Policy-Based Application Management

US 20140040977A1
Filed: 10/03/2013
Published: 02/06/2014
Est. Priority Date: 10/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files defined independent of the managed application;

receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; and

running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of policies which is stored on the electronic mobile device separately from the managed application,wherein the set of one or more policy files, when applied to the managed application, cause the managed application to restrict a data sharing feature otherwise made available on the electronic mobile device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user'"'"'s own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Citations

20 Claims

1. A method comprising:
- receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files defined independent of the managed application;
  
  receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; and
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of policies which is stored on the electronic mobile device separately from the managed application,wherein the set of one or more policy files, when applied to the managed application, cause the managed application to restrict a data sharing feature otherwise made available on the electronic mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data sharing feature comprises an unrestricted cut and paste feature exposed by an operating system of the electronic mobile device.
  - 3. The method of claim 1, wherein the data sharing feature comprises a URL dispatch feature, and wherein the set of one or more policy files act to prevent the managed application from performing a URL dispatch.
  - 4. The method of claim 1, wherein the data sharing feature comprises a dictation feature, and wherein the set of one or more policy files act to prevent the managed application from permitting a user to use the dictation feature from within the managed application.
  - 5. The method of claim 1, wherein the data sharing feature comprises a content provider API, and wherein the set of one or more policy files act to prevent the managed application from calling the content provider API.
  - 6. The method of claim 1, wherein the data sharing feature comprises a remote procedure call, and wherein the set of one or more policy files act to prevent the managed application from calling the remote procedure call.
  - 7. The method of claim 1, wherein the data sharing feature comprises a memory sharing feature, and wherein the set of one or more policy files act to prevent the managed application from writing data to memory shared with an unmanaged application.

8. Non-transitory computer readable media storing instructions that, when executed,cause a system to perform:
- receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files defined independent of the managed application;
  
  receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; and
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of policies which is stored on the electronic mobile device separately from the managed application,wherein the set of one or more policy files, when applied to the managed application, cause the managed application to restrict a data sharing feature otherwise made available on the electronic mobile device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable media of claim 8, wherein the data sharing feature comprises an unrestricted cut and paste feature exposed by an operating system of the electronic mobile device.
  - 10. The computer readable media of claim 8, wherein the data sharing feature comprises a URL dispatch feature, and wherein the set of one or more policy files act to prevent the managed application from performing a URL dispatch.
  - 11. The computer readable media of claim 8, wherein the data sharing feature comprises a dictation feature, and wherein the set of one or more policy files act to prevent the managed application from permitting a user to use the dictation feature from within the managed application.
  - 12. The computer readable media of claim 8, wherein the data sharing feature comprises a content provider API, and wherein the set of one or more policy files act to prevent the managed application from calling the content provider API.
  - 13. The computer readable media of claim 8, wherein the data sharing feature comprises a remote procedure call, and wherein the set of one or more policy files act to prevent the managed application from calling the remote procedure call.
  - 14. The computer readable media of claim 8, wherein the data sharing feature comprises a memory sharing feature, and wherein the set of one or more policy files act to prevent the managed application from writing data to memory shared with an unmanaged application.

15. An apparatus comprising:
- a processor; and
  
  memory storing computer readable instructions that, when executed by the processor, cause the apparatus to perform;
  
  receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files defined independent of the managed application;
  
  receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; and
  
  running, by the processor, the managed application on the mobile device, the managed application operating in accordance with the set of policies which is stored on the electronic mobile device separately from the managed application,wherein the set of one or more policy files, when applied to the managed application, cause the managed application to restrict a data sharing feature otherwise made available on the electronic mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the data sharing feature comprises an unrestricted cut and paste feature exposed by an operating system of the electronic mobile device.
  - 17. The apparatus of claim 15, wherein the data sharing feature comprises a URL dispatch feature, and wherein the set of one or more policy files act to prevent the managed application from performing a URL dispatch.
  - 18. The apparatus of claim 15, wherein the data sharing feature comprises a dictation feature, and wherein the set of one or more policy files act to prevent the managed application from permitting a user to use the dictation feature from within the managed application.
  - 19. The apparatus of claim 15, wherein the data sharing feature comprises a content provider API, and wherein the set of one or more policy files act to prevent the managed application from calling the content provider API.
  - 20. The apparatus of claim 15, wherein the data sharing feature comprises a remote procedure call, and wherein the set of one or more policy files act to prevent the managed application from calling the remote procedure call.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Barton, Gary, Walker, James Robert, Desai, Nitin, Lang, Zhongmin

Granted Patent

US 8,806,570 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/72   in cryptographic circuits

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/37   Managing security policies ...

H04W 12/63   Location-dependent; Proximi...

Policy-Based Application Management

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-Based Application Management

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links