Abstract: Systems, methods, and software can be used to verify a certificate. In some aspects, a request to connect to a Virtual Private Network (VPN) server is received from an application on a mobile device. A certificate of the VPN server is obtained at the mobile device. A device-level certificate verification for the certificate is performed. Whether an application-level certificate verification is provisioned for the application is determined. In response to determining that the application-level certification verification is provisioned, the application-level certificate verification for the certificate is performed. In response to verifying that the certificate passes the application-level certificate verification, the mobile device is connected to the VPN server.

Abstract: A serialization service module is provided for configuring an asset management system to provide a secure means of generating, assigning to chips (or other electronic objects or devices), and tracking unique serial numbers. To provide this service, a controller connects through a secure, encrypted connection to appliances at a manufacturer's location. Agents can then request serial number values from an appliance by product name. The serial numbers are generated by the appliance, metered, and provided to the agents. The serial numbers are then injected sequentially into each die in a chip manufacturing process using the agent. A log is reported to the controller.

Abstract: Systems, methods, and software can be used to verify a certificate. In some aspects, a request to connect to a Virtual Private Network (VPN) server is received from an application on a mobile device. A certificate of the VPN server is obtained at the mobile device. A device-level certificate verification for the certificate is performed. Whether an application-level certificate verification is provisioned for the application is determined. In response to determining that the application-level certification verification is provisioned, the application-level certificate verification for the certificate is performed. In response to verifying that the certificate passes the application-level certificate verification, the mobile device is connected to the VPN server.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By using a “class” designation within the existing certificate store structure and key store structure, certificates and keys can be assigned to one space among plural spaces. Accordingly, a personal certificate store and a personal key store may exist in a personal space. Similarly, a corporate certificate store and a corporate key store may exist in a corporate space. APIs designed to work within such a system may be arranged to employ a “class” attribute when managing certificates and cryptographic keys.

Abstract: A serialization service module is provided for configuring an asset management system to provide a secure means of generating, assigning to chips (or other electronic objects or devices), and tracking unique serial numbers. To provide this service, a controller connects through a secure, encrypted connection to appliances at a manufacturer's location. Agents can then request serial number values from an appliance by product name. The serial numbers are generated by the appliance, metered, and provided to the agents. The serial numbers are then injected sequentially into each die in a chip manufacturing process using the agent. A log is reported to the controller.

Abstract: A method and a mobile device having a plurality of modes of operation, the method associating each connection interface on the mobile device with one of a plurality of modes; and restricting access to a profile for each connection interface on the mobile device to only a subset of applications based on the mode associated with the profile.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: A serialization service module is provided for configuring an asset management system to provide a secure means of generating, assigning to chips (or other electronic objects or devices), and tracking unique serial numbers. To provide this service, a controller is used to define a product model, then to define one or more serialization schemas to be bound to each product model. Each serialization schema contains a range of serial numbers for a particular product. The serial number schemas are sent over a secure, encrypted connection to appliances at the manufacturer's location. Agents can then request serial number values by product name. The serial numbers are generated by the appliance, metered, and provided to the agents. The serial numbers are then injected sequentially into each die in a chip manufacturing process using the agent.

Abstract: A method and device for automatic login of a virtual private network on an interface change, the method: associating a virtual private network profile with a plurality of connection interfaces, each connection interface within the plurality of connection interfaces having a priority; monitoring the plurality of connection interfaces for availability; if a connection interface with a higher priority than the connection interface currently used by the virtual private network becomes available, utilizing the higher priority connection interface for the virtual private network; and if the connection interface currently used by the virtual private network becomes unavailable, transferring the virtual private network to a highest priority available connection interface within the plurality of connection interfaces.

Abstract: In some implementations, a method for routing a communication includes receiving, from an application running on a user equipment (UE), a request to access a forwarding information base (FIB). The UE includes a plurality of FIBs and a plurality of communication interfaces. Each of the plurality of FIBs includes communication interface information. An assigned FIB from the plurality of FIBs is determined. The assigned FIB has been assigned to the application. An appropriate communication interface for communication is determined based on a destination of the communication and the communication interface information of the assigned FIB. The communication is transmitted to the destination using the communication interface.

Abstract: In some implementations, a method for routing communication includes determining a binding interface for a communication session based on a forwarding information base (FIB) and a destination for the communication session. The communication session is from an application running on user equipment (UE), and the binding interface is included in a virtual private network (VPN) tunnel established through an Internet Protocol (IP) security (IPsec) interface. Whether to filter the communication session is determined based on which perimeter of the UE includes the binding interface and which perimeter of the UE includes the IPsec interface.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: A method and computing device configured to send and receive traffic over a virtual private network (VPN) connection, the computing device having a processor; and a communications subsystem, where the method determines that a first trigger had been met; monitors whether data traffic exists over the VPN connection for a first time period; and if no data traffic exists over the VPN connection for the first time period, disconnects the VPN connection.

Abstract: In some implementations, a method for routing communication includes determining a binding interface for a communication session based on a forwarding information base (FIB) and a destination for the communication session. The communication session is from an application running on user equipment (UE), and the binding interface is included in a virtual private network (VPN) tunnel established through an Internet Protocol (IP) security (IPsec) interface. Whether to filter the communication session is determined based on which perimeter of the UE includes the binding interface and which perimeter of the UE includes the IPsec interface.

Abstract: In some implementations, a method for routing a communication includes receiving, from an application running on a user equipment (UE), a request to access a forwarding information base (FIB). The UE includes a plurality of FIBs and a plurality of communication interfaces. Each of the plurality of FIBs includes communication interface information. An assigned FIB from the plurality of FIBs is determined. The assigned FIB has been assigned to the application. An appropriate communication interface for communication is determined based on a destination of the communication and the communication interface information of the assigned FIB. The communication is transmitted to the destination using the communication interface.

Abstract: A method and a mobile device having a plurality of modes of operation, the method associating each connection interface on the mobile device with one of a plurality of modes; and restricting access to a profile for each connection interface on the mobile device to only a subset of applications based on the mode associated with the profile.

Abstract: A method and apparatus for virtual private network (‘VPN’) liveness checking, the method, upon expiration of a timer, sending, over a VPN tunnel, a request to a server located behind a terminator of the VPN; checking whether a response to the request is received within a time interval; if a response to the request is received, resetting the timer; and if a response to the request is not received within the time interval, resending the request if a request count is less than a set number of requests; or providing an inactive tunnel indication to a VPN client manager if the request count equals the set number of requests.

Abstract: A method and apparatus for virtual private network (‘VPN’) liveness checking, the method, upon expiration of a timer, sending, over a VPN tunnel, a request to a server located behind a terminator of the VPN; checking whether a response to the request is received within a time interval; if a response to the request is received, resetting the timer; and if a response to the request is not received within the time interval, resending the request if a request count is less than a set number of requests; or providing an inactive tunnel indication to a VPN client manager if the request count equals the set number of requests.

Abstract: A serialization service module is provided for configuring an asset management system to provide a secure means of generating, assigning to chips (or other electronic objects or devices), and tracking unique serial numbers. To provide this service, a controller is used to define a product model, then to define one or more serialization schemas to be bound to each product model. Each serialization schema contains a range of serial numbers for a particular product. The serial number schemas are sent over a secure, encrypted connection to appliances at the manufacturer's location. Agents can then request serial number values by product name. The serial numbers are generated by the appliance, metered, and provided to the agents. The serial numbers are then injected sequentially into each die in a chip manufacturing process using the agent.