Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method includes executing a mobile threat detection function to determine whether an electronic device is corrupt. The method also includes when determining that the electronic device is not corrupt, identifying whether an encrypted user key (UKc-Enc) is stored in the electronic device. The method further includes when the UKc-Enc is not stored in the electronic device, decrypting an application key (AKc) and transmitting the AKc and a unique universal identifier (UUID) that is associated with the application to a gateway for establishing a secure application specific communication channel between the electronic device and the gateway. In addition, the method includes when the UKc-Enc is stored in the electronic device, decrypting the UKc-Enc to form a user key (UKc), extracting a UUID from the UKc, and transmitting the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.

Abstract: An apparatus includes a computing system that is configured to receive, from an electronic device, a verification message indicating that the electronic device is not corrupt. The computing system is also configured to receive, from the electronic device, a unique universal identifier (UUID) that is associated with an application stored in a memory of the electronic device. The computing system is further configured to receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device. In addition, the computing system is configured to establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

Abstract: A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: An apparatus includes a computing system that is configured to receive, from an electronic device, a verification message indicating that the electronic device is not corrupt. The computing system is also configured to receive, from the electronic device, a unique universal identifier (UUID) that is associated with an application stored in a memory of the electronic device. The computing system is further configured to receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device. In addition, the computing system is configured to establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel.

Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.