Providing mobile device management functionalities

US 8,910,264 B2
Filed: 09/20/2013
Issued: 12/09/2014
Est. Priority Date: 03/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a mobile computing device, a single sign-on (SSO) credential that is associated with at least one user account;

monitoring, via a mobile device management agent on the mobile computing device, state information associated with the mobile computing device; and

enforcing at least one mobile device management policy based on the monitored state information and the SSO credential,wherein monitoring the state information includes providing the SSO credential and at least some of the monitored state information to one or more policy management servers,wherein enforcing the at least one mobile device management policy includes;

receiving management information from the one or more policy management servers; and

executing at least one command included in the management information,wherein the at least one command included in the management information is generated, for execution on the mobile computing device, by the one or more policy management servers based on the SSO credential and the at least some of the monitored state information received from the mobile device management agent on the mobile computing device, andwherein enforcing the at least one mobile device management policy further includes;

receiving enterprise data from one or more enterprise resources;

storing the received enterprise data in a secure document container on the mobile computing device; and

based on detecting a change in device state, selectively wiping the enterprise data stored in the secure document container.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information.

285 Citations

19 Claims

1. A method, comprising:
- receiving, by a mobile computing device, a single sign-on (SSO) credential that is associated with at least one user account;
  
  monitoring, via a mobile device management agent on the mobile computing device, state information associated with the mobile computing device; and
  
  enforcing at least one mobile device management policy based on the monitored state information and the SSO credential,wherein monitoring the state information includes providing the SSO credential and at least some of the monitored state information to one or more policy management servers,wherein enforcing the at least one mobile device management policy includes;
  
  receiving management information from the one or more policy management servers; and
  
  executing at least one command included in the management information,wherein the at least one command included in the management information is generated, for execution on the mobile computing device, by the one or more policy management servers based on the SSO credential and the at least some of the monitored state information received from the mobile device management agent on the mobile computing device, andwherein enforcing the at least one mobile device management policy further includes;
  
  receiving enterprise data from one or more enterprise resources;
  
  storing the received enterprise data in a secure document container on the mobile computing device; and
  
  based on detecting a change in device state, selectively wiping the enterprise data stored in the secure document container.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the SSO credential is an authentication credential that is configured to be used in accessing at least two different enterprise resources.
  - 3. The method of claim 1, wherein monitoring the state information includes identifying one or more applications that are present on the mobile computing device.
  - 4. The method of claim 1, wherein monitoring the state information includes identifying one or more network connections that are used by the mobile computing device.
  - 5. The method of claim 1, wherein monitoring the state information includes determining current location information for the mobile computing device.
  - 6. The method of claim 1, wherein enforcing the at least one mobile device management policy includes:
    - determining, based on the SSO credential, that a first set of mobile device management policies is applicable; and
      
      enforcing the first set of mobile device management policies based on the monitored state information.
  - 7. The method of claim 1, wherein enforcing the at least one mobile device management policy includes:
    - obtaining, based on the SSO credential, a first set of mobile device management policies; and
      
      enforcing the first set of mobile device management policies based on the monitored state information.
  - 8. The method of claim 1, wherein enforcing the at least one mobile device management policy includes selectively disabling at least one of an application and a function of the mobile computing device.
  - 9. The method of claim 1,wherein different policies are enforced for different user accounts, andwherein the SSO credential is used in determining an appropriate set of policies to be applied.
  - 10. The method of claim 1, wherein the SSO credential is linked to multiple user accounts associated with a single user.
  - 11. The method of claim 1, wherein enforcing the at least one mobile device management policy includes:
    - obtaining, based on an identity of a user account associated with the SSO credential, a first set of mobile device management policies from an enterprise application store; and
      
      enforcing the first set of mobile device management policies on the mobile computing device based on the monitored state information.

