Limiting enterprise applications and settings on devices

US 9,245,128 B2
Filed: 03/06/2013
Issued: 01/26/2016
Est. Priority Date: 03/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a computing system having a hardware processor and memory with stored computer-executable instructions for providing applications to a device, the method comprising:

the computing system providing to the device a listing of a plurality of restrictions associated with a level of control over the device that a user of the device is requested to grant to an enterprise administrator, including presenting a first data access control that the enterprise administrator requests permission to perform on the device and a second data access control that the enterprise administrator requests permission to perform on the device;

the computing system receiving from the device user selections from among the plurality of restrictions, including a first user selection at the device that grants the enterprise administrator permission to perform the first data access control on the device and a second user selection at the device that denies the enterprise administrator permission to perform the second data access control on the device;

the computing system determining, based on the user selections, a first set of one or more applications that are allowed to be installed on the device, wherein the first set of one or more applications that are allowed to be installed on the device is a filtered set of applications that includes one or more first applications that are permitted to be installed on the device based on the user having granted the administrator permission to perform the first data access control on the device, and that excludes a second set of one or more applications that would be allowed to be installed on the device had the user granted the enterprise administrator permission to perform the second data access control on the device; and

the computing system providing to the device a listing of the first set of one or more applications subsequent to providing to the device the listing of the plurality of restrictions and subsequent to receiving the user selections.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.

Citations

21 Claims

1. A method implemented by a computing system having a hardware processor and memory with stored computer-executable instructions for providing applications to a device, the method comprising:
- the computing system providing to the device a listing of a plurality of restrictions associated with a level of control over the device that a user of the device is requested to grant to an enterprise administrator, including presenting a first data access control that the enterprise administrator requests permission to perform on the device and a second data access control that the enterprise administrator requests permission to perform on the device;
  
  the computing system receiving from the device user selections from among the plurality of restrictions, including a first user selection at the device that grants the enterprise administrator permission to perform the first data access control on the device and a second user selection at the device that denies the enterprise administrator permission to perform the second data access control on the device;
  
  the computing system determining, based on the user selections, a first set of one or more applications that are allowed to be installed on the device, wherein the first set of one or more applications that are allowed to be installed on the device is a filtered set of applications that includes one or more first applications that are permitted to be installed on the device based on the user having granted the administrator permission to perform the first data access control on the device, and that excludes a second set of one or more applications that would be allowed to be installed on the device had the user granted the enterprise administrator permission to perform the second data access control on the device; and
  
  the computing system providing to the device a listing of the first set of one or more applications subsequent to providing to the device the listing of the plurality of restrictions and subsequent to receiving the user selections.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the plurality of restrictions include at least one of requiring a password, requiring certain applications to be installed on the device, limiting access of the device to certain networks, requiring the device to have encryption turned on, requiring that there is an antivirus application installed, requiring that the antivirus application is up to date, requiring that the device meets a minimum OS version, requiring that a password on the device has a certain complexity level, requiring that a password on the device has certain history requirements, requiring that hardware of the device is configured a certain way, requiring that a camera on the device is disabled, or requiring that Bluetooth on the device is disabled.
  - 3. The method of claim 1, wherein the first data access control comprises at least one of erasing all user data on the device, restoring the device to factory settings, erasing all enterprise data on the device, or erasing data associated with certain applications on the device.
  - 4. The method of claim 1, wherein the device is generally configured to be used in a closed market environment that only allows generally available applications of the closed market to be installed on the device, and wherein the method further comprises authorizing the device to install applications outside of the generally available applications of the closed market, including sending an enterprise sideloading key to the device.
  - 5. The method of claim 4, further comprising receiving a listing of applications that are installed at the device, the listing excluding any applications that are installed at the device and that were obtained by the device from the closed market.
  - 6. The method of claim 1, wherein the first and second set of one or more applications are selected from applications provided by an enterprise, and are not generally available from a closed market that only allows generally available applications of the closed market to be installed on the device, but have been verified by a central authority responsible for the closed market.
  - 7. The method of claim 1, wherein the first set of one or more applications are installable at the device only when the device possesses a first sideloading key, and wherein the second set of one or more applications are installable at the device only when the device possesses a second sideloading key, the method further comprising providing only the first sideloading key to the device based on the user selections.

8. A system for installing applications and setting configuration on a device, the system comprising:
- one or more hardware processors; and
  
  one or more computer readable media, wherein the one or more computer readable media comprise computer executable instructions that are executable by the one or more of the processors and that configure the system to perform at least the following;
  
  provide to the device a listing of a plurality of restrictions associated with a level of control over the device that a user of the device is requested to grant to an enterprise administrator, including presenting a first data access control that the enterprise administrator requests permission to perform on the device and a second data access control that the enterprise administrator requests permission to perform on the device;
  
  receive from the device user selections from among the plurality of restrictions, including a first user selection at the device that grants the enterprise administrator permission to perform the first data access control on the device and a second user selection at the device that denies the enterprise administrator permission to perform the second data access control on the device;
  
  determine, based on the user selections, a first set of one or more applications that are allowed to be installed on the device, wherein the first set of one or more applications that are allowed to be installed on the device is a filtered set of applications that includes one or more first applications that are permitted to be installed on the device based on the user having granted the administrator permission to perform the first data access control on the device, and that excludes a second set of one or more applications that would be allowed to be installed on the device had the user granted the enterprise administrator permission to perform the second data access control on the device; and
  
