System and method for geofencing
First Claim
1. A method, comprising:
- downloading, by a client device of a server computer, a managed container from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in an enterprise computing environment;
receiving, over a network by the managed container embodied on a non-transitory computer memory of the client device, an application retrieved from an application repository by the server computer, the application repository and the server computer residing in the enterprise computing environment outside of a firewall, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall;
storing the application in the managed cache of the managed container on the client device, the storing performed by the managed container;
managing, by the managed container, the application and content stored in the managed container in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend system through the firewall to the server computer to the managed container on the client device;
displaying an icon for the application in a user interface of the managed container on the client device;
providing, by the managed container on the client device, a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container;
receiving, by the managed container on the client device, a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device;
determining, by the managed container on the client device, whether the client device is located within a specified geographical location that is secure for viewing the content;
permitting, by the managed container on the client device to the application running in the secure shell or runtime environment provided by the managed container on the client device, access to the content if the client device is located within the specified geographical location that is secure for viewing the content;
denying or restricting, by the managed container on the client device based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and
automatically deleting the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the server computer or returned to within the specified geographical location.
4 Assignments
0 Petitions
Accused Products
Abstract
A managed container may have a managed cache storing content managed by or through an application gateway server computer. The managed container may receive a request for content from an application running in a secure shell provided by the managed container on a client device. The managed container may determine whether the client device is within a specified geographical location. If not, the managed container may deny or restrict the application access to the requested content. The access denial or restriction may continue until a connection is made to the application gateway server computer or until the client device has returned to within the specified geographical location. If the client device is within the specified geographical location, the managed container may provide or restore access to requested content. Embodiments of the managed container can therefore perform geofencing by disabling or limiting access to content based on predetermined secure/insecure designations.
-
Citations
18 Claims
-
1. A method, comprising:
-
downloading, by a client device of a server computer, a managed container from a network source, the managed container written in a programming language native to the client device and comprising a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in an enterprise computing environment; receiving, over a network by the managed container embodied on a non-transitory computer memory of the client device, an application retrieved from an application repository by the server computer, the application repository and the server computer residing in the enterprise computing environment outside of a firewall, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall; storing the application in the managed cache of the managed container on the client device, the storing performed by the managed container; managing, by the managed container, the application and content stored in the managed container in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend system through the firewall to the server computer to the managed container on the client device; displaying an icon for the application in a user interface of the managed container on the client device; providing, by the managed container on the client device, a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container; receiving, by the managed container on the client device, a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device; determining, by the managed container on the client device, whether the client device is located within a specified geographical location that is secure for viewing the content; permitting, by the managed container on the client device to the application running in the secure shell or runtime environment provided by the managed container on the client device, access to the content if the client device is located within the specified geographical location that is secure for viewing the content; denying or restricting, by the managed container on the client device based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and automatically deleting the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the server computer or returned to within the specified geographical location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
an application gateway server computer communicatively connected to an application repository, the application repository and the application gateway server computer residing in an enterprise computing environment outside of a firewall; and a managed container downloaded from a network source by a client device of the application gateway server, the managed container having a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with backend systems running in the enterprise computing environment, the managed container embodied on a non-transitory computer memory of the client device, wherein the managed container is configured to; receive an application from the application gateway server computer over a network, the application retrieved by the application gateway server computer from the application repository, the application hosted or required by a backend system operating in the enterprise computing environment behind the firewall; store the application in the managed cache of the managed container on the client device; manage the application and content stored in the managed cache in accordance with one or more rules, the one or more rules including a geolocking or geofencing rule propagated from the backend systems through the firewall to the application gateway server computer to the managed container on the client device; display an icon for the application in a user interface of the managed container on the client device; provide a secure shell or runtime environment for running the application when the icon for the application is selected or invoked from within the user interface of the managed container; receive a request for content from the application running in the secure shell or runtime environment provided by the managed container on the client device; determine whether the client device is located within a specified geographical location that is secure for viewing the content; permit the application running in the secure shell or runtime environment provided by the managed container on the client device to access to the content if the client device is located within the specified geographical location that is secure for viewing the content; deny or restrict, based at least in part on the geolocking or geofencing rule, access by the application to the content requested by the application if the client device is not located within the specified geographical location that is secure for viewing the content; and automatically delete the content from the managed cache if the client device is outside of the specified geographical location for a predetermined amount of time and, after the predetermined amount of time has passed, the client device has not made a connection to the application gateway server computer or returned to within the specified geographical location. - View Dependent Claims (16, 17, 18)
-
Specification