Policy-Based Application Management

US 20140032733A1
Filed: 10/02/2013
Published: 01/30/2014
Est. Priority Date: 10/11/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing a secure storage location on an electronic mobile device, comprising:

receiving, by an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files;

receiving, by the device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application;

running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files;

storing and executing multiple managed applications on the device;

associating each managed application with an application group;

associating each application group with a different secure persistent storage area; and

providing access to each secure persistent storage area only to those managed applications in the associated application group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user'"'"'s own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Citations

20 Claims

1. A method of providing a secure storage location on an electronic mobile device, comprising:
- receiving, by an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files;
  
  receiving, by the device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application;
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files;
  
  storing and executing multiple managed applications on the device;
  
  associating each managed application with an application group;
  
  associating each application group with a different secure persistent storage area; and
  
  providing access to each secure persistent storage area only to those managed applications in the associated application group.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving a set of encryption/decryption keys in one of the policy files; and
      
      using the received set of keys to encrypt data written to the secure persistent storage area, and to decrypt data read from the secure persistent storage area.
  - 3. The method of claim 1, further comprising:
    - receiving a request to delete content from the secure persistent storage area;
      
      responsive to the request, determining whether an originator of the request is authorized to delete the content; and
      
      deleting the content from the secure persistent storage area when the originator is authorized to delete the content.
  - 4. The method of claim 3, wherein the originator is other than a user of the electronic mobile device.
  - 5. The method of claim 3, wherein the originator is an administrator of an enterprise mobility management (EMM) service.
  - 6. The method of claim 1, wherein the set of one or more policy files act to provide access by the managed application to a secure persistent storage area of the electronic mobile device, said secure persistent storage area accessible by an enterprise administrator, and usable to store a plurality of discrete data files.
  - 7. The method of claim 1, further comprising:
    - storing and executing multiple managed applications on the device; and
      
      permitting each managed application access to the secure persistent storage area, based on one or more policy files.

8. One or more non-transitory computer readable media storing computer instructions that, when executed, provide a secure storage location on an electronic mobile device by:
- receiving, by an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files;
  
  receiving, by the device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; and
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files,wherein the set of one or more policy files act to provide access by the managed application to a secure persistent storage area of the electronic mobile device, said secure persistent storage area accessible by an enterprise administrator, and usable to store a plurality of discrete data files.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable media of claim 8, said instructions further comprising:
    - receiving a set of encryption/decryption keys in one of the policy files; and
      
      using the received set of keys to encrypt data written to the secure persistent storage area, and to decrypt data read from the secure persistent storage area.
  - 10. The computer readable media of claim 9, said instructions further comprising:
    - receiving a request to delete content from the secure persistent storage area;
      
      responsive to the request, determining whether an originator of the request is authorized to delete the content; and
      
      deleting the content from the secure persistent storage area when the originator is authorized to delete the content.
  - 11. The computer readable media of claim 10, wherein the originator is other than a user of the electronic mobile device.
  - 12. The computer readable media of claim 10, wherein the originator is an administrator of an enterprise mobility management (EMM) service.
  - 13. The computer readable media of claim 8, said instructions further comprising:
    - storing and executing multiple managed applications on the device;
      
      associating each managed application with an application group;
      
      associating each application group with a different secure persistent storage area; and
      
      providing access to each secure persistent storage area only to those managed applications in the associated application group.
  - 14. The computer readable media of claim 8, said instructions further comprising:
    - storing and executing multiple managed applications on the device; and
      
      permitting each managed application access to the secure persistent storage area, based on one or more policy files.

15. An electronic mobile device, comprising:
- a processor; and
  
  memory storing computer readable instructions that, when executed by the processor, cause the device to provide a secure storage location by;
  
  receiving, by an electronic mobile device, a managed application from an application server during a first communication, the managed application being to operate in accordance with a set of one or more policy files;
  
  receiving, by the device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application;
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files;
  
  storing and executing multiple managed applications on the device;
  
  associating each managed application with an application group;
  
  associating each application group with a different secure persistent storage area; and
  
  providing access to each secure persistent storage area only to those managed applications in the associated application group.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, said instructions further comprising:
    - receiving a set of encryption/decryption keys in one of the policy files; and
      
      using the received set of keys to encrypt data written to the secure persistent storage area, and to decrypt data read from the secure persistent storage area.
  - 17. The device of claim 16, said instructions further comprising:
    - receiving a request to delete content from the secure persistent storage area;
      
      responsive to the request, determining whether an originator of the request is authorized to delete the content; and
      
      deleting the content from the secure persistent storage area when the originator is authorized to delete the content.
  - 18. The device of claim 17, wherein the originator is other than a user of the electronic mobile device.
  - 19. The device of claim 17, wherein the originator is an administrator of an enterprise mobility management (EMM) service.
  - 20. The device of claim 15, wherein the set of one or more policy files act to provide access by the managed application to a secure persistent storage area of the electronic mobile device, said secure persistent storage area accessible by an enterprise administrator, and usable to store a plurality of discrete data files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Barton, Gary, Walker, James Robert, Desai, Nitin, Lang, Zhongmin

Application Number

US14/043,902
Publication Number

US 20140032733A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/54   by adding security routines...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 21/72   in cryptographic circuits

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 41/00   Arrangements for maintenanc...

H04L 41/28   Restricting access to netwo...

H04L 41/34   Signalling channels for net...

H04L 51/08   Annexed information, e.g. a...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/20 : for managing network securi...

H04L 67/10 : in which an application is ...

H04W 12/06 : Authentication

H04W 12/08 : Access security

H04W 12/30 : Security of mobile devices;...

H04W 12/37 : Managing security policies ...

H04W 12/63 : Location-dependent; Proximi...

View All

Policy-Based Application Management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-Based Application Management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links