Policy-based secure containers for multiple enterprise applications
First Claim
1. A client computing device for applying enterprise policies to applications comprising:
- trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and
security management circuitry to;
send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data;
receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application;
determine whether a secure container exists on the client computing device for the security policy;
construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; and
add the enterprise application to the secure container;
wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.
7 Citations
20 Claims
-
1. A client computing device for applying enterprise policies to applications comprising:
-
trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and security management circuitry to; send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data; receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application; determine whether a secure container exists on the client computing device for the security policy; construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; and add the enterprise application to the secure container; wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory, machine readable storage media comprising a plurality of instructions that in response to being executed result in a client computing device:
-
sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; sending a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method to apply enterprise policies to applications on a client computing device, the method comprising:
-
sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; sending, from the client computing device, a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification