POLICY-BASED DEVELOPMENT AND RUNTIME CONTROL OF MOBILE APPLICATIONS

US 20140189783A1
Filed: 01/02/2013
Published: 07/03/2014
Est. Priority Date: 01/02/2013
Status: Active Grant

First Claim

Patent Images

1. A method of policy-based development and runtime control of mobile applications that comprises:

a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor identifies a global policy and an API policy;

the processor ensuring that the application policy descriptor is current and valid;

the processor extracting the global policy from the application policy descriptor;

the processor concluding that the global policy permits the enhanced application to launch;

the processor launching the enhanced application;

the processor determining that the application implements the API policy;

the processor extracting the API policy from the application policy descriptor; and

the processor enforcing the API policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies.

Citations

24 Claims

1. A method of policy-based development and runtime control of mobile applications that comprises:
- a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor identifies a global policy and an API policy;
  
  the processor ensuring that the application policy descriptor is current and valid;
  
  the processor extracting the global policy from the application policy descriptor;
  
  the processor concluding that the global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor determining that the application implements the API policy;
  
  the processor extracting the API policy from the application policy descriptor; and
  
  the processor enforcing the API policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the ensuring comprises:
    - the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
      
      the processor deciding that the latest valid policy descriptor does not match the application policy descriptor; and
      
      the processor modifying the application policy descriptor to match the latest valid policy descriptor.
  - 3. The method of claim 2, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 4. The method of claim 1, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 5. The method of claim 1, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 6. The method of claim 1, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

7. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method of policy-based development and runtime control of mobile applications that comprises:
- the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor identifies a global policy and an API policy;
  
  the processor ensuring that the application policy descriptor is current and valid;
  
  the processor extracting the global policy from the application policy descriptor;
  
  the processor concluding that the global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor determining that the application implements the API policy;
  
  the processor extracting the API policy from the application policy descriptor; and
  
  the processor enforcing the API policy.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the ensuring comprises:
    - the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
      
      the processor deciding that the latest valid policy descriptor does not match the application policy descriptor; and
      
      the processor modifying the application policy descriptor to match the latest valid policy descriptor.
  - 9. The method of claim 8, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 10. The method of claim 7, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 11. The method of claim 7, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 12. The method of claim 7, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

13. A computer system comprising a processor, a memory coupled to said processor, and a computer-readable hardware storage device coupled to said processor, said storage device containing program code configured to be run by said processor via the memory to implement a method of policy-based development and runtime control of mobile applications that comprises:
- the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor identifies a global policy and an API policy;
  
  the processor ensuring that the application policy descriptor is current and valid;
  
  the processor extracting the global policy from the application policy descriptor;
  
  the processor concluding that the global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor determining that the application implements the API policy;
  
  the processor extracting the API policy from the application policy descriptor; and
  
  the processor enforcing the API policy.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the ensuring comprises:
    - the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
      
      the processor deciding that the latest valid policy descriptor does not match the application policy descriptor; and
      
      the processor modifying the application policy descriptor to match the latest valid policy descriptor.
  - 15. The method of claim 14, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 16. The method of claim 13, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 17. The method of claim 13, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 18. The method of claim 13, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

19. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in a computer system, wherein the program code in combination with said computer system is configured to implement a method of policy-based development and runtime control of mobile applications that comprises:
- a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor identifies a global policy and an API policy;
  
  the processor ensuring that the application policy descriptor is current and valid;
  
  the processor extracting the global policy from the application policy descriptor;
  
  the processor concluding that the global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor determining that the application implements the API policy;
  
  the processor extracting the API policy from the application policy descriptor; and
  
  the processor enforcing the API policy.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein the ensuring comprises:
    - the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
      
      the processor deciding that the latest valid policy descriptor does not match the application policy descriptor; and
      
      the processor modifying the application policy descriptor to match the latest valid policy descriptor.
  - 21. The method of claim 20, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 22. The method of claim 19, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 23. The method of claim 19, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 24. The method of claim 19, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Kodeswaran, Palanivel A., Kapoor, Shalini, Kumar, Udayan, Nandakumar, Vikrant

Granted Patent

US 8,990,883 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/6281   at program execution time, ...

H04L 63/20   for managing network securi...

POLICY-BASED DEVELOPMENT AND RUNTIME CONTROL OF MOBILE APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY-BASED DEVELOPMENT AND RUNTIME CONTROL OF MOBILE APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links