Secure Architecture for Mobile Device Access to On-Premises Applications

This document introduces a technical architecture that enables applications installed on mobile phones and similar devices to access security-sensitive applications deployed inside a private corporate network perimeter. The mobile devices may be personal (i.e., "BYOD") or corporate owned/managed, but it is assumed that they are neither wirelessly attached to the corporate network nor necessarily able to establish a virtual private network (VPN) link.


  • Introduction
  • The "Bring your own device" trend
  • Security objectives
  • Network architecture, firewalls and connection problems
  • A proxy architecture
  • Encryption keys and device authentication
  • Device activation
  • Device deactivation
  • Security features
  • Usability features
  • Summary

Please Register