Policy-based development and runtime control of mobile applications
First Claim
1. A method of policy-based development and runtime control of mobile applications that comprises:
- a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;
the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;
the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;
the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;
the processor launching the enhanced application;
the processor enforcing the API policy by running code embedded into the enhanced application.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies.
25 Citations
19 Claims
-
1. A method of policy-based development and runtime control of mobile applications that comprises:
-
a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy; the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor; the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor; the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced application the processor concluding that the latest valid global policy permits the enhanced application to launch; the processor launching the enhanced application; the processor enforcing the API policy by running code embedded into the enhanced application. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method of policy-based development and runtime control of mobile applications that comprises:
-
the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy; the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor; the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor; the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced application the processor concluding that the latest valid global policy permits the enhanced application to launch; the processor launching the enhanced application; the processor enforcing the API policy by running code embedded into the enhanced application. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer system comprising a processor, a memory coupled to said processor, and a computer-readable hardware storage device coupled to said processor, said storage device containing program code configured to be run by said processor via the memory to implement a method of policy-based development and runtime control of mobile applications that comprises:
-
the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy; the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor; the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor; the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced application the processor concluding that the latest valid global policy permits the enhanced application to launch; the processor launching the enhanced application; the processor enforcing the API policy by running code embedded into the enhanced application. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in a computer system, wherein the program code in combination with said computer system is configured to implement a method of policy-based development and runtime control of mobile applications that comprises:
-
a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy; the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor; the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor; the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced application the processor concluding that the latest valid global policy permits the enhanced application to launch; the processor launching the enhanced application; and the processor enforcing the API policy by running code embedded into the enhanced application.
-
Specification