12. A mobile computing device, comprising:
- at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the mobile computing device to;
  
  receive a single sign-on (SSO) credential that is associated with at least one user account;
  
  monitor, via a mobile device management agent on the mobile computing device, state information associated with the mobile computing device; and
  
  enforce at least one mobile device management policy based on the monitored state information and the SSO credential,wherein monitoring the state information includes providing the SSO credential and at least some of the monitored state information to one or more policy management servers,wherein enforcing the at least one mobile device management policy includes;
  
  receiving management information from the one or more policy management servers; and
  
  executing at least one command included in the management information,wherein the at least one command included in the management information is generated, for execution on the mobile computing device, by the one or more policy management servers based on the SSO credential and the at least some of the monitored state information received from the mobile device management agent on the mobile computing device, andwherein enforcing the at least one mobile device management policy further includes;
  
  receiving enterprise data from one or more enterprise resources;
  
  storing the received enterprise data in a secure document container on the mobile computing device; and
  
  based on detecting a change in device state, selectively wiping the enterprise data stored in the secure document container.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The mobile computing device of claim 12, wherein the SSO credential is an authentication credential that is configured to be used in accessing at least two different enterprise resources, including at least one enterprise website and at least one enterprise server.
  - 14. The mobile computing device of claim 12, wherein enforcing the at least one mobile device management policy includes:
    - determining, based on an identity of a user account associated with the SSO credential, that a first set of mobile device management policies is applicable; and
      
      based on determining that the first set of mobile device management policies is applicable, enforcing the first set of mobile device management policies on the mobile computing device based on the monitored state information.
  - 15. The mobile computing device of claim 12, wherein enforcing the at least one mobile device management policy includes:
    - obtaining, based on an identity of a user account associated with the SSO credential, a first set of mobile device management policies from a policy server; and
      
      enforcing the first set of mobile device management policies on the mobile computing device based on the monitored state information.
  - 16. The mobile computing device of claim 12, wherein enforcing the at least one mobile device management policy includes selectively disabling one or more functions of the mobile computing device, including a local wireless sharing function of the mobile computing device.

17. One or more non-transitory computer-readable media having instructions stored thereon that, when executed, cause a mobile computing device to:
- receive a single sign-on (SSO) credential that is associated with at least one user account;
  
  monitor, via a mobile device management agent on the mobile computing device, state information associated with the mobile computing device; and
  
  enforce at least one mobile device management policy based on the monitored state information and the SSO credential,wherein monitoring the state information includes providing the SSO credential and at least some of the monitored state information to one or more policy management servers,wherein enforcing the at least one mobile device management policy includes;
  
  receiving management information from the one or more policy management servers; and
  
  executing at least one command included in the management information,wherein the at least one command included in the management information is generated, for execution on the mobile computing device, by the one or more policy management servers based on the SSO credential and the at least some of the monitored state information received from the mobile device management agent on the mobile computing device, andwherein enforcing the at least one mobile device management policy further includes;
  
  receiving enterprise data from one or more enterprise resources;
  
  storing the received enterprise data in a secure document container on the mobile computing device; and
  
  based on detecting a change in device state, selectively wiping the enterprise data stored in the secure document container.
- View Dependent Claims (18, 19)
- - 18. The one or more non-transitory computer-readable media of claim 17, wherein the SSO credential is an authentication credential that is configured to be used in accessing at least two different enterprise resources.
  - 19. The one or more non-transitory computer-readable media of claim 17, wherein enforcing the at least one mobile device management policy includes:
    - determining, based on the SSO credential, that a first set of mobile device management policies is applicable; and
      
      enforcing the first set of mobile device management policies based on the monitored state information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Qureshi, Waheed
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
LWIN, MAUNG T

Application Number

US14/032,885
Publication Number

US 20140298403A1
Time in Patent Office

445 Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/554   involving event detection a...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

H04L 41/0893   Assignment of logical group...

H04L 43/04   Processing captured monitor...

H04L 43/0817   by checking functioning

H04L 63/0815   providing single-sign-on or...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

Providing mobile device management functionalities

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

285 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Providing mobile device management functionalities

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

285 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others