Real-time mobile application management

US 8,578,443 B2
Filed: 05/25/2012
Issued: 11/05/2013
Est. Priority Date: 06/01/2011
Status: Active Grant

First Claim

Patent Images

1. A method of mobile device management, the method comprising:

installing a client-side engine of an enforcement engine on a mobile device, wherein the enforcement engine further includes a runtime engine;

routing communications between the mobile device and a network/cloud or an enterprise network through the enforcement engine;

from a signature database (“

SigDB”

) that includes signatures pertaining to mobile applications, generating a policy regarding the mobile applications, wherein the mobile applications include private mobile applications and public mobile applications;

enforcing compliance of the mobile device with the policy in real time, wherein the policy includes a default rule allowing public mobile applications and blocking private mobile applications;

a whitelist of one or more private mobile applications that are allowed; and

a blacklist of one or more public mobile applications that are blocked.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments relate to mobile application management. An example embodiment includes a method of mobile device management. The method includes installing a client-side engine of an enforcement engine on a mobile device. The enforcement engine further includes a runtime engine. The method also includes routing communications between the mobile device and a network/cloud or an enterprise network through the enforcement engine. In addition, the method includes generating a policy regarding the mobile applications from a signature database (“SigDB”). The SigDB includes signatures pertaining to mobile applications. Compliance of the mobile device with the policy is enforced in real time.

105 Citations

View as Search Results

20 Claims

1. A method of mobile device management, the method comprising:
- installing a client-side engine of an enforcement engine on a mobile device, wherein the enforcement engine further includes a runtime engine;
  
  routing communications between the mobile device and a network/cloud or an enterprise network through the enforcement engine;
  
  from a signature database (“
  
  SigDB”
  
  ) that includes signatures pertaining to mobile applications, generating a policy regarding the mobile applications, wherein the mobile applications include private mobile applications and public mobile applications;
  
  enforcing compliance of the mobile device with the policy in real time, wherein the policy includes a default rule allowing public mobile applications and blocking private mobile applications;
  
  a whitelist of one or more private mobile applications that are allowed; and
  
  a blacklist of one or more public mobile applications that are blocked.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, the method further comprising dropping mobile application traffic related to the mobile applications that are blocked.
  - 3. The method of claim 2, the method further comprising locally preventing mobile applications that are blocked from launching on the mobile device.
  - 4. The method of claim 1, wherein the SigDB comprises at least one of:
    - pre-populated signatures;
      
      threat data feeds; and
      
      enterprise-definable signatures.
  - 5. The method of claim 1, wherein the enforcement engine comprises a cloud solution.

6. A method of mobile application management in a bring your own device (“
- BYOD”
  
  ) environment, the method comprising;
  
  publishing at least one signature of at least one mobile application in a signature database (“
  
  SigDB”
  
  ), wherein the signature includes;
  
  information indicating whether the mobile application is a private mobile application or a public mobile application, andinformation about vulnerabilities introduced to an enterprise by the mobile application,provisioning at least one private mobile application, wherein provisioning includes enabling a first user to use the private mobile application;
  
  by default, blocking the mobile applications defined as private mobile applications except the at least one private mobile application that is provisioned;
  
  based on the information about vulnerabilities, blocking at least one public mobile application; and
  
  by default, allowing use of mobile applications defined as public mobile applications except the at least one public mobile application that is blocked.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The method of claim 6, wherein the signatures of the mobile applications include information indicating whether each corresponding mobile application is a cloud-based mobile application or a native mobile application;
    - andwherein use of a mobile application includes at least one of;
      
      accessing a cloud-based mobile application, andlaunching and running a native mobile applications; and
      
      wherein blocking a mobile application includes at least one of;
      
      preventing access to a cloud-based mobile application, andstopping a native mobile application when launched.
  - 8. The method of claim 7, wherein enabling a first user to use the private mobile application, blocking the mobile applications, blocking the at least one public mobile applications, allowing use of the mobile applications defined as public mobile applications, or some combination thereof occur in real-time.
  - 9. The method of claim 7, wherein provisioning a cloud-based mobile application further comprises:
    - requiring virtual private network (“
      
      VPN”
      
      ) connectivity;
      
      requiring a secure wireless-fiber (“
      
      WiFi”
      
      ) connection;
      
      orallowing access via a public radio network.
  - 10. The method of claim 6, wherein provisioning further includes enabling a second user to use a second private mobile application.
  - 11. The method of claim 10, wherein the second user is an individual, an enterprise group, or the entire enterprise.
  - 12. The method of claim 6, further comprising:
    - leveraging the SigDB, which includes enabling the enterprise to selectively block a plurality of the mobile applications based on a commonality or lack thereof in the signatures in the SigDB pertaining to the plurality of mobile applications.
  - 13. The method of claim 6, further comprising:
    - leveraging the SigDB, which includes enabling the enterprise to provision a plurality of the mobile applications based on a commonality or lack thereof in the signatures in the SigDB pertaining to the plurality of mobile applications.
  - 14. The method of claim 6, wherein the signatures further comprise at least one of:
    - mobile application identifying information including a mobile application name and/or an application unique identifier;
      
      a mobile application binary code;
      
      a mobile application traffic uniform resource locator (“
      
      URL”
      
      );
      
      a mobile application risk level;
      
      a mobile application type;
      
      a mobile application vulnerability;
      
      ora mobile application category that includes information indicating whether the mobile application is a utility, a game, a human resource application, a finance application, or an operational application.
  - 15. The method of claim 6, further comprising updating the SigDB according to information received from a public source.

16. A bring-your-own-device (“
- BYOD”
  
  ) environment mobile application management system comprising;
  
  a computing device including a computer-readable medium having computer-executable instructions stored thereon that are executable by the computing device, the computer-executable instructions including;
  
  an enforcement engine including a client-side engine installed on a mobile device and a runtime engine installed on a network/cloud and/or an enterprise network, anda customizable policy;
  
  wherein when executed by the computing device;
  
  the enforcement engine manages in real time mobile applications on the mobile device and traffic related to mobile applications in the network/cloud, wherein the management in real time of mobile applications includes allowing public mobile applications except public mobile applications specifically blocked and blocking private mobile applications expect private mobile applications that are specifically allowed, andthe customizable policy forms the basis of the enforcement engine management.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprising a SigDB that includes signatures including signature criteria that describe mobile applications, wherein the customizable policy is generated by an enterprise based on the SigDB.
  - 18. The system of claim 17, wherein the SigDB is updatable according to information received from a public source.
  - 19. The system of claim 17, wherein the signature criteria include at least one of:
    - mobile application identifying information including a mobile application name and/or an application unique identifier;
      
      a mobile application binary code;
      
      a mobile application traffic uniform resource locator (“
      
      URL”
      
      );
      
      a mobile application risk level;
      
      a mobile application type;
      
      a mobile application vulnerability;
      
      ora mobile application category that includes information indicating whether the mobile application is a utility, a game, a human resource application, a finance application, or an operational application.
  - 20. The system of claim 17, wherein the signatures include information indicating whether each corresponding mobile application is a cloud-based mobile application or a native mobile application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MobileASap, Inc.
Original Assignee
MobileASap, Inc.
Inventors
Narain, Arvind, Dilip, Kuppuswami
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US13/481,704
Publication Number

US 20120311659A1
Time in Patent Office

529 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/629   to features or functions of...

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 12/37   Managing security policies ...

Real-time mobile application management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

105 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time mobile application management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links