SECURE EXECUTION OF ENTERPRISE APPLICATIONS ON MOBILE DEVICES

US 20140007222A1
Filed: 10/10/2012
Published: 01/02/2014
Est. Priority Date: 10/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method of providing a secure environment for the execution of enterprise applications on a mobile device, the method comprising:

installing a secure launcher on the mobile device, said secure launcher being separate from a general launcher included within an operating system of the mobile device, said general launcher providing functionality for launching non-enterprise applications installed on the mobile device; and

installing enterprise applications on the mobile device such that the enterprise applications are capable of being launched only with the secure launcher, and not with the general launcher, said enterprise applications including functionality for accessing an enterprise system;

wherein the secure launcher is configured to enforce an authentication policy in which a user must enter valid authentication information when launching an enterprise application.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.

590 Citations

20 Claims

1. A method of providing a secure environment for the execution of enterprise applications on a mobile device, the method comprising:
- installing a secure launcher on the mobile device, said secure launcher being separate from a general launcher included within an operating system of the mobile device, said general launcher providing functionality for launching non-enterprise applications installed on the mobile device; and
  
  installing enterprise applications on the mobile device such that the enterprise applications are capable of being launched only with the secure launcher, and not with the general launcher, said enterprise applications including functionality for accessing an enterprise system;
  
  wherein the secure launcher is configured to enforce an authentication policy in which a user must enter valid authentication information when launching an enterprise application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising installing on the mobile device a secure virtual machine that is separate from a virtual machine of the mobile device'"'"'s operating system, and configuring the mobile device such that at least some of the enterprise applications, but none of the non-enterprise applications, run within the secure virtual machine.
  - 3. The method of claim 2, wherein the secure virtual machine includes functionality for enforcing an enterprise data encryption policy in which data stored on the mobile device by the enterprise applications is encrypted.
  - 4. The method of claim 1, further comprising installing on the mobile device executable code that is configured to create a secure container on the mobile device and to use the secure container to store documents output by the enterprise applications, said secure container being separate from a storage space used by the non-enterprise applications to store data.
  - 5. The method of claim 1, further comprising installing on the mobile device executable code that is configured to create application tunnels for enabling the enterprise applications to securely communicate over a network with the enterprise system, each application tunnel being specific to a corresponding enterprise application.
  - 6. The method of claim 1, further comprising modifying at least one of the enterprise applications via an application modification utility, prior to installation of the enterprise application on the mobile device, to configure the enterprise application to use an encryption library to encrypt data stored on the mobile device.
  - 7. The method of claim 1, wherein the method comprises modifying at least one of the enterprise applications by replacing a reference to the general launcher with a reference to the secure launcher, to thereby cause the enterprise application to use the secure launcher.

8. A mobile device comprising a processor and a memory, said mobile computing device having installed thereon:
- a plurality of enterprise applications that are configured to communicate over a network with an enterprise system; and
  
  a secure launcher that provides a user interface for launching the enterprise applications on the mobile device, said secure launcher being separate from a general launcher used to launch non-enterprise applications on the mobile device, said general launcher being a part of an operating system of the mobile device and said secure launcher being separate from the operating system, said enterprise applications capable of being launched on the mobile device only with the secure launcher, not the general launcher;
  
  wherein the secure launcher is configured to authenticate a user of the mobile device when the user attempts to launch an enterprise application, and is configured to block execution of the enterprise applications when the user fails to provide valid authentication information.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The mobile device of claim 8, wherein the user interface of the secure launcher includes a persistent display element that is displayed across a plurality of screens of the mobile device, said persistent display element enabling a user to selectively expose an arrangement of enterprise application icons associated with particular enterprise applications, said enterprise application icons being selectable to initiate launching of corresponding enterprise applications, said arrangement of enterprise application icons being separate from an arrangement of application icons for launching non-enterprise applications.
  - 10. The mobile device of claim 9, wherein the arrangement of application icons comprises a rotatable wheel display element that is rotatable via a swipe operation to expose and conceal enterprise application icons that are positioned along the wheel display element.
  - 11. The mobile device of claim 8, further comprising a secure virtual machine installed on the mobile device, said secure virtual machine being separate from a virtual machine of the operating system, wherein the mobile device is configured such that at least some of the enterprise applications are executed by the secure virtual machine and such that the non-enterprise applications are executed by the operating system'"'"'s virtual machine.
  - 12. The mobile device of claim 11, wherein the secure virtual machine comprises functionality for causing data stored in the memory of the mobile device by an enterprise application to be encrypted.
  - 13. The mobile device of claim 11, wherein the secure launcher is configured to launch the secure virtual machine, and to cause an enterprise application selected by a user to be executed by the secure virtual machine.
  - 14. The mobile device of claim 8, wherein the secure launcher is configured to perform a selective wipe operation in which data associated with the enterprise applications is deleted from the mobile device without deleting data associated with the non-enterprise applications.
  - 15. The mobile device of claim 8, wherein the mobile device has installed thereon an enterprise agent component that communicates with the enterprise system, said agent component including executable code for creating application tunnels for enabling the enterprise applications to communicate over the network with the enterprise system, each application tunnel being specific to a particular enterprise application.
  - 16. The mobile device of claim 15, wherein the agent is configured to collect, and to report to a mobile device management component of the enterprise system, information that identifies the non-enterprise applications installed on the mobile device.

17. A method of providing a secure environment for the execution of enterprise applications on a mobile device that includes non-enterprise applications installed thereon, the method comprising:
- installing a secure virtual machine on the mobile device, said secure virtual machine being separate from a virtual machine included within an operating system of the mobile device; and
  
  configuring the mobile device to cause at least one enterprise application, but none of the non-enterprise applications, to run in the secure virtual machine, whereby the non-enterprise applications continue to use the virtual machine included within the operating system;
  
  wherein the secure virtual machine includes functionality for implementing an encryption policy in which data stored on the mobile device by the enterprise application is encrypted.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the secure virtual machine additionally includes functionality for creating an application tunnel between the mobile device and an enterprise system, and for using the application tunnel for communications between the enterprise application and the enterprise system.
  - 19. The method of claim 17, wherein the method comprises including a reference in the enterprise application to the secure virtual machine.
  - 20. The method of claim 17, further comprising installing a secure launcher on the mobile device, and configuring the enterprise application to use the secure launcher, said secure launcher being separate from a general launcher included within the operating system of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Zenprise, Inc. (Cloud Software Group)
Inventors
Qureshi, Waheed, DeBenning, Thomas H., Datoo, Ahmed, Andre, Olivier, Abdullah, Shafaq

Granted Patent

US 9,183,380 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/16
CPC Class Codes

G06F 21/12   Protecting executable software

G06F 21/14   against software analysis o...

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 8/53   Decompilation; Disassembly

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 12/30   Security of mobile devices;...

H04W 12/37 : Managing security policies ...

H04W 12/64 : using geofenced areas

H04W 4/02 : Services making use of loca...

H04W 4/029 : Location-based management o...

View All

SECURE EXECUTION OF ENTERPRISE APPLICATIONS ON MOBILE DEVICES

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

590 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURE EXECUTION OF ENTERPRISE APPLICATIONS ON MOBILE DEVICES

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

590 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others