Controlling use of a business environment on a mobile device

US 9,247,042 B2
Filed: 11/16/2012
Issued: 01/26/2016
Est. Priority Date: 11/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method of controlling use of a business environment on a mobile device by an enterprise server, the method comprising:

receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server;

transmitting a virtual phone template to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device;

receiving a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server;

causing, if a first period of time passes without the mobile device successfully communicating with the enterprise server, an access to the virtual machine to be disabled; and

causing, if a second period of time passes without the mobile device successfully communicating with the enterprise server, the virtual phone image to be erased from the mobile device, wherein the first period of time is shorter than the second period of time,wherein the periodic transmission is transmitted by a management component running on the mobile device, wherein the management component runs in a privileged mode on the mobile device and cannot be manually terminated by the user, and wherein the method further comprises transmitting a security policy to the mobile device that specifies the first and second period of time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Citations

18 Claims

1. A method of controlling use of a business environment on a mobile device by an enterprise server, the method comprising:
- receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server;
  
  transmitting a virtual phone template to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device;
  
  receiving a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server;
  
  causing, if a first period of time passes without the mobile device successfully communicating with the enterprise server, an access to the virtual machine to be disabled; and
  
  causing, if a second period of time passes without the mobile device successfully communicating with the enterprise server, the virtual phone image to be erased from the mobile device, wherein the first period of time is shorter than the second period of time,wherein the periodic transmission is transmitted by a management component running on the mobile device, wherein the management component runs in a privileged mode on the mobile device and cannot be manually terminated by the user, and wherein the method further comprises transmitting a security policy to the mobile device that specifies the first and second period of time.
- View Dependent Claims (2, 3, 4, 5, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein at least a portion of the identifying information is information that authenticates the user to the enterprise server.
  - 3. The method of claim 1, wherein the identifying information is transmitted to the enterprise server from a provisioning component of a mobile package installed on mobile device that further comprises the hypervisor and the management component that transmits the periodic transmission.
  - 4. The method of claim 1, wherein if the first period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to disable an access to the virtual machine.
  - 5. The method of claim 4, wherein if the second period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to erase the virtual phone image from the mobile device.
  - 15. The method of claim 1, wherein the security policy comprises information regarding whether a password is required to access the business environment, information regarding the type and the strength of the password and information regarding an expiration period for the password.
  - 16. The method of claim 15, wherein the security policy further comprises information regarding a length of inactivity time before a lock screen is presented in the business environment and information regarding an amount of retries before a locking of the business environment.
  - 17. The method of claim 1, wherein causing, if the second period of time passes without the mobile device successfully communicating with the enterprise server, the virtual phone image to be erased from the mobile device comprises causing, if the second period of time passes without the mobile device successfully communicating with the enterprise server, only the business environment to be removed from the mobile device.
  - 18. The method of claim 1, wherein causing, if the second period of time passes without the mobile device successfully communicating with the enterprise server, the virtual phone image to be erased from the mobile device comprises causing, if the second period of time passes without the mobile device successfully communicating with the enterprise server, the virtual phone image to be erased from the mobile device without affecting a personal use of the mobile device.

6. A server configured to control use of a business environment on a mobile device comprising a processor configured to perform the steps of:
- receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the server;
  
  transmitting a virtual phone template to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device;
  
  receiving a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the server;
  
  causing, if a first period of time passes without the mobile device successfully communicating with the server, an access to the virtual machine to be disabled; and
  
  causing, if a second period of time passes without the mobile device successfully communicating with the server, the virtual phone image to be erased from the mobile device, wherein the first period of time is shorter than the second period of time,wherein the periodic transmission is transmitted by a management component running on the mobile device, wherein the management component runs in a privileged mode on the mobile device and cannot be manually terminated by the user, and wherein the steps further comprise transmitting a security policy to the mobile device that specifies the first and second period of time.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The server of claim 6, wherein at least a portion of the identifying information is information that authenticates the user to the server.
  - 8. The server of claim 6, wherein the identifying information is transmitted to the server from a provisioning component of a mobile package installed on mobile device that further comprises the hypervisor and the management component that transmits the periodic transmission.
  - 9. The server of claim 6, wherein if the first period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to disable an access to the virtual machine.
  - 10. The server of claim 9, wherein if the second period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to erase the virtual phone image from the mobile device.

11. A non-transitory computer readable storage medium comprising instructions that cause a processor of a server to control use of a business environment on a mobile device by performing the steps of:
- receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the server;
  
  transmitting a virtual phone template to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device;
  
  receiving a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the server;
  
  causing, if a first period of time passes without the mobile device successfully communicating with the server, an access to the virtual machine to be disabled; and
  
  causing, if a second period of time passes without the mobile device successfully communicating with the server, the virtual phone image to be erased from the mobile device, wherein the first period of time is shorter than the second period of time,wherein the periodic transmission is transmitted by a management component running on the mobile device, wherein the management component runs in a privileged mode on the mobile device and cannot be manually terminated by the user, and wherein the steps further comprise transmitting a security policy to the mobile device that specifies the first and second period of time.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer readable storage medium of claim 11, wherein the identifying information is transmitted to the server from a provisioning component of a mobile package installed on mobile device that further comprises the hypervisor and the management component that transmits the periodic transmission.
  - 13. The non-transitory computer readable storage medium of claim 11, wherein if the first period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to disable an access to the virtual machine.
  - 14. The non-transitory computer readable storage medium of claim 13, wherein if the second period of time passes without the mobile device successfully communicating with the enterprise server, the management component is configured to erase the virtual phone image from the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Deasy, Stephen, Meyer, Robert, Newell, Craig, Sit, Emil, Wisner, Paul, Furodet, David, Gyuris, Viktor, Strudel, Fanny
Primary Examiner(s)
Hu, Jinsong
Assistant Examiner(s)
Glomah, Tabla

Application Number

US13/678,976
Publication Number

US 20130130652A1
Time in Patent Office

1,166 Days
Field of Search
US Class Current

1/1
CPC Class Codes

C09J 7/21   Paper; Textile fabrics

C09J 7/30   characterised by the adhesi...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/445   Program loading or initiati...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45529   Embedded in an application,...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/46   Multiprogramming arrangements

H04L 63/0272   Virtual private networks

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

H04N 21/443   OS processes, e.g. booting ...

H04N 21/4437   Implementing a Virtual Mach...

H04W 12/37   Managing security policies ...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 76/10   Connection setup

H04W 8/22 : Processing or transfer of t...

Y10T 428/14 : Layer or component removabl...

View All

Controlling use of a business environment on a mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling use of a business environment on a mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links