Managing and Enforcing Policies on Mobile Devices

US 20090049518A1
Filed: 08/08/2008
Published: 02/19/2009
Est. Priority Date: 08/08/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

a server computer executing a server-side policy management process including an interface component configured to allow a system administrator to define and modify action rule sets, and a transmission function to distribute the action rule sets to client devices over one or more networks; and

a mobile client device coupled to the server computer over the one or more networks, and executing a client-side policy management process configured to activate, deactivate, and enforce the action rule sets distributed by the server computer to implement at least one of defining one or more operational characteristics of the mobile client device or allowing access to one or more resources on the mobile client device or accessible by the mobile client device over the one or more networks.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a system configured to manage policies, including decision policies and active policies, on mobile devices is described. The system is configured to manage policies, including decision policies and active policies, on mobile devices is described that includes a device policy repository, a policy decision point, a decision policy enforcer, and an active policy enforcer. The system includes a method for enforcing policies on mobile devices that proactively monitors the execution environment and automatically triggers active policies. The method further exports an interface and provides functionality to evaluate and enforce decision policies. The system can combine policies from different sources, including detecting and avoiding policy conflicts.

Citations

27 Claims

1. A system comprising:
- a server computer executing a server-side policy management process including an interface component configured to allow a system administrator to define and modify action rule sets, and a transmission function to distribute the action rule sets to client devices over one or more networks; and
  
  a mobile client device coupled to the server computer over the one or more networks, and executing a client-side policy management process configured to activate, deactivate, and enforce the action rule sets distributed by the server computer to implement at least one of defining one or more operational characteristics of the mobile client device or allowing access to one or more resources on the mobile client device or accessible by the mobile client device over the one or more networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1 wherein the action rule sets comprise:
    - trigger events denoting a change in state of a variable of interest to an action rule of the action rule sets;
      
      conditions comprising a yes or no value associated with the variable of interest; and
      
      actions comprising a task to be executed by the mobile client device when a corresponding condition is true.
  - 3. The system of claim 2 wherein the action rule sets comprise policies defined by the server-side policy management process and enforced by the client-side policy management process.
  - 4. The system of claim 3 wherein the policies comprise one or more policies, each defined as a first type of policy or a second type of policy.
  - 5. The system of claim 4 wherein the first type of policy comprises a decision policy that returns either a true or false value and that enables access to a resource or function resident on the mobile client device or accessible to the mobile client device over the one or more networks, and wherein the second type of policy comprises an active policy that initiates an action on the mobile client device when a defined condition is satisfied.
  - 6. The system of claim 5 wherein the resource is selected from the group consisting essentially of:
    - application programs resident on the mobile client device, hardware functionality provided by the mobile client device, and computer files accessible by the mobile client device.
  - 7. The system of claim 5 wherein the defined condition is determined to be satisfied through one or more sensor elements on the mobile client device, and wherein the defined condition is selected from the group consisting essentially of:
    - time, location, user profile, and environmental conditions.
  - 8. The system of claim 7 wherein the one or more sensor elements include a timer circuit, a timer software routine, a location determination circuit, and at least one environmental sensor.
  - 9. The system of claim 8 wherein the hardware functionality provided by the mobile client device include a telecommunications interface, a music player, and a camera.
  - 10. The system of claim 1 wherein a plurality of conditions are grouped together by one or more condition groups.
  - 11. The system of claim 1 wherein the client-side policy management process is further configured to monitor compliance with an action rule, and to detect and report to the server computer any violations of an action rule.
  - 12. The system of claim 3 wherein the server computer comprises an enterprise server, and further wherein the policies comprise enterprise rules implemented to restrict access to corporate resources in accordance with defined business rules.
  - 13. The system of claim 12 wherein the corporate resources comprise information databases and related files, and the defined business rules restrict access based on identification and access privileges of a user of the mobile client device.
  - 14. The system of claim 13 wherein the policies comprise usage rules implemented to restrict mobile client device operation based on defined conditions.
  - 15. The system of claim 14 wherein the client device operation comprise access to functions available on the mobile client device and one or more operational settings of the mobile client device, and wherein the defined conditions include time of usage or location of the mobile client device.
  - 16. The system of claim 15 wherein the server-side policy management process comprises:
    - a policy creator module configured to allow the system administrator to create, edit, and delete policies;
      
      a target group policy manager module configured to define and manage target groups consisting of users of mobile devices coupled to the server computer;
      
      a device policy manager module configured to install, remove, update, activate, or deactivate policies on the mobile client device; and
      
      a user interface providing access to the system administrator to define and manage policies through the server-side policy management process.

