Policy-based application management
First Claim
Patent Images
1. A method of managing a virtual private network (VPN) connection, comprising:
- receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files;
receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application;
receiving user authentication information from a user to initially authenticate the user;
verifying the user is associated with permissions allowing the user to use the managed application;
permitting the mobile device to launch the managed application only when the user is permitted to use the managed application;
running, by the processor when the user is permitted to use the managed application, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files, wherein one of the policy files defines a policy determining whether the managed application is permitted to create an application-specific VPN connection with an enterprise server, wherein said application specific VPN is available to the managed application, but is not usable by an unmanaged application executing on the electronic mobile device;
determining whether the user is permitted to remotely access, using the managed application, an enterprise resource hosted remotely from the mobile device, wherein said determining comprises;
receiving an authentication challenge from the enterprise resource,determining one or more security certificates the user is permitted to use based on the initial authentication of the user, andresponding to the authentication challenge using one of the one or more security certificates; and
instructing the managed application to create the application-specific VPN responsive to affirmatively determining that the user is permitted to remotely access the enterprise resource using the managed application.
8 Assignments
0 Petitions
Accused Products
Abstract
Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user'"'"'s own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.
-
Citations
8 Claims
-
1. A method of managing a virtual private network (VPN) connection, comprising:
-
receiving, by a processor of an electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files; receiving, by the processor, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; receiving user authentication information from a user to initially authenticate the user; verifying the user is associated with permissions allowing the user to use the managed application; permitting the mobile device to launch the managed application only when the user is permitted to use the managed application; running, by the processor when the user is permitted to use the managed application, the managed application on the mobile device, the managed application operating in accordance with the set of one or more policy files, wherein one of the policy files defines a policy determining whether the managed application is permitted to create an application-specific VPN connection with an enterprise server, wherein said application specific VPN is available to the managed application, but is not usable by an unmanaged application executing on the electronic mobile device; determining whether the user is permitted to remotely access, using the managed application, an enterprise resource hosted remotely from the mobile device, wherein said determining comprises; receiving an authentication challenge from the enterprise resource, determining one or more security certificates the user is permitted to use based on the initial authentication of the user, and responding to the authentication challenge using one of the one or more security certificates; and instructing the managed application to create the application-specific VPN responsive to affirmatively determining that the user is permitted to remotely access the enterprise resource using the managed application. - View Dependent Claims (2, 3)
-
-
4. One or more non-transitory computer readable media storing computer instructions that, when executed, cause an electronic mobile device to manage a virtual private network (VPN) connection by:
-
receiving, the electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files; receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; receiving user authentication information from a user to initially authenticate the user; verifying the user is associated with permissions allowing the user to use the managed application; permitting the mobile device to launch the managed application only when the suer is permitted to use the managed application; running, by the processor when the user is permitted to use the managed application, the managed application on the electronic mobile device, the managed application operating in accordance with the set of one or more policy files, wherein one of the policy defines a policy determining whether the managed application is permitted to create an application-specific VPN connection with an enterprise server, wherein said application specific VPN is available to the managed application, but is not usable by an unmanaged application executing on the electronic mobile device; determining whether the user is permitted to remotely access, using the managed application, an enterprise resource hosted remotely from the mobile device, wherein said determining comprises; receiving an authentication challenge from the enterprise resource, determining one or more security certificates the user is permitted to use based on the initial authentication of the user, and responding to the authentication challenge using one of the one or more security certificates; and instructing the managed application to create the application-specific VPN responsive to affirmatively determining that the user is permitted to remote access the enterprise resource using the managed application. - View Dependent Claims (5, 6)
-
-
7. An electronic mobile device, comprising:
-
a processor; and memory storing computer readable instructions that, when executed by the processor, cause the device to manage a virtual private network (VPN) connection by; receiving, the electronic mobile device, a managed application from an application server during a first communication, the managed application being constructed to operate in accordance with a set of one or more policy files; receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; receiving user authentication information from a user to initially authenticate the user; verify the user is associated with permissions allowing the user to use the managed application; permitting the mobile device to launch the managed application only when the user is permitted to use the managed application; running, by the processor when the user is permitted to use the managed application, the managed application on the electronic mobile device, the managed application operating in accordance with the set of one or more policy files, wherein one of the policy files defines a policy determining whether the managed application is permitted to create an application-specific VPN connection with an enterprise server, wherein said application specific VPN is available to the managed application, but is not usable by an unmanaged application executing on the electronic mobile device; determining whether the user is permitted to remotely access, using the managed application, an enterprise resource hosted remotely from the mobile device, wherein said determining comprises; receiving an authentication challenge from the enterprise resource, determining one or more security certificates the user is permitted to use based on the initial authentication of the user, and responding to the authentication challenge using one of the one or more security certificates; and instructing the managed application to create the application-specific VPN responsive to affirmatively determining that the user is permitted to remote access the enterprise resource using the managed application. - View Dependent Claims (8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
Original AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
InventorsBarton, Gary, Walker, James Robert, Desai, Nitin, Lang, Zhongmin
-
Primary Examiner(s)PEARSON, DAVID J
-
Application NumberUS14/044,972Publication NumberTime in Patent Office397 DaysField of SearchNoneUS Class Current726/1CPC Class CodesG06F 21/604 Tools and structures for ma...G06F 21/72 in cryptographic circuitsG06F 2221/2111 Location-sensitive, e.g. ge...H04L 63/20 for managing network securi...H04W 12/06 AuthenticationH04W 12/08 Access securityH04W 12/30 Security of mobile devices;...H04W 12/37 Managing security policies ...H04W 12/63 Location-dependent; Proximi...
