Policy-based dynamic information flow control on mobile devices
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system are provided for securing data on a mobile device that supports both enterprise and personal applications. According to the method, information flows and data accesses are tracked on the device at run-time to enable access control decisions to be performed based on a policy, such as an enterprise privacy policy that has been distributed to the device from an enterprise server. The policy may be updated by events at the device as well as at the enterprise server.
134 Citations
25 Claims
-
1-8. -8. (canceled)
-
9. Apparatus associated with a mobile device that is configured to execute both enterprise applications and personal applications, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method to enforce an enterprise policy, the method comprising; receiving and storing an enterprise policy; responsive to an application seeking access to enterprise data stored in the mobile device, retrieving the policy; determining whether a context identified in the policy is satisfied; if the context identified in the policy is satisfied, enabling the application to access the enterprise data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product in a computer readable medium for use in a mobile device data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method to enforce an enterprise policy on the mobile device, the mobile device configured to execute both enterprise applications and personal applications, the method comprising:
-
receiving and storing an enterprise policy; responsive to an application seeking access to enterprise data stored in the mobile device, retrieving the policy; determining whether a context identified in the policy is satisfied; if the context identified in the policy is satisfied, enabling the application to access the enterprise data. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A mobile device, comprising:
-
a hardware processor; one or more data stores in which are stored;
an enterprise security policy, an enterprise application, and a personal application; anda trusted platform module executed by the hardware processor to provide run-time enforcement of the enterprise policy to restrict use of enterprise data except by the enterprise application.
-
Specification