Paul Nacinovich Medical record data card
US11611549B2 (en) * 2019-10-03 2023-03-21 Fset Inc System and method of securing access to a secure remote server and database on a mobile device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100250497A1 (en) * 2007-01-05 2010-09-30 Redlich Ron M Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor
US20130061310A1 (en) * 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
GB2541040A (en) * 2015-08-05 2017-02-08 Intralinks Inc Systems and methods of secure data exchange

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100250497A1 (en) * 2007-01-05 2010-09-30 Redlich Ron M Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor
US20130061310A1 (en) * 2011-09-06 2013-03-07 Wesley W. Whitmyer, Jr. Security server for cloud computing
GB2541040A (en) * 2015-08-05 2017-02-08 Intralinks Inc Systems and methods of secure data exchange

Also Published As

Publication number Publication date
CA3074371A1 (en) 2021-04-03
GB202204776D0 (en) 2022-05-18
WO2021066834A1 (en) 2021-04-08
AU2019469058A1 (en) 2022-04-28

Similar Documents

Publication Publication Date Title
US10142326B2 (en) Attribute-based access control
US9626497B2 (en) Sharing USB key by multiple virtual machines located at different hosts
US10083445B2 (en) Authentication for network access related applications
US10298577B1 (en) Credential vending to processes
US9948616B2 (en) Apparatus and method for providing security service based on virtualization
US9178868B1 (en) Persistent login support in a hybrid application with multilogin and push notifications
EP2963884B1 (en) Bidirectional authorization system, client and method
US10833859B2 (en) Automating verification using secure encrypted phone verification
US20060075486A1 (en) Self-contained token device for installing and running a variety of applications
US9374360B2 (en) System and method for single-sign-on in virtual desktop infrastructure environment
GB2533340A (en) Network system and method for transferring cryptocurrencies between a user account and a receiving account
KR20150092890A (en) Security-Enhanced Device based on Virtualization and the Method thereof
US9565211B2 (en) Managing exchanges of sensitive data
US11856101B2 (en) Remote secured terminal
GB2603672A (en) System and method of securing access to a secure remote server and database on a mobile device
US11363012B1 (en) System and methods for using role credentials associated with a VM instance
US20220014353A1 (en) Method by which device shares digital key
US10033721B2 (en) Credential translation
Angelogianni et al. How many FIDO protocols are needed? Surveying the design, security and market perspectives
CN103152344A (en) Digital-certificate-based cryptographic operation method and device
US10484379B2 (en) System and method for providing least privilege access in a microservices architecture
US11481759B2 (en) Method and system for implementing a virtual smart card service
US11558202B2 (en) Network device authentication
US20240056455A1 (en) User authentication based on periodic sampling of location coordinates
KR20140023085A (en) A method for user authentication, a authentication server and a user authentication system

Legal Events

Date Code Title Description
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40078225

Country of ref document: HK