Policy-based secure containers for multiple enterprise applications

US 9,276,963 B2
Filed: 12/28/2012
Issued: 03/01/2016
Est. Priority Date: 12/28/2012
Status: Active Grant

First Claim

Patent Images

1. A client computing device for applying enterprise policies to applications comprising:

trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and

security management circuitry to;

send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data;

receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application;

determine whether a secure container exists on the client computing device for the security policy;

construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; and

add the enterprise application to the secure container;

wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

7 Citations

View as Search Results

20 Claims

1. A client computing device for applying enterprise policies to applications comprising:
- trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and
  
  security management circuitry to;
  
  send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data;
  
  receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application;
  
  determine whether a secure container exists on the client computing device for the security policy;
  
  construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; and
  
  add the enterprise application to the secure container;
  
  wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The client computing device of claim 1, wherein the security management circuitry is further to receive the enterprise application from the enterprise policy server.
  - 3. The client computing device of claim 1, wherein the security policy comprises a security policy to:
    - allow the enterprise application to securely communicate with other enterprise applications in the secure container; and
      
      prevent the enterprise application from communicating with applications not in the secure container.
  - 4. The client computing device of claim 1, wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application.
  - 5. The client computing device of claim 4, wherein the security policy comprises a security policy to require the user to authenticate for the secure container without requiring the user to authenticate for the enterprise application of the secure container.
  - 6. The client computing device of claim 1, wherein the security policy comprises a security policy to:
    - (i) encrypt data accessed or stored by the enterprise application or (ii) remove data created by the enterprise application when the enterprise application terminates.
  - 7. The client computing device of claim 1, wherein the security policy comprises a security policy to log activities of the enterprise application.

8. One or more non-transitory, machine readable storage media comprising a plurality of instructions that in response to being executed result in a client computing device:
- sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device;
  
  sending a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data;
  
  receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application;
  
  determining, on the client computing device, whether a secure container exists for the security policy;
  
  constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist;
  
  adding, on the client computing device, the enterprise application to the secure container;
  
  executing, on the client computing device, the enterprise application; and
  
  enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, machine-readable media of claim 8, further comprising a plurality of instructions that in response to being executed result in the client computing device receiving the enterprise application from the enterprise policy server.
  - 10. The non-transitory, machine-readable media of claim 8, wherein enforcing the security policy comprises:
    - allowing the enterprise application to securely communicate with other enterprise applications in the secure container; and
      
      preventing the enterprise application from communicating with applications not in the secure container.
  - 11. The non-transitory, machine-readable media of claim 8, wherein enforcing the security policy comprises requiring a user of the client computing device to authenticate prior to execution of the enterprise application.
  - 12. The non-transitory, machine-readable media of claim 11, wherein requiring the user to authenticate comprises requiring the user to authenticate for the secure container without requiring the user to authenticate for the enterprise application of the secure container.
  - 13. The non-transitory, machine-readable media of claim 8, wherein enforcing the security policy comprises one of:
    - (i) encrypting data accessed or stored by the enterprise application or (ii) removing data created by the enterprise application when the enterprise application terminates.
  - 14. The non-transitory, machine-readable media of claim 8, wherein enforcing the security policy comprises logging activities of the enterprise application.

15. A method to apply enterprise policies to applications on a client computing device, the method comprising:
- sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device;
  
  sending, from the client computing device, a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data;
  
  receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application;
  
  determining, on the client computing device, whether a secure container exists for the security policy;
  
  constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist;
  
  adding, on the client computing device, the enterprise application to the secure container;
  
  executing, on the client computing device, the enterprise application; and
  
  enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein enforcing the security policy comprises:
    - allowing the enterprise application to securely communicate with other enterprise applications in the secure container; and
      
      preventing the enterprise application from communicating with applications not in the secure container.
  - 17. The method of claim 15, wherein enforcing the security policy comprises requiring a user of the client computing device to authenticate prior to execution of the enterprise application.
  - 18. The method of claim 17, wherein requiring the user to authenticate comprises requiring the user to authenticate for the secure container without requiring the user to authenticate for the enterprise application of the secure container.
  - 19. The method of claim 15, wherein enforcing the security policy comprises one of:
    - (i) encrypting data accessed or stored by the enterprise application or (ii) removing data created by the enterprise application when the enterprise application terminates.
  - 20. The method of claim 15, wherein enforcing the security policy comprises logging activities of the enterprise application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Viswanathan, Tarun, Kahana, Uri, Ross, Alan, Birk, Eran
Primary Examiner(s)
Harriman, Dant Shaifer
Assistant Examiner(s)
Getachew, Abiy

Application Number

US13/729,586
Publication Number

US 20140189777A1
Time in Patent Office

1,159 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

Policy-based secure containers for multiple enterprise applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Policy-based secure containers for multiple enterprise applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others