Techniques to apply and share remote policies on mobile devices

US 10,291,658 B2
Filed: 11/09/2011
Issued: 05/14/2019
Est. Priority Date: 11/09/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

connecting to an enterprise server with a first enterprise application on a personal device using an enterprise account for a user of the personal device, the first enterprise application selected from among a group of applications including an electronic mail application, a word processing application, a video conferencing application, and a collaboration application;

receiving a policy for the first enterprise application from the enterprise server at the first enterprise application, the policy comprising one or more rules that one or more applications must follow to interact with the enterprise server;

the policy comprising a password policy including a requirement for re-entry of a password after a specified period of inactivity;

applying, by a processor circuit, the policy to the first enterprise application;

applying, by the processor circuit, the policy to a second enterprise application on the personal device automatically when the second enterprise application is used;

generating a policy key at the personal device representing the policy applied to the first and second enterprise applications on the personal device; and

transmitting the policy key from the personal device to the enterprise server to validate compliance with the policy by the personal device;

wherein activity within either of the first enterprise application or the second enterprise application satisfies the password policy to avoid re-entry of the password in either of the first enterprise application or the second enterprise application within the specified period; and

wherein at least one aspect of the policy is not applied to a non-enterprise application on the personal device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to apply and share remote policies on personal devices are described. In an embodiment, a technique includes contacting an enterprise server from an enterprise application operating on a personal device. The enterprise application may receive policies from the enterprise server. The policies may be applied to the enterprise application. When a second enterprise application on the personal device is launched, the policies may also be applied to the second enterprise application. When a policy is changed on the enterprise server, notification is pushed to the personal device and all related enterprise applications on the personal device may be updated to enforce the policy change. Other embodiments are described and claimed.

Citations

20 Claims

1. A computer-implemented method, comprising:
- connecting to an enterprise server with a first enterprise application on a personal device using an enterprise account for a user of the personal device, the first enterprise application selected from among a group of applications including an electronic mail application, a word processing application, a video conferencing application, and a collaboration application;
  
  receiving a policy for the first enterprise application from the enterprise server at the first enterprise application, the policy comprising one or more rules that one or more applications must follow to interact with the enterprise server;
  
  the policy comprising a password policy including a requirement for re-entry of a password after a specified period of inactivity;
  
  applying, by a processor circuit, the policy to the first enterprise application;
  
  applying, by the processor circuit, the policy to a second enterprise application on the personal device automatically when the second enterprise application is used;
  
  generating a policy key at the personal device representing the policy applied to the first and second enterprise applications on the personal device; and
  
  transmitting the policy key from the personal device to the enterprise server to validate compliance with the policy by the personal device;
  
  wherein activity within either of the first enterprise application or the second enterprise application satisfies the password policy to avoid re-entry of the password in either of the first enterprise application or the second enterprise application within the specified period; and
  
  wherein at least one aspect of the policy is not applied to a non-enterprise application on the personal device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the policy further comprises at least one of:
    - an encryption policy;
      
      ora data wipe policy.
  - 3. The method of claim 2, wherein applying the password policy further comprises enforcing at least one of:
    - receiving a password to use an enterprise application;
      
      a password format;
      
      ordisabling an enterprise application password constraint when the personal device has a password that meets or exceeds password constraints in the password policy.
  - 4. The method of claim 2, wherein applying an encryption policy comprises enforcing at least one of:
    - turning device encryption on when encryption is requested;
      
      detecting whether device encryption is enabled and setting a policy flag reflecting the device encryption enablement status for other enterprise applications to check;
      
      checking if encryption is needed for storing enterprise data on the personal device;
      
      orpreventing enterprise data storage on the personal device when encryption is requested and device encryption is not enabled.
  - 5. The method of claim 2, wherein applying a data wipe policy comprises at least one of:
    - receiving a wipe command from the enterprise server and erasing only enterprise data from the personal device;
      
      detecting when a maximum number of failed password entry attempts has occurred on the personal device, and erasing only enterprise data from the personal device;
      
      orerasing enterprise data specific to an enterprise account when the personal device is not encryption compliant and encryption is requested.
  - 6. The method of claim 1, further comprising:
    - receiving a push notification from the enterprise server that a policy has been one of added, changed, or deleted;
      
      receiving an added, changed or deleted policy;
      
      applying the added or changed policy; and
      
      removing a deleted policy.
  - 7. The method of claim 1, further comprising preventing download of enterprise data from the enterprise server until the enterprise application requesting the enterprise data adheres to the policy.
  - 8. The method of claim 1, further comprising:
    - providing the policy key to the enterprise server for comparison to the policy on the enterprise server; and
      
      receiving a notification from the enterprise server that the policy on the personal device is up to date or the policy on the personal device needs to be updated.
  - 9. The method of claim 1, wherein each enterprise application on the personal device is linked to a same one enterprise account on the enterprise server.

