Policy-based application management
First Claim
1. A method, comprising:
- receiving, by an electronic mobile device, a managed personal information management (PIM) application from an application server during a first communication, the managed PIM application being constructed to operate in accordance with a set of one or more policy files, wherein the one or more policy files define access controls that are enforced, by a mobile device management system on the electronic mobile device, against a plurality of different managed applications executing on the electronic mobile device;
receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed PIM application;
running, by a processor, the managed PIM application on the electronic mobile device, the managed PIM application operating in accordance with the set of one or more policy files, wherein one of the policy files alters a message processing functionality of the managed PIM application on the electronic mobile device by defining one or more of the plurality of managed applications with which data sharing is permitted by the managed PIM application, and restricting the managed PIM application from sharing data with any application not permitted by the one or more policy files;
communicating, by the managed PIM application and based on the set of one or more policy files, with an enterprise resource via one or more application tunnels, wherein the managed PIM application, based on the set of one or more policy files, selectively employs caching and/or a compression technique within the one or more application tunnels; and
selectively providing a single sign-on (SSO) credential, by the managed PIM application in accordance with the set of one or more policy files, to authenticate a user and access a document stored in a secure document container of the mobile device, wherein the managed PIM application encrypts data stored in the secure document container, wherein the set of one or more policy files permit use of the SSO credential with the managed PIM application and block use of the SSO credential with a different application.
7 Assignments
0 Petitions
Accused Products
Abstract
Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user'"'"'s own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.
618 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by an electronic mobile device, a managed personal information management (PIM) application from an application server during a first communication, the managed PIM application being constructed to operate in accordance with a set of one or more policy files, wherein the one or more policy files define access controls that are enforced, by a mobile device management system on the electronic mobile device, against a plurality of different managed applications executing on the electronic mobile device; receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed PIM application; running, by a processor, the managed PIM application on the electronic mobile device, the managed PIM application operating in accordance with the set of one or more policy files, wherein one of the policy files alters a message processing functionality of the managed PIM application on the electronic mobile device by defining one or more of the plurality of managed applications with which data sharing is permitted by the managed PIM application, and restricting the managed PIM application from sharing data with any application not permitted by the one or more policy files; communicating, by the managed PIM application and based on the set of one or more policy files, with an enterprise resource via one or more application tunnels, wherein the managed PIM application, based on the set of one or more policy files, selectively employs caching and/or a compression technique within the one or more application tunnels; and selectively providing a single sign-on (SSO) credential, by the managed PIM application in accordance with the set of one or more policy files, to authenticate a user and access a document stored in a secure document container of the mobile device, wherein the managed PIM application encrypts data stored in the secure document container, wherein the set of one or more policy files permit use of the SSO credential with the managed PIM application and block use of the SSO credential with a different application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory computer readable media storing computer instructions that, when executed, cause an electronic mobile device to manage a personal information management (PIM) application by:
-
receiving, by the electronic mobile device, a managed personal information management (PIM) application from an application server during a first communication, the managed PIM application being constructed to operate in accordance with a set of one or more policy files, wherein the one or more policy files define access controls that are enforced, by a mobile device management system on the electronic mobile device, against a plurality of different managed applications executing on the electronic mobile device; receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed application; running, by a processor, the managed PIM application on the mobile device, the managed PIM application operating in accordance with the set of one or more policy files, wherein one of the policy files alters a characteristic of the managed PIM application on the electronic mobile device while not altering a similar characteristic of any non-PIM applications on the electronic mobile device; communicating, by the managed PIM application and based on the set of one or more policy files, with an enterprise resource via one or more application tunnels, wherein the managed PIM application, based on the set of one or more policy files, selectively employs caching and/or a compression technique within the one or more application tunnels; and selectively providing a single sign-on (SSO) credential, by the managed PIM application in accordance with the set of one or more policy files, to authenticate a user and access a document stored in a secure document container of the electronic mobile device, wherein the managed PIM application encrypts data stored in the secure document container, wherein the set of one or more policy files permit use of the SSO credential for responding to digest challenges and block use of the SSO credential for responding to certificate challenges. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An electronic mobile device, comprising:
-
a processor; and memory storing computer readable instructions that, when executed by the processor, cause the electronic mobile device to manage a personal information management (PIM) application by; receiving, by the electronic mobile device, a managed personal information management (PIM) application from an application server during a first communication, the managed PIM application being constructed to operate in accordance with a set of one or more policy files, wherein the one or more policy files define access controls that are enforced, by a mobile device management system on the electronic mobile device, against a plurality of different managed applications executing on the electronic mobile device; receiving, by the electronic mobile device, the set of one or more policy files from the application server during a second communication which is different than the first communication, the set of one or more policy files being stored on the electronic mobile device separately from the managed PIM application; running, by the processor, the managed PIM application on the electronic mobile device, the managed PIM application operating in accordance with the set of one or more policy files, wherein one of the policy files alters a characteristic of the managed PIM application on the electronic mobile device while not altering a similar characteristic of any non-PIM applications on the electronic mobile device; communicating, by the managed PIM application and based on the set of one or more policy files, with an enterprise resource via one or more application tunnels, wherein the managed PIM application, based on the set of one or more policy files, selectively employs caching and/or a compression technique within the one or more application tunnels; and selectively providing a single sign-on (SSO) credential, by the managed PIM application and based on the set of one or more policy files, to authenticate a user and access a document stored in a secure document container of the mobile device, wherein the managed PIM application encrypts data stored in the secure document container, wherein the set of one or more policy files permit use of the SSO credential for responding to certificate challenges and block use of the SSO credential for responding to digest challenges. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification