Secure execution of enterprise applications on mobile devices
First Claim
1. A method comprising:
- installing a secure launcher on a mobile device, the secure launcher being separate from a general launcher included within an operating system of the mobile device, the general launcher providing functionality for launching non-enterprise applications installed on the mobile device;
installing an enterprise application on the mobile device, the enterprise application including functionality for accessing an enterprise system;
modifying the enterprise application by replacing a request for the general launcher included within the operating system of the mobile device with a request for the secure launcher, the request for the secure launcher causing the enterprise application to be launched using the secure launcher, wherein the secure launcher enforces an authentication policy in which a user must enter valid authentication information when launching the enterprise application;
installing, on the mobile device, a secure virtual machine that is separate from a virtual machine of the operating system of the mobile device; and
configuring the mobile device such that the enterprise application, but none of the non-enterprise applications, runs within the secure virtual machine.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
454 Citations
21 Claims
-
1. A method comprising:
-
installing a secure launcher on a mobile device, the secure launcher being separate from a general launcher included within an operating system of the mobile device, the general launcher providing functionality for launching non-enterprise applications installed on the mobile device; installing an enterprise application on the mobile device, the enterprise application including functionality for accessing an enterprise system; modifying the enterprise application by replacing a request for the general launcher included within the operating system of the mobile device with a request for the secure launcher, the request for the secure launcher causing the enterprise application to be launched using the secure launcher, wherein the secure launcher enforces an authentication policy in which a user must enter valid authentication information when launching the enterprise application; installing, on the mobile device, a secure virtual machine that is separate from a virtual machine of the operating system of the mobile device; and configuring the mobile device such that the enterprise application, but none of the non-enterprise applications, runs within the secure virtual machine. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A mobile device comprising a processor and a memory, the mobile device having installed thereon:
-
a plurality of enterprise applications configured to communicate over a network with an enterprise system; and a secure launcher associated with a user interface for launching at least one enterprise application of the plurality of enterprise applications on the mobile device, the secure launcher being separate from a general launcher used to launch non-enterprise applications on the mobile device, the general launcher being a part of an operating system of the mobile device and the secure launcher being separate from the operating system; and a secure virtual machine separate from a virtual machine of the operating system, wherein the mobile device is configured such that the at least one enterprise application is executed by the secure virtual machine and such that the non-enterprise applications are executed by the operating system'"'"'s virtual machine, wherein at least one enterprise application of the plurality of enterprise applications is modified by replacing a request for the general launcher used to launch non-enterprise applications on the mobile device with a request for the secure launcher, the request for the secure launcher causing the at least one enterprise application to be launched using the secure launcher, wherein the secure launcher requests authentication information from a user of the mobile device when the user initiates a launch of the at least one enterprise application, and wherein the secure launcher is configured to block execution of the at least one enterprise application when the user fails to provide valid authentication information. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 20)
-
-
15. A method of providing a secure environment for execution of enterprise applications on a mobile device that includes non-enterprise applications installed thereon, the method comprising:
-
installing a secure virtual machine on the mobile device, the secure virtual machine being separate from a virtual machine included within an operating system of the mobile device; installing a secure launcher on the mobile device, the secure launcher being separate from a general launcher included within the operating system of the mobile device, wherein the secure launcher enforces an authentication policy in which a user of the mobile device must enter valid authentication information when launching an enterprise application installed on the mobile device; configuring the enterprise application to use the secure launcher by replacing a request for the general launcher with a request for the secure launcher; and configuring the enterprise application, but none of the non-enterprise applications, to run in the secure virtual machine, whereby the non-enterprise applications use the virtual machine included within the operating system; wherein the secure virtual machine includes functionality for implementing an encryption policy in which data stored on the mobile device by the at least one enterprise application is encrypted. - View Dependent Claims (16, 17, 18, 19, 21)
-
Specification