  provide to the device a listing of the first set of one or more applications subsequent to providing to the device the listing of the plurality of restrictions and subsequent to receiving the user selections.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the plurality of restrictions include at least one of requiring a password, requiring certain applications to be installed on the device, limiting access of the device to certain networks, requiring the device to have encryption turned on, requiring that there is an antivirus application installed, requiring that the antivirus application is up to date, requiring that the device meets a minimum OS version, requiring that a password on the device has a certain complexity level, requiring that a password on the device has certain history requirements, requiring that hardware of the device is configured a certain way, requiring that a camera on the device is disabled, or requiring that Bluetooth on the device is disabled.
  - 10. The system of claim 8, wherein the first data access control comprises at least one of erasing all user data on the device, restoring the device to factory settings, erasing all enterprise data on the device, or erasing data associated with certain applications on the device.
  - 11. The system of claim 8, wherein the device is generally configured to be used in a closed market environment that only allows generally available applications of the closed market to be installed on the device, and wherein the computer executable instructions also configure the system to authorize the device to install applications outside of the generally available applications of the closed market, including sending an enterprise sideloading key to the device.
  - 12. The system of claim 11, wherein the computer executable instructions also configure the system to receive a listing of applications that are installed at the device, the listing excluding any applications that are installed at the device and that were obtained by the device from the closed market.
  - 13. The system of claim 8, wherein the first and second set of one or more applications are selected from applications provided by an enterprise, and are not generally available from a closed market that only allows generally available applications of the closed market to be installed on the device, but have been verified by a central authority responsible for the closed market.
  - 14. The system of claim 8, wherein the first set of one or more applications are installable at the device only when the device possesses a first sideloading key, and wherein the second set of one or more applications are installable at the device only when the device possesses a second sideloading key, and wherein the computer executable instructions also configure the system to provide only the first sideloading key to the device based on the user selections.

15. A computer program product comprising one or more computer-readable hardware storage devices comprising computer executable instructions that are executable by one or more processors of a computing system and that configure the computing system to perform at least the following:
- provide to the device a listing of a plurality of restrictions associated with a level of control over the device that a user of the device is requested to grant to an enterprise administrator, including presenting a first data access control that the enterprise administrator requests permission to perform on the device and a second data access control that the enterprise administrator requests permission to perform on the device;
  
  receive from the device user selections from among the plurality of restrictions, including a first user selection at the device that grants the enterprise administrator permission to perform the first data access control on the device and a second user selection at the device that denies the enterprise administrator permission to perform the second data access control on the device;
  
  determine, based on the user selections, a first set of one or more applications that are allowed to be installed on the device, wherein the first set of one or more applications that are allowed to be installed on the device is a filtered set of applications that includes one or more first applications that are permitted to be installed on the device based on the user having granted the administrator permission to perform the first data access control on the device, and that excludes a second set of one or more applications that would be allowed to be installed on the device had the user granted the enterprise administrator permission to perform the second data access control on the device; and
  
  provide to the device a listing of the first set of one or more applications subsequent to providing to the device the listing of the plurality of restrictions and subsequent to receiving the user selections.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15, wherein the plurality of restrictions include at least one of requiring a password, requiring certain applications to be installed on the device, or limiting access of the device to certain networks.
  - 17. The computer program product of claim 15, wherein the first data access control comprises at least one of erasing all user data on the device, restoring the device to factory settings, erasing all enterprise data on the device, or erasing data associated with certain applications on the device.
  - 18. The computer program product of claim 15, wherein the first and second set of one or more applications are selected from applications provided by an enterprise, and are not generally available from a closed market that only allows generally available applications of the closed market to be installed on the device, but have been verified by a central authority responsible for the closed market.
  - 19. The computer program product of claim 15, wherein the device is generally configured to be used in a closed market environment that only allows generally available applications of the closed market to be installed on the device, and wherein the computer executable instructions also configure the computing system to authorize the device to install applications outside of the generally available applications of the closed market, including sending an enterprise sideloading key to the device.
  - 20. The computer program product of claim 15, wherein the first set of one or more applications are installable at the device only when the device possesses a first sideloading key, and wherein the second set of one or more applications are installable at the device only when the device possesses a second sideloading key, and wherein the computer executable instructions also configure the computing system to provide only the first sideloading key to the device based on the user selections.
  - 21. The computer program product of claim 15, wherein the computer executable instructions also configure the computing system to receive a listing of applications that are installed at the device, the listing excluding any applications that are installed at the device and that were obtained by the device from the closed market.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Karaa, Hassen, Healy, Michael, Flegg, Brett D. A., Dhawan, Gaurav, Sutherland, Jeffrey
Primary Examiner(s)
Kim, Tae
Assistant Examiner(s)
TENG, LOUIS C

Application Number

US13/787,420
Publication Number

US 20140259178A1
Time in Patent Office

1,056 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 2221/2149   Restricted operating enviro...

G06F 8/61   Installation

H04W 4/50   Service provisioning or rec...

Limiting enterprise applications and settings on devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Limiting enterprise applications and settings on devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links