GOVERNED ROUTING OF ENTERPRISE DATA IN HYBRID MOBILE APPLICATIONS

US 20160267286A1
Filed: 03/13/2015
Published: 09/15/2016
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method of protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said method comprising:

utilizing at least one processor to execute computer code that performs the steps of;

recognizing a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;

providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; and

providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and arrangements for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure. A hybrid application is recognized in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network. There are provided, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network. A policy service is provided, which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network. Other variants and embodiments are broadly contemplated herein.

20 Citations

View as Search Results

20 Claims

1. A method of protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said method comprising:
- utilizing at least one processor to execute computer code that performs the steps of;
  
  recognizing a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;
  
  providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; and
  
  providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the policy indicates at least one enterprise domain to be segregated from non-enterprise data flows within the hybrid application.
  - 3. The method according to claim 1, wherein:
    - the controls are provided in the mobile device runtime; and
      
      the controls are configured to selectively permit the hybrid application to write data from a data flow to one or more data sinks.
  - 4. The method according to claim 1, comprising providing controls for segregating data flows within a server-side adapter corresponding to the hybrid application.
  - 5. The method according to claim 4, wherein the controls at the server-side adapter are configured to selectively permit the adapter to write data from a data flow to one or more data sinks.
  - 6. The method according to claim 1, comprising configuring, via the policy service, data sink controls in at least one of:
    - a runtime of the mobile device and an enterprise server.
  - 7. The method according to claim 6, wherein said configuring comprises configuring the data sink controls at the start of an enterprise data flow.
  - 8. The method according to claim 7, wherein the policy indicates one or more data sinks to which data from the enterprise data flow may permissibly be routed.
  - 9. The method according to claim 1, comprising providing, in communication with the hybrid application, controls for governed routing of data flows from the enterprise network.
  - 10. The method according to claim 9, wherein the policy indicates one or more data sinks to which data from the enterprise data flow may permissibly be routed.
  - 11. The method according to claim 1, comprising implementing the controls in middleware, without modification to the hybrid application.

12. An apparatus for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said apparatus comprising:
- at least one processor; and
  
  a computer readable storage medium having computer readable program code embodied therewith and executable by the at least one processor, the computer readable program code comprising;
  
  a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to recognize a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;
  
  computer readable program code configured to provide, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; and
  
  computer readable program code configured to provide a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network.

13. A computer program product for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure, said computer program product comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to recognize a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;
  
  computer readable program code configured to provide, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network; and
  
  computer readable program code configured to provide a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computer program product according to claim 13, wherein the policy indicates at least one enterprise domain to be segregated from non-enterprise data flows within the hybrid application.
  - 15. The computer program product according to claim 13, wherein:
    - the controls are provided in the mobile device runtime; and
      
      the controls are configured to selectively permit the hybrid application to write data from a data flow to one or more data sinks.
  - 16. The computer program product according to claim 13, wherein said computer readable program code is configured to provide controls for segregating data flows within a server-side adapter corresponding to the hybrid application.
  - 17. The computer program product according to claim 13, wherein the policy service configures data sink controls in at least one of:
    - a runtime of the mobile device and an enterprise server.
  - 18. The computer program product according to claim 13, wherein said computer readable program code is configured to provide, in communication with the hybrid application, controls for governed routing of data flows from the enterprise network.
  - 19. The computer program product according to claim 18, wherein the policy indicates one or more data sinks to which data from the enterprise data flow may permissibly be routed.

20. A method comprising:
- recognizing a hybrid application in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network;
  
  providing, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network, the controls being provided in the mobile device runtime, and being configured to selectively permit the hybrid application to write data from a data flow to one or more data sinks;
  
  implementing the controls for segregating data flows in middleware, without modification to the hybrid application;
  
  providing, in communication with the hybrid application, controls for governed routing of data flows from the enterprise network;
  
  providing controls for segregating data flows within a server-side adapter corresponding to the hybrid application; and
  
  providing a policy service which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network, the policy indicating at least one enterprise domain to be segregated from non-enterprise data flows within the hybrid application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Steiner, Michael, Kodeswaran, Palanivel A., Naldurg, Prasad G., Ramakrishna, Venkatraman, Seshadri, Arvind

Granted Patent

US 9,807,060 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/04   for providing a confidentia...

H04L 63/102   Entity profiles

GOVERNED ROUTING OF ENTERPRISE DATA IN HYBRID MOBILE APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

GOVERNED ROUTING OF ENTERPRISE DATA IN HYBRID MOBILE APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others