System for the distribution and deployment of applications, with provisions for security and policy conformance

US 9,350,761 B1
Filed: 08/01/2014
Issued: 05/24/2016
Est. Priority Date: 09/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method of distributing applications, comprising:

receiving an instance of an application into an application distribution system, wherein said application distribution system includes a user interface, the user interface providing access to the applications available via the application distribution system;

embedding application logic into the application, the application logic comprising at least one policy, the at least one policy being enforced when the application is executed on an endpoint device;

performing an analysis of the application logic according to the at least one policy to confirm that said logic complies with said at least one policy;

wherein the application distribution system includes a user access policy; and

wherein the user access policy determines the applications that appear to a user, via the user interface, as available.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for deploying applications to end point devices. The applications are obtained from a marketplace that checks the applications and packages them for endpoint use according to certain policies. Packaging an application includes compiling or assembling and linking the application, possibly with a framework and possibly with a binding token, which can be a device binding token and/or a user binding token. The application is loaded onto an endpoint device and if the application is bound to the device and the user is allowed to use the application, the application is enabled to be used on the endpoint device. A gateway between the endpoint device and an authentication server helps to authenticate the user. The gateway also manages data transfers between the endpoint device and a data server according to a selected protocol.

82 Citations

View as Search Results

19 Claims

1. A method of distributing applications, comprising:
- receiving an instance of an application into an application distribution system, wherein said application distribution system includes a user interface, the user interface providing access to the applications available via the application distribution system;
  
  embedding application logic into the application, the application logic comprising at least one policy, the at least one policy being enforced when the application is executed on an endpoint device;
  
  performing an analysis of the application logic according to the at least one policy to confirm that said logic complies with said at least one policy;
  
  wherein the application distribution system includes a user access policy; and
  
  wherein the user access policy determines the applications that appear to a user, via the user interface, as available.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising:
    - authenticating, via the user interface, a user in accordance with the at least one policy; and
      
      providing user access to the application distribution system if the user is authenticated.
  - 3. The method of claim 1,wherein the application instance is received from within the application distribution system or a source external to the application distribution system.
  - 4. The method of claim 1, comprising:
    - transferring an application instance from one marketplace to another marketplace within the application distribution system; and
      
      wherein the step of transferring includes encrypting the application logic prior to the transfer and decrypting the application logic upon receipt.
  - 5. The method of claim 1, comprising:
    - receiving a request to download an executable version of the application to an endpoint device; and
      
      converting an instance of the application to an executable application prior to downloading the executable application, wherein the step of converting includes compiling and linking of the application.
  - 6. The method of claim 5, embedding application logic into the application comprising:
    - building a token into the application prior to downloading the executable application, wherein the endpoint device includes a framework, and wherein the compiling and linking step includes combining the framework with the application logic.
  - 7. The method of claim 6,wherein the endpoint device has a particular user;
    - andwherein the token is a token that binds the application to the particular user.
  - 8. The method of claim 6,wherein the token is a token that binds the application to the device.
  - 9. The method of claim 1,wherein the endpoint device has a particular user who belongs to a user group, said group requiring a particular set of data access addresses;
    - andfurther comprising rewriting the set of data access addresses according to the group of the user.

10. A computing device configured for distributing applications, comprising:
- a processor;
  
  memory in electronic communication with the processor, wherein the memory stores computer executable instructions that when executed by the processor cause the processor to perform the steps of;
  
  receiving an instance of an application into an application distribution system, wherein said application distribution system includes a user interface, the user interface providing access to the applications available via the application distribution system;
  
  embedding application logic into the application, the application logic comprising at least one policy, the at least one policy being enforced when the application is executed on an endpoint device;
  
  performing an analysis of the application logic according to the at least one policy to confirm that said logic complies with said at least one policy;
  
  wherein the application distribution system includes a user access policy; and
  
  wherein the user access policy determines the applications that appear to a user, via the user interface, as available.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computing device of claim 10, wherein the instructions executed by the processor cause the processor to perform the steps of:
    - authenticating, via the user interface, a user in accordance with the at least one policy; and
      
      providing user access to the application distribution system if the user is authenticated.
  - 12. The computing device of claim 10, wherein the application instance is received from within the application distribution system or a source external to the distribution system.
  - 13. The computing device of claim 10, wherein the instructions executed by the processor cause the processor to perform the steps of:
    - transferring an application instance from one marketplace to another marketplace within the application distribution system; and
      
      wherein the step of transferring includes encrypting the application logic prior to the transfer and decrypting the application logic upon receipt.
  - 14. The computing device of claim 10, wherein the instructions executed by the processor cause the processor to perform the steps of:
    - receiving a request to download an executable version of the application to an endpoint device; and
      
      converting an instance of the application to an executable application prior to downloading the executable application, wherein the step of converting includes compiling and linking of the application.
  - 15. The computing device of claim 14, wherein the instructions executed by the processorto embed application logic into the application cause the processor to perform the steps of:
    - building a token into the application prior to downloading the executable application, wherein the endpoint device includes a framework, and wherein the compiling and linking step includes combining the framework with the application logic.
  - 16. The computing device of claim 15,wherein the endpoint device has a particular user;
    - andwherein the token is a token that binds the application to the particular user.
  - 17. The computing device of claim 10, wherein the token is a token that binds the application to the device.
  - 18. The computing device of claim 10,wherein the endpoint device has a particular user who belongs to a user group, said group requiring a particular set of data access addresses;
    - andfurther comprising rewriting the set of data access addresses according to the group of the user.

19. A non-transitory computer-readable storage medium storing computer executable instructions that when executed by a processor cause the processor to perform the steps of:
- receiving an instance of an application into an application distribution system, wherein said application distribution system includes a user interface, the user interface providing access to the applications available via the application distribution system;
  
  embedding application logic into the application, the application logic comprising at least one policy, the at least one policy being enforced when the application is executed on an endpoint device;
  
  performing an analysis of the application logic according to the at least one policy to confirm that said logic complies with said at least one policy;
  
  wherein the application distribution system includes a user access policy; and
  
  wherein the user access policy determines the applications that appear to a user, via the user interface, as available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Enderwick, Thomas Jeffrey, Perret, Christopher Edward
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/450,181
Time in Patent Office

662 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

G06F 8/60   Software deployment

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

System for the distribution and deployment of applications, with provisions for security and policy conformance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System for the distribution and deployment of applications, with provisions for security and policy conformance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links