CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS

US 20140108649A1
Filed: 09/30/2013
Published: 04/17/2014
Est. Priority Date: 10/15/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

analyzing a managed application to determine one or more policy settings for the managed application, wherein the managed application is to be made available for download to a mobile device, and wherein each of the one or more policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway;

displaying, by one or more computing devices, a user interface that displays the one or more policy settings;

receiving input via the user interface that creates or modifies an application management setting of the one or more policy settings, wherein the application management setting specifies how data associated with the managed application is to be processed by the mobile device in connection with the managed application;

producing a policy file for the managed application that includes the application management setting; and

providing the policy file such that the policy is available for download to the mobile device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Citations

20 Claims

1. A method, comprising:
- analyzing a managed application to determine one or more policy settings for the managed application, wherein the managed application is to be made available for download to a mobile device, and wherein each of the one or more policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway;
  
  displaying, by one or more computing devices, a user interface that displays the one or more policy settings;
  
  receiving input via the user interface that creates or modifies an application management setting of the one or more policy settings, wherein the application management setting specifies how data associated with the managed application is to be processed by the mobile device in connection with the managed application;
  
  producing a policy file for the managed application that includes the application management setting; and
  
  providing the policy file such that the policy is available for download to the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the policy file is an Extensible Markup Language (XML) file or a JavaScript Object Notation (JSON) file, and wherein the policy file includes one or more key/value pairs organized as a dictionary, wherein one key/value pair of the one or more key/value pairs corresponds to application management setting.
  - 3. The method of claim 1, wherein the application management setting includes a setting group or category identifier;
    - a setting dictionary name;
      
      a setting type;
      
      a range of possible setting values;
      
      a default setting value;
      
      a setting friendly name string;
      
      a setting unit display string; and
      
      a help text string.
  - 4. The method of claim 1, wherein the application management setting includes data specifying:
    - that legacy data is to be encrypted and stored in a secure container of the mobile device;
      
      one or more encryption or decryption keys for use when reading or writing to the secure container;
      
      information that identifies a basis for assigning the one or more encryption keys, information that identifies when each of the one or more encryption keys is to be updated by the mobile device;
      
      or information that identifies the mobile device is to use an application specific virtual private network (VPN) tunnel with the access gateway to retrieve the one or more encryption keys;
      
      wherein the secure data container is a logical interface into which read or write operations from the mobile application are redirected and in which data is in an encrypted form, and includes a file system and an access manager that governs access to the file system.
  - 5. The method of claim 1, wherein the user interface is configured to accept input specifying:
    - that legacy data is to be encrypted and stored in a secure container of the mobile device;
      
      one or more encryption or decryption keys for use when reading or writing to the secure container;
      
      information that identifies a basis for assigning the one or more encryption keys, information that identifies when each of the one or more encryption keys is to be updated by the mobile device; and
      
      information that identifies the mobile device is to use an application specific virtual private network (VPN) tunnel with the access gateway to retrieve the one or more encryption keys.
  - 6. The method of claim 1, wherein the application management setting includes data specifying that an identifier or a resource name of a private secured data container that is accessible to only the managed application and in which read or write operations from the managed application are to be redirected to by the mobile device when executing the managed application.
  - 7. The method of claim 1, further comprising:
    - assigning the policy file to a group of applications.
  - 8. The method of claim 1, wherein the providing the policy file includes publishing the policy file to an application store that also publishes the managed application.
  - 9. The method of claim 1, wherein providing the policy file includes pushing the policy file to the mobile device based on the mobile device being registered with a push service.

10. An apparatus, comprising:
- at least one processor; and
  
  memory storing executable instructions configured to, when executed by the at least one processor, cause the apparatus to;
  
  analyze a managed application to determine one or more policy settings for the managed application, wherein the managed application is to be made available for download to a mobile device, and wherein each of the one or more policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gatewaydisplay a user interface that displays the one or more policy settings;
  
  receive input via the user interface that creates or modifies an application management setting of the one or more policy settings, wherein the application management setting specifies how data associated with the managed application is to be processed by the mobile device in connection with the managed application;
  
  produce a policy file for the managed application that includes the application management setting; and
  
  provide the policy file such that the policy is available for download to the mobile device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, wherein the policy file is an Extensible Markup Language (XML) file or a JavaScript Object Notation (JSON) file, and wherein the policy file includes one or more key/value pairs organized as a dictionary, wherein one key/value pair of the one or more key/value pairs corresponds to application management setting.
  - 12. The apparatus of claim 10, wherein the application management setting includes a setting group or category identifier;
    - a setting dictionary name;
      
      a setting type;
      
      a range of possible setting values;
      
      a default setting value;
      
      a setting friendly name string;
      
      a setting unit display string; and
      
      a help text string.
  - 13. The apparatus of claim 10, wherein the user interface is configured to accept input specifying:
    - that legacy data is to be encrypted and stored in a secure container of the mobile device;
      
      one or more encryption or decryption keys for use when reading or writing to the secure container;
      
      information that identifies a basis for assigning the one or more encryption keys, information that identifies when each of the one or more encryption keys is to be updated by the mobile device; and
      
      information that identifies the mobile device is to use an application specific virtual private network (VPN) tunnel with the access gateway to retrieve the one or more encryption keys.
  - 14. The apparatus of claim 10, wherein the application management setting includes data specifying that an identifier or a resource name of a private secured data container that is accessible to only the managed application and in which read or write operations from the managed application are to be redirected to by the mobile device when executing the managed application.
  - 15. The apparatus of claim 10, wherein the executable instructions are configured to, when executed by the at least one processor, further cause the apparatus to:
    - assign the policy file to a group of applications.
  - 16. The apparatus of claim 10, wherein the providing the policy file includes publishing the policy file to an application store that also publishes the managed application.
  - 17. The apparatus of claim 10, wherein providing the policy file includes pushing the policy file to the mobile device based on the mobile device being registered with a push service.

18. One or more non-transitory computer-readable media storing instructions configured to, when executed, cause at least one computing device to:
- analyze a managed application to determine one or more policy settings for the managed application, wherein the managed application is to be made available for download to a mobile device, and wherein each of the one or more policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gatewaydisplay a user interface that displays the one or more policy settings;
  
  receive input via the user interface that creates or modifies an application management setting of the one or more policy settings, wherein the application management setting specifies how data associated with the managed application is to be processed by the mobile device in connection with the managed application;
  
  produce a policy file for the managed application that includes the application management setting; and
  
  provide the policy file such that the policy is available for download to the mobile device.
- View Dependent Claims (19, 20)
- - 19. The one or more non-transitory computer-readable media of claim 18, wherein the policy file is an Extensible Markup Language (XML) file or a JavaScript Object Notation (JSON) file, and wherein the policy file includes one or more key/value pairs organized as a dictionary, wherein one key/value pair of the one or more key/value pairs corresponds to application management setting.
  - 20. The one or more non-transitory computer-readable media of claim 18, wherein the user interface is configured to accept input specifying:
    - that legacy data is to be encrypted and stored in a secure container of the mobile device;
      
      one or more encryption or decryption keys for use when reading or writing to the secure container;
      
      information that identifies a basis for assigning the one or more encryption keys, information that identifies when each of the one or more encryption keys is to be updated by the mobile device; and
      
      information that identifies the mobile device is to use an application specific virtual private network (VPN) tunnel with the access gateway to retrieve the one or more encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Barton, Gary, Lang, Zhongmin, Desai, Nitin, Walker, James Robert

Granted Patent

US 8,904,477 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 21/88   Detecting or preventing the...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/0481   based on specific propertie...

G06F 9/452   Remote windowing, e.g. X-Wi...

G06F 9/45533   Hypervisors; Virtual machin...

G06Q 10/10   Office automation; Time man...

H04L 41/046   comprising network manageme...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/34   involving the movement of s...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/37 : Managing security policies ...

H04W 12/63 : Location-dependent; Proximi...

H04W 8/18 : Processing of user or subsc...

View All

CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links