PROTECTION OF RESOURCES DOWNLOADED TO PORTABLE DEVICES FROM ENTERPRISE SYSTEMS

US 20150074813A1
Filed: 09/06/2013
Published: 03/12/2015
Est. Priority Date: 09/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method of protecting resources hosted on enterprise systems, said method being performed at least in part by an enterprise system, said method comprising:

receiving a request from a portable device to download a resource of said resources;

formulating a plurality of security actions and a plurality of conditions for said resource, wherein each security action is associated with a corresponding condition of said plurality of conditions;

sending to said portable device, said resource, said plurality of security actions and said plurality of conditions;

determining whether each of said plurality of conditions is satisfied in said portable device; and

performing the security action associated with a condition determined to have been satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aspect of the present invention provides for protection of resources hosted on enterprise systems. In an embodiment, an enterprise system receives a request from a portable device to download a resource, and in response formulates multiple security actions and associated conditions for the requested resource. The enterprise system sends the requested resource, the security actions and the conditions to the portable device. The portable device determines whether each condition is satisfied and performs the security actions associated with the conditions determined to have been satisfied. Due to the ability to send multiple security actions and associated conditions, better control in protection and retention of downloaded resources is obtained.

62 Citations

View as Search Results

20 Claims

1. A method of protecting resources hosted on enterprise systems, said method being performed at least in part by an enterprise system, said method comprising:
- receiving a request from a portable device to download a resource of said resources;
  
  formulating a plurality of security actions and a plurality of conditions for said resource, wherein each security action is associated with a corresponding condition of said plurality of conditions;
  
  sending to said portable device, said resource, said plurality of security actions and said plurality of conditions;
  
  determining whether each of said plurality of conditions is satisfied in said portable device; and
  
  performing the security action associated with a condition determined to have been satisfied.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said formulating represents said plurality of security actions and said plurality of conditions in the form of a metadata, wherein said sending sends said metadata with said resource.
  - 3. The method of claim 2, further comprising maintaining security policies applicable to said resources, wherein said formulating comprises:
    - identifying a set of security policies of said security policies applicable to a combination of two or more of said resource, a user at said portable device, an application accessing said resource and a type of said portable device, wherein each of said set of security policies comprises a general condition; and
      
      translating each of said general conditions to corresponding specific conditions as applicable to said combination,wherein said specific conditions are included in said metadata.
  - 4. The method of claim 3, wherein a first general condition specifies a location type of said user, wherein said translating includes geographical coordinates of said location type corresponding to said user in a corresponding first specific condition, such that a first associated security action is performed when said user is located in a geographical area determined by said geographical coordinates.
  - 5. The method of claim 4, wherein said first associated security action comprises requiring re-authentication of said user if said user is outside of said geographical area.
  - 6. The method of claim 3, wherein said determining and said performing are performed by said portable device, and wherein said receiving, said formulating and said sending are performed by said enterprise system.

7. A computing system comprising:
- a portable device to enable users to download resources; and
  
  an enterprise system to host said resources, said enterprise system operable to;
  
  receive a request from said portable device to download a resource of said resources;
  
  formulate a plurality of security actions and a plurality of conditions for said resource, wherein each security action is associated with a corresponding condition of said plurality of conditions; and
  
  send to said portable device, said resource, said plurality of security actions and said plurality of conditions,wherein said portable device is operable to;
  
  receive said resource, said plurality of security actions and said plurality of conditions;
  
  determine whether each of said plurality of conditions is satisfied in said portable device; and
  
  perform the security action associated with a condition determined to have been satisfied.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computing system of claim 7, wherein said enterprise system represents said plurality of security actions and said plurality of conditions in the form of a metadata, wherein said enterprise systems sends said metadata with said resource and said portable device receives said metadata with said resource.
  - 9. The computing system of claim 8, wherein said enterprise system is further operable to maintain security policies applicable to said resources, wherein to formulate said metadata, said enterprise system is operable to:
    - identify a set of security policies of said security policies applicable to a combination of two or more of said resource, a user at said portable device, an application accessing said resource and a type of said portable device, wherein each of said set of security policies comprises a general condition; and
      
      translate each of said general conditions to corresponding specific conditions as applicable to said combination,wherein said specific conditions are included in said metadata.
  - 10. The computing system of claim 9, wherein a first general condition specifies a location type of said user, wherein said translating includes geographical coordinates of said location type corresponding to said user in a corresponding first specific condition, such that a first associated security action is performed when said user is located in a geographical area determined by said geographical coordinates.
  - 11. The computing system of claim 10, wherein said first associated security action comprises requiring re-authentication of said user if said user is outside of said geographical area.
  - 12. The computing system of claim 8, wherein said portable device is further operable to:
    - store in a memory, said resource and said metadata after receiving from said enterprise system;
      
      receive an access request from a user for said resource; and
      
      provide said resource stored in said memory as a response to said access request,wherein said portable device determines whether each of said plurality of conditions is satisfied in said portable device in response to said access request.
  - 13. The computing system of claim 12, wherein said access request is received from an application of a plurality of applications executing in said portable device.

14. A non-transitory machine readable medium storing one or more sequences of instructions for causing a portable device to provide protection of resources downloaded from enterprise systems, wherein execution of said one or more sequences of instructions by one or more processors contained in said portable device causes said portable device to perform the actions of:
- receiving from a user, a request to download a resource of said resources;
  
  forwarding said request to an enterprise system hosting said resource;
  
  downloading from said enterprise system, said resource and a metadata, said metadata specifying a plurality of security actions and a plurality of conditions for said resource, wherein each security action is associated with a corresponding condition of said plurality of conditions;
  
  determining whether each of said plurality of conditions is satisfied in said portable device; and
  
  performing the security action associated with a condition determined to have been satisfied prior to permitting access to said resource.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The machine readable medium of claim 14, further comprising one or more instructions for:
    - storing in a memory, said resource and said metadata after said receiving from said enterprise system;
      
      receiving from said user, an access request for said resource; and
      
      providing said resource stored in said memory as a response to said access request,wherein said determining and said performing is performed in response to said receiving said access request.
  - 16. The machine readable medium of claim 15, wherein said downloading of said resource is performed in response to said receiving said access request.
  - 17. The machine readable medium of claim 14, wherein said plurality of conditions and said plurality of security actions are generated based on a set of security policies applicable to a combination of two or more of said resource, a user at said portable device, an application accessing said resource and a type of said portable device, wherein each of said set of security policies comprises a general condition,wherein said plurality of conditions includes specific conditions corresponding to said general conditions as applicable to said combination.
  - 18. The machine readable medium of claim 17, wherein a first general condition specifies a location type of said user, wherein a corresponding first specific condition includes geographical coordinates of said location type corresponding to said user, such that a first associated security action is performed when said user is located in a geographical area determined by said geographical coordinates.
  - 19. The machine readable medium of claim 18, wherein said first associated security action comprises requiring re-authentication of said user if said user is outside of said geographical area.
  - 20. The machine readable medium of claim 15, wherein said access request is received from an application of a plurality of applications executing in said portable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Akula, Naga Sravani, Mohamad Abdul, Mohamad Raja Gani, Raj, Rachit

Granted Patent

US 9,497,194 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/205   involving negotiation or de...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/52   specially adapted for the l...

PROTECTION OF RESOURCES DOWNLOADED TO PORTABLE DEVICES FROM ENTERPRISE SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

PROTECTION OF RESOURCES DOWNLOADED TO PORTABLE DEVICES FROM ENTERPRISE SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others