Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.

Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.

Abstract: Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a computing device has been compromised. File tree structure information for the computing device is obtained that details at least a portion of a tree-based structure of folders and files in a memory on the computing device. It is then determined from the file tree structure information that the computing device is compromised and, based on the determination that the computing device has been compromised, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the managed profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the managed portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.

Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.

Abstract: Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a computing device has been compromised. File tree structure information for the computing device is obtained that details at least a portion of a tree-based structure of folders and files in a memory on the computing device. It is then determined from the file tree structure information that the computing device is compromised and, based on the determination that the computing device has been compromised, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the managed profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the managed portion of memory.

Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.

Abstract: Systems, methods, and software can be used to process certificate validation warnings. In some aspect, a connection to a Virtual Private Network (VPN) server is initiated at an electronic device. The VPN server is associated with a VPN profile. In response to initiating the connection, a certificate associated with the VPN server is received at the electronic device. A validation warning associated with the certificate is received. A fingerprint of the certificate is generated. A validation action is selected based on the validation warning, the fingerprint, and the VPN profile. The selected validation action is executed.

Abstract: Systems, methods, and software can be used to verify a certificate. In some aspects, a request to connect to a Virtual Private Network (VPN) server is received from an application on a mobile device. A certificate of the VPN server is obtained at the mobile device. A device-level certificate verification for the certificate is performed. Whether an application-level certificate verification is provisioned for the application is determined. In response to determining that the application-level certification verification is provisioned, the application-level certificate verification for the certificate is performed. In response to verifying that the certificate passes the application-level certificate verification, the mobile device is connected to the VPN server.

Abstract: Systems, methods, and software can be used to process certificate validation warnings. In some aspect, a connection to a Virtual Private Network (VPN) server is initiated at an electronic device. The VPN server is associated with a VPN profile. In response to initiating the connection, a certificate associated with the VPN server is received at the electronic device. A validation warning associated with the certificate is received. A fingerprint of the certificate is generated. A validation action is selected based on the validation warning, the fingerprint, and the VPN profile. The selected validation action is executed.

Abstract: Systems, methods, and software can be used to verify a certificate. In some aspects, a request to connect to a Virtual Private Network (VPN) server is received from an application on a mobile device. A certificate of the VPN server is obtained at the mobile device. A device-level certificate verification for the certificate is performed. Whether an application-level certificate verification is provisioned for the application is determined. In response to determining that the application-level certification verification is provisioned, the application-level certificate verification for the certificate is performed. In response to verifying that the certificate passes the application-level certificate verification, the mobile device is connected to the VPN server.