17. A system for implementing policy management on a mobile device, comprising:
- a device policy repository storing one or more policies on the mobile device, the policies comprising at least one of a decision policy that dictates user access to operations or resources of the mobile device under defined conditions, and an active policy describing one or more actions to be taken based on an event occurrence;
  
  a decision policy enforcer enforcing policies for access control in response to a request from a requesting entity;
  
  a policy decision point configured to decide whether or not access to a resource is granted based on attributes of a request from the decision policy enforcer and a decision policy stored in the device policy repository; and
  
  an active policy enforcer enforcing active policies in response to an event occurrence.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17 further comprising a policy conflict resolution component comprising:
    - a policy conflict analyzer configured to determine whether one or more policies conflict with one or more other policies; and
      
      a policy selector component configured to determine which policy of two conflicting policies prevail.
  - 19. The system of claim 18 herein the policy selector applies a defined policy priority rule to determine which policy of the two conflicting policies prevail.
  - 20. The system of claim 17 wherein the mobile device includes one or more sensors monitoring defined operational and environmental characteristics related to operation of the mobile device.
  - 21. The system of claim 17 wherein the policies consist of one or more action rule sets, each action rule set comprising:
    - trigger events denoting a change in state of a variable of interest to an action rule of the action rule sets;
      
      conditions comprising a yes or no value associated with the variable of interest; and
      
      actions comprising a task to be executed by the mobile device when a corresponding condition is true.
  - 22. The system of claim 21 wherein the decision policy returns either a true or false value and that enables access to a resource or function resident on the mobile client device or accessible to the mobile device over one or more networks, and wherein the resource is selected from the group consisting essentially of:
    - application programs resident on the mobile client device, hardware functionality provided by the mobile client device, and computer files accessible by the mobile client device.
  - 23. The system of claim 21 wherein the active policy initiates an action on the mobile client device when a defined condition is satisfied, and wherein the defined condition is determined to be satisfied through one or more sensor elements on the mobile client device, and wherein the defined condition is selected from the group consisting essentially of:
    - time, location, user profile, and environmental conditions.

24. A method of defining and enforcing policies on a mobile client device coupled to a server computer over a computer network, comprising:
- executing a client-side process on an Open Mobile Alliance Device Management (OMA DM) enabled mobile client device and configured to monitor the execution environment of the mobile device and automatically trigger one or more defined active policies upon the occurrence of an event; and
  
  executing a server-side process configured to allow creation, modification and transmission of defined active policies to the mobile client device.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24 wherein the policies consist of one or more action rule sets, each action rule set comprising:
    - trigger events denoting a change in state of a variable of interest to an action rule of the action rule sets;
      
      conditions comprising a yes or no value associated with the variable of interest; and
      
      actions comprising a task to be executed by the mobile device when a corresponding condition is true.
  - 26. The method of claim 25 wherein the policies are stored on the server in extended markup language (XML) structures for the respective action-condition-trigger components.
  - 27. The method of claim 26 wherein the mobile client device stores the policies as subnodes in an OMA DM management tree as management objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
InnoPath Software, Inc. (Qualcomm, Inc.)
Inventors
Krivopaltsev, Eugene, Diener, Michael, Buzzard, Gregory D., Shoaib, Shahid, Roman, Manuel

Application Number

US12/188,936
Publication Number

US 20090049518A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 41/0873   Checking configuration conf...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/22   comprising specially adapte...

H04L 67/125   involving control of end-de...

H04L 67/34   involving the movement of s...

Managing and Enforcing Policies on Mobile Devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Managing and Enforcing Policies on Mobile Devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links