Secure execution of enterprise applications on mobile devices

US 10,469,534 B2
Filed: 04/05/2018
Issued: 11/05/2019
Est. Priority Date: 10/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a web browser configured to be installed on a memory of a mobile device, application data from a web application, wherein the web browser is configured to regulate operation of at least one web application in accordance with one or more enterprise policies, the web browser comprising a secure cache;

encrypting, by the web browser, the application data;

storing the encrypted application data in the secure cache;

providing, by the web browser, an option for displaying a document from the application data stored in the secure cache;

receiving a selection of the option for displaying the document from the application data stored in the secure cache;

based on receiving the selection of the option for displaying the document from the application data stored in the secure cache, decrypting a portion of the application data stored in the secure cache associated with the document;

receiving, from a remote computer system, an instruction to make the application data stored in the secure cache inaccessible; and

deleting, by the web browser, the application data from the secure cache.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.

756 Citations

20 Claims

1. A method comprising:
- receiving, by a web browser configured to be installed on a memory of a mobile device, application data from a web application, wherein the web browser is configured to regulate operation of at least one web application in accordance with one or more enterprise policies, the web browser comprising a secure cache;
  
  encrypting, by the web browser, the application data;
  
  storing the encrypted application data in the secure cache;
  
  providing, by the web browser, an option for displaying a document from the application data stored in the secure cache;
  
  receiving a selection of the option for displaying the document from the application data stored in the secure cache;
  
  based on receiving the selection of the option for displaying the document from the application data stored in the secure cache, decrypting a portion of the application data stored in the secure cache associated with the document;
  
  receiving, from a remote computer system, an instruction to make the application data stored in the secure cache inaccessible; and
  
  deleting, by the web browser, the application data from the secure cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising:
    - launching, by a mobile application configured to be installed on the memory of the mobile device, the web browser in response to receiving a command to initiate execution of the web application; and
      
      after launching the web browser, continuing execution of the web application within an execution environment provided by the web browser.
  - 3. The method of claim 1, comprising:
    - encrypting communications between the mobile device and the web application.
  - 4. The method of claim 1, comprising:
    - encrypting, by the web browser, data received from the web application; and
      
      storing, by the web browser, the encrypted data in at least one of a secure document container or the secure cache.
  - 5. The method of claim 1, comprising:
    - logging, by the web browser, performance measurements to an analytics service.
  - 6. The method of claim 5, comprising:
    - based on the performance measurements, determining the one or more enterprise policies.
  - 7. The method of claim 1, comprising:
    - after decrypting the portion of the application data stored in the secure cache associated with the document, preventing, by the web browser, copy and paste operations.
  - 8. The method of claim 1, comprising:
    - after decrypting the portion of the application data stored in the secure cache associated with the document, preventing, by the web browser, local save operations.
  - 9. The method of claim 1, wherein the one or more enterprise policies comprise document access policies governing access to the secure cache.
  - 10. The method of claim 9, wherein at least one document access policy of the document access policies governing access to the secure cache limits access to the secure cache based on a geographical position of the mobile device.

11. A non-transitory computer readable medium storing program instructions that are executable to:
- receive, by a web browser configured to be installed on a memory of a mobile device, application data from a web application, wherein the web browser is configured to regulate operation of at least one web application in accordance with one or more enterprise policies, the web browser comprising a secure cache;
  
  encrypt, by the web browser, the application data;
  
  store the encrypted application data in the secure cache;
  
  provide, by the web browser, an option for displaying a document from the application data stored in the secure cache;
  
  receive a selection of the option for displaying the document from the application data stored in the secure cache;
  
  based on receiving the selection of the option for displaying the document from the application data stored in the secure cache, decrypt a portion of the application data stored in the secure cache associated with the document;
  
  receive, from a remote computer system, an instruction to make the application data stored in the secure cache inaccessible; and
  
  delete, by the web browser, the application data from the secure cache.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - launch, by a mobile application configured to be installed on the memory of the mobile device, the web browser in response to receiving a command to initiate execution of the web application; and
      
      after launching the web browser, continue execution of the web application within an execution environment provided by the web browser.
  - 13. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - encrypt communications between the mobile device and the web application.
  - 14. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - encrypt, by the web browser, data received from the web application; and
      
      store, by the web browser, the encrypted data in at least one of a secure document container or the secure cache.
  - 15. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - log, by the web browser, performance measurements to an analytics service.
  - 16. The non-transitory computer readable medium of claim 15, storing additional program instructions that are executable to:
    - based on the performance measurements, determine the one or more enterprise policies.
  - 17. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - after decrypting the portion of the application data stored in the secure cache associated with the document, prevent, by the web browser, copy and paste operations.
  - 18. The non-transitory computer readable medium of claim 11, storing additional program instructions that are executable to:
    - after decrypting the portion of the application data stored in the secure cache associated with the document, prevent, by the web browser, local save operations.
  - 19. The non-transitory computer readable medium of claim 11, wherein the one or more enterprise policies comprise document access policies governing access to the secure cache.
  - 20. The non-transitory computer readable medium of claim 19, wherein at least one document access policy of the document access policies governing access to the secure cache limits access to the secure cache based on a geographical position of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Qureshi, Waheed, DeBenning, Thomas H., Datoo, Ahmed, Andre, Olivier, Abdullah, Shafaq
Primary Examiner(s)
Kanaan, Simon P

Application Number

US15/946,692
Publication Number

US 20190238592A1
Time in Patent Office

579 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/12   Protecting executable software

G06F 21/14   against software analysis o...

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 8/53   Decompilation; Disassembly

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 12/30   Security of mobile devices;...

H04W 12/37 : Managing security policies ...

H04W 12/64 : using geofenced areas

H04W 4/02 : Services making use of loca...

H04W 4/029 : Location-based management o...

View All

Secure execution of enterprise applications on mobile devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

756 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure execution of enterprise applications on mobile devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

756 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links