CONTROLLING MOBILE DEVICE ACCESS TO ENTERPRISE RESOURCES
First Claim
1. A system for controlling mobile device access to enterprise resources of an enterprise system, the system comprising:
- an enterprise agent that runs on mobile devices of enterprise users, the enterprise agent configured to cause the mobile devices to collect and report mobile device property information, including information regarding applications installed on the mobile devices; and
a mobile device management system configured to store at least (1) the mobile device property information reported by the mobile devices, (2) user information regarding users of the mobile devices, including information specifying respective roles of the users in an enterprise, and (3) data specifying enterprise access policies of the enterprise, including access policies associated with particular enterprise resources, said mobile device management system comprising one or more computing devices;
said mobile device management system configured to use the stored mobile device property information and user information associated with the mobile devices, in combination with the data specifying the enterprise access policies, to control accesses by the mobile devices to the enterprise resources.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
192 Citations
27 Claims
-
1. A system for controlling mobile device access to enterprise resources of an enterprise system, the system comprising:
-
an enterprise agent that runs on mobile devices of enterprise users, the enterprise agent configured to cause the mobile devices to collect and report mobile device property information, including information regarding applications installed on the mobile devices; and a mobile device management system configured to store at least (1) the mobile device property information reported by the mobile devices, (2) user information regarding users of the mobile devices, including information specifying respective roles of the users in an enterprise, and (3) data specifying enterprise access policies of the enterprise, including access policies associated with particular enterprise resources, said mobile device management system comprising one or more computing devices; said mobile device management system configured to use the stored mobile device property information and user information associated with the mobile devices, in combination with the data specifying the enterprise access policies, to control accesses by the mobile devices to the enterprise resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium having stored thereon an agent component that is configured to be installed on a mobile device of an enterprise user, the agent component configured to at least:
-
provide a secure path for one or more authorized applications installed on the mobile device to access enterprise resources of an enterprise system; identify applications installed on the mobile device; determine whether any of the applications installed on the mobile device are unauthorized applications; and execute a remedial action on the mobile device in response to determining that an unauthorized application is installed on the mobile device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable medium having stored thereon an enterprise agent that is configured to be installed on mobile devices of members of an enterprise, the enterprise agent comprising executable code that directs a mobile device to at least:
-
maintain a repository of mobile device rules, including rules received from a mobile device management system associated with the enterprise, at least some of the mobile device rules specifying conditions and associated remedial actions for protecting enterprise resources; collect mobile device property information, including information regarding applications installed on the mobile device; and apply the mobile device rules on the mobile device, wherein applying the mobile device rules comprises using the collected mobile device property information to determine whether said conditions exist, and executing remedial actions associated with detected conditions. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification