POLICY-BASED SECURE CONTAINERS FOR MULTIPLE ENTERPRISE APPLICATIONS
First Claim
1. A client computing device for applying enterprise policies to applications comprising:
- a trust agent module to send device attribute information that identifies attributes of the client computing device to an enterprise policy server; and
a security management module to;
send a request for an enterprise application to the enterprise policy server in response to receiving a user request for a session with the enterprise application;
receive a security policy for the enterprise application from the enterprise policy server in response to sending the device attribute information and the request for access to the enterprise application;
determine whether a secure container exists on the client computing device for the security policy;
construct the secure container on the client computing device for the security policy in response to determining the secure container does not exist; and
add the enterprise application to the secure container;
wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.
74 Citations
28 Claims
-
1. A client computing device for applying enterprise policies to applications comprising:
-
a trust agent module to send device attribute information that identifies attributes of the client computing device to an enterprise policy server; and a security management module to; send a request for an enterprise application to the enterprise policy server in response to receiving a user request for a session with the enterprise application; receive a security policy for the enterprise application from the enterprise policy server in response to sending the device attribute information and the request for access to the enterprise application; determine whether a secure container exists on the client computing device for the security policy; construct the secure container on the client computing device for the security policy in response to determining the secure container does not exist; and add the enterprise application to the secure container; wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more machine readable storage media comprising a plurality of instructions that in response to being executed result in a client computing device:
-
sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server; sending a request for access to an enterprise application to the enterprise policy server; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method to apply enterprise policies to applications on a client computing device, the method comprising:
-
sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server; sending, from the client computing device, a request for access to an enterprise application to the enterprise policy server; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. An enterprise policy server to determine enterprise security policies for a client computing device comprising:
-
a trust calculation module to; receive device attribute information that identifies attributes of the client computing device; and determine a device trust level for the client computing device based on the device attribute information; and a policy determination module to; receive a request for an enterprise application from the client computing device; determine a data sensitivity level based on the enterprise application; determine a security policy based on the device trust level and the data sensitivity level; and send the security policy to the client computing device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification