Mobile secure gateway

Mobile secure gateway (MSG) is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security.

MSG is typically composed of two components - Client library and Gateway. The client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network.

Client library[edit]

The Client library is linked with the corresponding mobile application, and that provides secure access via the Gateway to the set of Hosts. The Client library exposes public API to the mobile application, mimicking platform default HTTP client library. The application uses this API to communicate with the desired hosts in a secure way.

Gateway[edit]

Gateway is a server or daemon typically installed onto physical or virtual appliance placed into DMZ. The Gateway's public interface is exposed to the Internet (or other untrusted network) and accepts TCP/IP connections from mobile applications. It operates on IPv4 and/or IPv6 networks. Incoming client connections typically use SSL/TLS to provide security for the network communication and a mutual trust of communicating peers. Communication protocol is typically based on HTTP.^[1]

Host[edit]

Gateway forwards requests from connected apps to a collection of configured hosts. These are typically HTTP or HTTPS servers or services within an internal network. The response from a host is sent back to the respective mobile app.

References[edit]

^ "Mobile Security". www.peerlyst.com. Retrieved 6 May 2016.

This mobile computing related article is a stub. You can help Wikipedia by expanding it.

[1] "Mobile Security". www.peerlyst.com. Retrieved 6 May 2016.

[1]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Hacktivism Insecure direct object reference Keystroke loggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection Site isolation