10. An article of manufacture comprising a computer-readable storage device containing instructions that when executed cause a system to:
- receive a policy from an enterprise server for a first enterprise application at the first enterprise application, the first enterprise application using an enterprise account for a user of a personal device to connect to the enterprise server, the policy comprising one or more rules that the one or more applications must follow to interact with the enterprise server;
  
  the policy comprising a password policy including a requirement for re-entry of a password after a specified period of inactivity, the first enterprise application selected from among a group of applications including an electronic mail application, a word processing application, a video conferencing application, and a collaboration application;
  
  apply the policy to the first enterprise application;
  
  apply the policy to a second enterprise application on the device when the second enterprise application is used;
  
  generate a policy key at the personal device representing the policy applied to the first and second enterprise applications on the personal device; and
  
  transmit the policy key from the personal device to the enterprise server to validate compliance with the policy by the personal device;
  
  wherein activity within either of the first enterprise application or the second enterprise application satisfies the password policy to avoid re-entry of the password in either of the first enterprise application or the second enterprise application within the specified period; and
  
  wherein at least one aspect of the policy is not applied to a non-enterprise application on the personal device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The article of claim 10, the computer-readable storage device further comprising instructions that when executed cause the system to prevent download of enterprise data from the enterprise server until the enterprise application requesting the enterprise data adheres to the policy.
  - 12. The article of claim 10, wherein transmitting the policy key from the personal device to the enterprise server to validate compliance with the policy by the personal device includes causing the system to:
    - provide the policy key to the enterprise server for comparison to the policy on the enterprise server; and
      
      receive a notification from the enterprise server that the policy on the personal device is up to date or the policy on the personal device needs to be updated.
  - 13. The article of claim 10, wherein the policy comprises a password policy, the computer-readable storage device further comprising instructions that when executed cause the system to enforce at least one of:
    - receive a password to use an enterprise application;
      
      a password format; and
      
      disabling an enterprise application password constraint when the personal device has a password that meets or exceeds password constraints in the password policy.
  - 14. The article of claim 10, wherein the policy is an encryption policy, the computer-readable storage device further comprising instructions that when executed cause the system to enforce at least one of:
    - turning device encryption on when encryption is requested;
      
      detecting whether device encryption is enabled and setting a policy flag reflecting the device encryption enablement status for other enterprise applications to check;
      
      checking if encryption is needed for storing enterprise data on the personal device;
      
      orpreventing enterprise data storage on the personal device when encryption is needed and device encryption is not enabled.
  - 15. The article of claim 10, wherein the policy is a wipe policy, the computer-readable storage device further comprising instructions that when executed cause the system to at least one of:
    - receive a wipe command from the enterprise server and erase only enterprise data from the personal device;
      
      detect when a maximum number of failed password entry attempts has occurred on the personal device, and erase only enterprise data from the personal device;
      
      orerase enterprise data specific to an enterprise account when the personal device is not encryption compliant and encryption is needed.
  - 16. The article of claim 10, the computer-readable storage device further comprising instructions that when executed cause the system to connect the first enterprise application to the enterprise server and the second enterprise application to the enterprise server using a same one enterprise account on the enterprise server.

17. An apparatus, comprising:
- a memory store to store personal data and enterprise data;
  
  a processing unit coupled to the memory store; and
  
  multiple enterprise applications executable on the processing unit and operative to connect to an enterprise server using an enterprise account for a user of a personal device, receive a policy for a first enterprise application from the enterprise server at the first enterprise application, and automatically apply the policy for the first enterprise application to a second enterprise application, the policy comprising one or more rules that one or more applications must follow to interact with the enterprise server;
  
  the policy comprising a password policy including a requirement for re-entry of a password after a specified period of inactivity;
  
  wherein the first enterprise application is selected from among a group of applications including an electronic mail application, a word processing application, a video conferencing application, and a collaboration application; and
  
  wherein the apparatus generates a policy key representing the policy applied to the first and second enterprise applications and transmits the policy key from the personal device to the enterprise server to validate compliance with the policy by the personal device;
  
  wherein activity within either of the first enterprise application or the second enterprise application satisfies the password policy to avoid re-entry of the password in either of the first enterprise application or the second enterprise application within the specified period; and
  
  wherein at least one aspect of the policy is not applied to a non-enterprise application on the personal device.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, comprising:
    - the first enterprise application operative to connect to the enterprise server, receive the policy from the enterprise server, set a policy flag reflecting a policy condition, and apply the policy to the first enterprise application; and
      
      the second enterprise application operative to check the policy flag, and automatically apply the policy according to the policy flag to the second enterprise application when the policy flag is set.
  - 19. The apparatus of claim 17, wherein, in transmitting the policy key from the personal device to the enterprise server, the first enterprise application is operative to provide the policy key to the enterprise server for comparison to the policy on the enterprise server, and receive a notification from the enterprise server that the policy is up to date or needs to be updated.
  - 20. The apparatus of claim 17, wherein the first and second enterprise applications are linked to a same enterprise account on the enterprise server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Kent, Jonathan, Hamler, Michael, Seetharaman, Shivakumar, Bolles, Gregory
Primary Examiner(s)
Zaidi, Syed A

Application Number

US13/292,346
Publication Number

US 20130117805A1
Time in Patent Office

2,743 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/205   involving negotiation or de...

H04L 67/025   for remote control or remot...

Techniques to apply and share remote policies on mobile devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques to apply and share remote policies on mobile devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links