SECURE CONTAINER FOR PROTECTING ENTERPRISE DATA ON A MOBILE DEVICE
First Claim
1. A mobile device comprising computer-readable storage and at least one processor configured to execute computer-executable code stored on the computer-readable storage, said mobile device comprising:
- a file system comprising a first portion of the computer-readable storage of the mobile device, the file system configured to store enterprise data including an enterprise document;
a second portion of the computer-readable storage configured to store private data associated with activity of a user of the mobile device that is outside of a role of the user in an enterprise, the second portion being logically separated from the file system; and
an access manager implemented by computer-executable code stored on the computer-readable storage of the mobile device, the access manager configured to store the enterprise document on the file system such that the enterprise document is logically separated from the private data, and to limit access of a software application installed on the mobile device to the enterprise document based on one or more document access policies associated with the enterprise document such that the software application has different restrictions for accessing the enterprise document than the private data.
9 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
-
Citations
26 Claims
-
1. A mobile device comprising computer-readable storage and at least one processor configured to execute computer-executable code stored on the computer-readable storage, said mobile device comprising:
-
a file system comprising a first portion of the computer-readable storage of the mobile device, the file system configured to store enterprise data including an enterprise document; a second portion of the computer-readable storage configured to store private data associated with activity of a user of the mobile device that is outside of a role of the user in an enterprise, the second portion being logically separated from the file system; and an access manager implemented by computer-executable code stored on the computer-readable storage of the mobile device, the access manager configured to store the enterprise document on the file system such that the enterprise document is logically separated from the private data, and to limit access of a software application installed on the mobile device to the enterprise document based on one or more document access policies associated with the enterprise document such that the software application has different restrictions for accessing the enterprise document than the private data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securing enterprise data stored on a mobile device, the method comprising:
-
receiving, by the mobile device, enterprise data from an enterprise resource; storing the enterprise data in a secure document container of the mobile device such that the enterprise data is logically separated from non-enterprise data, the secure document container comprising computer-readable storage, said storing occurring automatically under control of an enterprise agent running on the mobile device; and selectively controlling access to the enterprise data stored in the secure document container of the mobile device in accordance with one or more document access policies, the one or more document access policies defining conditions for accessing the enterprise data, wherein access to the non-enterprise data is independent of the one or more document access policies. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory storage medium comprising instructions stored thereon executable by a mobile device to perform a process, the process comprising:
-
creating, within a portion of a memory of the mobile device, a secure document container for storing enterprise data, said secure document container separate from a storage space used to store non-enterprise data; storing enterprise data received from an enterprise computing system in the secure document container of the mobile device; and restricting access to the enterprise data stored in the secure document container based on one or more rules defining conditions for allowing access to the enterprise data stored in the secure document container, wherein access to the non-enterprise data stored on the mobile device is independent of the one or more rules. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification