ENTERPRISE APPLICATION MANAGEMENT WITH ENROLLMENT TOKENS

US 20140282610A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system for managing execution of applications associated with an enterprise, said system comprising:

a memory area associated with a mobile computing device, said memory area storing an enrollment token signed with a certificate, the enrollment token including an enterprise identifier associated with an enterprise, the enterprise having a plurality of computing devices associated therewith, the memory area further storing an application having an enterprise identifier associated therewith; and

a processor programmed to;

receive a request from a user of the mobile computing device to execute the application stored in the memory area;

compare the enterprise identifier associated with the application with the enterprise identifier associated with the enrollment token stored in the memory area;

execute the application based on the comparison; and

intermittently validate the enrollment token stored in the memory area with a web service.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.

Citations

20 Claims

1. A system for managing execution of applications associated with an enterprise, said system comprising:
- a memory area associated with a mobile computing device, said memory area storing an enrollment token signed with a certificate, the enrollment token including an enterprise identifier associated with an enterprise, the enterprise having a plurality of computing devices associated therewith, the memory area further storing an application having an enterprise identifier associated therewith; and
  
  a processor programmed to;
  
  receive a request from a user of the mobile computing device to execute the application stored in the memory area;
  
  compare the enterprise identifier associated with the application with the enterprise identifier associated with the enrollment token stored in the memory area;
  
  execute the application based on the comparison; and
  
  intermittently validate the enrollment token stored in the memory area with a web service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the processor is further programmed to:
    - receive a package containing the application;
      
      compare the enterprise identifier associated with the application with the enterprise identifier associated with the enrollment token stored in the memory area; and
      
      install the application based on the comparison.
  - 3. The system of claim 1, wherein the enrollment token is an extensible markup language (XML) document signed by the certificate.
  - 4. The system of claim 1, wherein the certificate represents certification by a third party that the enterprise is a valid entity.
  - 5. The system of claim 1, wherein the enrollment token further includes at least one of an enterprise policy, an expiration date, a location identifier, a device identifier, or a user identifier.
  - 6. The system of claim 1, further comprising means for managing access by the mobile computing device to the applications associated with the enterprise via the enrollment token.

7. A method comprising:
- receiving, by a computing device, a token signed with a certificate, the token including an enterprise identifier associated with an enterprise, the enterprise having a plurality of computing devices associated therewith;
  
  receiving, by the computing device, a package containing one or more applications, the package further including an enterprise identifier;
  
  comparing the enterprise identifier from the token with the enterprise identifier from the package; and
  
  accepting or rejecting installation, by the computing device, of the received package of one or more applications based on the comparison.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein accepting installation of the received package of one or more applications comprises installing at least one of the applications if the enterprise identifier from the token matches the enterprise identifier from the package.
  - 9. The method of claim 7, wherein rejecting installation of the received package of one or more applications comprises preventing installation of any of the applications if the enterprise identifier from the token fails to match the enterprise identifier from the package.
  - 10. The method of claim 7, wherein the computing device stores a plurality of tokens each having an enterprise identifier, and the method further comprising searching the plurality of tokens for a token having the enterprise identifier that matches the enterprise identifier from the package.
  - 11. The method of claim 7, further comprising validating the enterprise identifier from the received token before storing the token.
  - 12. The method of claim 7, further comprising validating the enterprise identifier from the token before installing the received package.
  - 13. The method of claim 7, further comprising:
    - updating a web service with usage information for the computing device; and
      
      receiving, from the web service, a notification that access to the enterprise is at least one of enabled, revoked, disabled, or suspended.
  - 14. The method of claim 7, wherein the package containing one or more applications is received by the computing device based on a location of the computing device.

15. One or more computer storage media embodying computer-executable components, said components comprising:
- a memory component that when executed causes at least one processor to access an account state associated with an enterprise, the account state defining access by computing devices to applications associated with the enterprise;
  
  a communications interface component that when executed causes at least one processor to receive, from at least one computing device, a report describing installation and usage by the computing device of one or more of the applications, the report having an enterprise identifier associated therewith; and
  
  a usage component that when executed causes at least one processor to compare the report received by the communications interface component with the account state accessed by the memory component; and
  
  a state component that when executed causes at least one processor to modify the account state of the enterprise based on the comparison performed by the usage component.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer storage media of claim 15, wherein the state component modifies the account state by suspending access by the computing device to at least one of the one or more of the applications.
  - 17. The computer storage media of claim 15, wherein the state component modifies the account state by revoking access by the computing device to at least one of the one or more of the applications.
  - 18. The computer storage media of claim 15, wherein the report further comprises a device identifier associated with the computing device.
  - 19. The computer storage media of claim 15, wherein the account state comprises at least one of enabled, revoked, disabled, or suspended.
  - 20. The computer storage media of claim 15, wherein the state component modifies the account state of the enterprise by at least one of limiting access to the one or more applications by the computing device, limiting access to the one or more applications by selected users of the computing device, or limiting access to a subset of the one or more applications by the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Strom, Clifford Paul, McBride, Daniel Kevin, Pattekar, Chittaranjan, Ramakrishnan, Arvind, Borse, Yashraj Motilal

Granted Patent

US 9,754,089 B2
Time in Patent Office

Days
Field of Search
US Class Current

719/313
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/1064   Restricting content process...

G06F 21/12   Protecting executable software

G06F 21/16   Program or content traceabi...

G06F 21/6281   at program execution time, ...

G06F 21/645   using a third party

G06F 8/61   Installation

H04W 12/068   using credential vaults, e....

ENTERPRISE APPLICATION MANAGEMENT WITH ENROLLMENT TOKENS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ENTERPRISE APPLICATION MANAGEMENT WITH ENROLLMENT TOKENS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links