Policy-based development and runtime control of mobile applications

US 8,990,883 B2
Filed: 01/02/2013
Issued: 03/24/2015
Est. Priority Date: 01/02/2013
Status: Active Grant

First Claim

Patent Images

1. A method of policy-based development and runtime control of mobile applications that comprises:

a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;

the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;

the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;

the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;

the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;

the processor launching the enhanced application;

the processor enforcing the API policy by running code embedded into the enhanced application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies.

25 Citations

View as Search Results

19 Claims

1. A method of policy-based development and runtime control of mobile applications that comprises:
- a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;
  
  the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
  
  the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;
  
  the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;
  
  the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor enforcing the API policy by running code embedded into the enhanced application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the security-related function comprises erasing data from a mobile device.
  - 3. The method of claim 2, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 4. The method of claim 1, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 5. The method of claim 1, further comprising:
    - the processor ensuring that the application policy descriptor is current and valid, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 6. The method of claim 1, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

7. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method of policy-based development and runtime control of mobile applications that comprises:
- the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;
  
  the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
  
  the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;
  
  the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;
  
  the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor enforcing the API policy by running code embedded into the enhanced application.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The program product of claim 7, wherein the security-related function comprises erasing data from a mobile device.
  - 9. The program product of claim 8, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 10. The program product of claim 7, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 11. The program product of claim 7, further comprising:
    - the processor ensuring that the application policy descriptor is current and valid, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 12. The program product of claim 7, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

13. A computer system comprising a processor, a memory coupled to said processor, and a computer-readable hardware storage device coupled to said processor, said storage device containing program code configured to be run by said processor via the memory to implement a method of policy-based development and runtime control of mobile applications that comprises:
- the processor receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;
  
  the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
  
  the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;
  
  the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;
  
  the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application;
  
  the processor enforcing the API policy by running code embedded into the enhanced application.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the security-related function comprises erasing data from a mobile device.
  - 15. The system of claim 14, wherein the modifying comprises:
    - the processor replacing the global policy with the latest valid global policy; and
      
      the processor replacing the API policy with the latest valid API policy.
  - 16. The system of claim 13, wherein the enforcing the API policy is selected from a group comprising:
    - erasing data from a mobile device;
      
      securing data on a mobile device through encryption, access control, or other security mechanism;
      
      restricting operations of the enhanced application at runtime;
      
      prompting a user for security credentials; and
      
      terminating the enhanced application;
      
      and wherein the restricting is selected from a group comprising;
      
      requiring a user to submit a set of security credentials;
      
      authenticating a set of security credentials submitted in response to the requiring;
      
      denying the enhanced application access to data; and
      
      encrypting data that is processed by the enhanced application.
  - 17. The system of claim 13, further comprising:
    - the processor ensuring that the application policy descriptor is current and valid, wherein the ensuring is performed at a time that is not a function of the launching of the enhanced application.
  - 18. The system of claim 13, wherein the method further comprises:
    - the processor updating the latest valid policy descriptor stored on the enterprise server.

19. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in a computer system, wherein the program code in combination with said computer system is configured to implement a method of policy-based development and runtime control of mobile applications that comprises:
- a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy;
  
  the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy;
  
  the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor;
  
  the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor;
  
  the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced applicationthe processor concluding that the latest valid global policy permits the enhanced application to launch;
  
  the processor launching the enhanced application; and
  
  the processor enforcing the API policy by running code embedded into the enhanced application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Kapoor, Shalini, Kodeswaran, Palanivel A., Kumar, Udayan, Nandakumar, Vikrant
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/732,729
Publication Number

US 20140189783A1
Time in Patent Office

811 Days
Field of Search

726/1, 726/22, 717/168, 717/170
US Class Current

726/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/6281   at program execution time, ...

H04L 63/20   for managing network securi...

Policy-based development and runtime control of mobile applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-based development and runtime control of mobile applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links