Rules based detection and correction of problems on mobile devices of enterprise users
First Claim
1. A mobile device comprising:
- a processor and memory;
an enterprise agent installed on the mobile device, the enterprise agent being configured to enable enterprise applications installed on the mobile device to securely access resources of an enterprise system of an enterprise, the enterprise agent being further configured to collect state metric data values of a plurality of state metrics associated with the mobile device;
a plurality of rules stored in the memory of the mobile device, each particular rule of the plurality of rules comprising a rule name, a security key, and an encrypted rule body comprising logic of the particular rule, at least some of the plurality of rules mapping states indicated by one or more of the state metric data values to problems indicative of security risks or productivity risks associated with the enterprise, a first problem of the problems comprising detecting downloading of more than a threshold amount of data to the mobile device within a time period, and a second problem of the problems comprising a disablement of password protection for the mobile device; and
remedial action data stored in the memory of the mobile device, the remedial action data specifying remedial actions for addressing the problems, each of the remedial actions corresponding to at least one problem of the problems and being included in at least one rule of the plurality of rules for detecting the at least one problem of the problems, a first remedial action of the remedial actions comprising producing a message on a user interface of the mobile device, the message instructing a user of the mobile device to activate the password protection for the mobile device, and a second remedial action of the remedial actions comprising reducing a download throughput to the mobile device for a portion of the time period;
wherein the enterprise agent installed on the mobile device is configured to;
programmatically detect instances of the problems by using the rules to analyze the state metric data values using a process comprising;
determining a rule of the rules to be analyzed based on the rule name of the rule to be analyzed;
decrypting the encrypted rule body of the rule to be analyzed using the security key;
evaluating the logic of the rule to be analyzed from the decrypted rule body; and
detecting an instance of one of the problems based on the state metric data values;
determine a remedial action of the remedial actions that corresponds to the one of the problems based on the decrypted rule body; and
respond to the detected instance of one of the problems by executing the remedial action of the remedial actions on the mobile device,wherein the enterprise agent installed on the mobile device is further configured to;
detect the disablement of the password protection for the mobile device;
respond to the detected disablement of the password protection for the mobile device by producing the message on the user interface of the mobile device, the message instructing the user of the mobile device to activate the password protection for the mobile device; and
determine whether the user of the mobile device activated the password protection for the mobile device within a threshold time period.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
517 Citations
23 Claims
-
1. A mobile device comprising:
-
a processor and memory; an enterprise agent installed on the mobile device, the enterprise agent being configured to enable enterprise applications installed on the mobile device to securely access resources of an enterprise system of an enterprise, the enterprise agent being further configured to collect state metric data values of a plurality of state metrics associated with the mobile device; a plurality of rules stored in the memory of the mobile device, each particular rule of the plurality of rules comprising a rule name, a security key, and an encrypted rule body comprising logic of the particular rule, at least some of the plurality of rules mapping states indicated by one or more of the state metric data values to problems indicative of security risks or productivity risks associated with the enterprise, a first problem of the problems comprising detecting downloading of more than a threshold amount of data to the mobile device within a time period, and a second problem of the problems comprising a disablement of password protection for the mobile device; and remedial action data stored in the memory of the mobile device, the remedial action data specifying remedial actions for addressing the problems, each of the remedial actions corresponding to at least one problem of the problems and being included in at least one rule of the plurality of rules for detecting the at least one problem of the problems, a first remedial action of the remedial actions comprising producing a message on a user interface of the mobile device, the message instructing a user of the mobile device to activate the password protection for the mobile device, and a second remedial action of the remedial actions comprising reducing a download throughput to the mobile device for a portion of the time period; wherein the enterprise agent installed on the mobile device is configured to; programmatically detect instances of the problems by using the rules to analyze the state metric data values using a process comprising; determining a rule of the rules to be analyzed based on the rule name of the rule to be analyzed; decrypting the encrypted rule body of the rule to be analyzed using the security key; evaluating the logic of the rule to be analyzed from the decrypted rule body; and detecting an instance of one of the problems based on the state metric data values; determine a remedial action of the remedial actions that corresponds to the one of the problems based on the decrypted rule body; and respond to the detected instance of one of the problems by executing the remedial action of the remedial actions on the mobile device, wherein the enterprise agent installed on the mobile device is further configured to; detect the disablement of the password protection for the mobile device; respond to the detected disablement of the password protection for the mobile device by producing the message on the user interface of the mobile device, the message instructing the user of the mobile device to activate the password protection for the mobile device; and determine whether the user of the mobile device activated the password protection for the mobile device within a threshold time period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory storage medium having stored thereon executable instructions that direct a mobile device to perform a process that comprises:
-
collecting state metric data values of a plurality of state metrics associated with the mobile device; receiving and storing a plurality of rules on the mobile device, at least some of the rules mapping states indicated by one or more of the state metric data values to problems indicative of security risks or productivity risks associated with an enterprise, at least one of the problems comprising a disablement of password protection for the mobile device; receiving and storing remedial action data that specifies remedial actions for addressing particular problems, each remedial action corresponding to one or more of the problems, at least one remedial action of the remedial actions comprising producing a message on a user interface of the mobile device, the message instructing a user of the mobile device to activate the password protection for the mobile device; detecting the disablement of the password protection for the mobile device; responding to the detected disablement of the password protection for the mobile device by producing the message on the user interface of the mobile device, the message instructing the user of the mobile device to activate the password protection for the mobile device; determining whether the user of the mobile device activated the password protection for the mobile device within a threshold time period; and in response to determining that the user has used the mobile device without activating the password protection for the mobile device within a time period, activating or deactivating a feature of the mobile device corresponding to the password protection for the mobile device. - View Dependent Claims (21)
-
-
22. A method comprising:
-
collecting, by a computing device, state metric data values of a plurality of state metrics associated with the computing device; receiving and storing a plurality of rules, at least some of the rules mapping states indicated by one or more of the state metric data values to problems indicative of security risks or productivity risks associated with an enterprise, at least one of the problems comprising a disablement of password protection for the computing device; receiving and storing remedial action data that specifies remedial actions for addressing particular problems, each remedial action corresponding to one or more of the problems, at least one remedial action of the remedial actions comprising producing a message on a user interface of the computing device, the message instructing a user of the computing device to activate the password protection for the computing device; detecting the disablement of the password protection for the computing device; responding to the detected disablement of the password protection for the computing device by producing the message on the user interface of the computing device, the message instructing the user of the computing device to activate the password protection for the computing device; determining whether the user of the computing device activated the password protection for the computing device within a threshold time period; and in response to determining that the user has used the computing device without activating the password protection for the computing device within a time period, activating or deactivating a feature of the computing device corresponding to the password protection for the computing device. - View Dependent Claims (23)
-
Specification