Managing use of network resources

US 9,369,466 B2
Filed: 06/21/2012
Issued: 06/14/2016
Est. Priority Date: 06/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method of managing use of network resources on a device, the method comprising:

receiving, from user input received at the device, an indication whether to allow a personal application associated with a personal perimeter on the device to access an enterprise network resource associated with an enterprise perimeter on the device, wherein the enterprise perimeter is configured to prevent resources of the device external to the enterprise perimeter from accessing enterprise resources, including the enterprise network resource, associated with the enterprise perimeter unless an indication from user input is received granting access to an external resource, the enterprise perimeter including parameters for accessing a first wireless network and the personal perimeter including parameters for accessing a second wireless network that is different than the first wireless network;

receiving outbound data from the personal application associated with the personal perimeter;

determining that the enterprise perimeter includes a policy that allows the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter, wherein personal resources associated with the personal perimeter, including the personal application, are different from enterprise resources associated with the enterprise perimeter;

presenting, on the device, a user interface that allows a selection whether to allow the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter;

determining, according to the selection, whether to route the outbound data to the enterprise network resource associated with the enterprise perimeter, wherein the device is connected to the first and the second wireless networks;

if the outbound data is determined to be routed to the enterprise network resource, routing the outbound data to the first wireless network; and

if the outbound data is determined not to be routed to the enterprise network resource, routing the outbound data to the second wireless network without disabling a connection to the first wireless network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some aspects of what is described here relate to managing the use of network resources on a mobile device. User input received at the device indicates whether to allow an application associated with a first perimeter on the device to access a network resource associated with a second perimeter on the device. For example, in some instances user input may indicate whether to allow data from applications associated with a personal perimeter on the device to be transmitted over an enterprise communication system. When outbound data associated with the first perimeter are received, the device determines, according to the indication from the user input, whether to route the outbound data to the network resource associated with the second perimeter.

259 Citations

15 Claims

1. A method of managing use of network resources on a device, the method comprising:
- receiving, from user input received at the device, an indication whether to allow a personal application associated with a personal perimeter on the device to access an enterprise network resource associated with an enterprise perimeter on the device, wherein the enterprise perimeter is configured to prevent resources of the device external to the enterprise perimeter from accessing enterprise resources, including the enterprise network resource, associated with the enterprise perimeter unless an indication from user input is received granting access to an external resource, the enterprise perimeter including parameters for accessing a first wireless network and the personal perimeter including parameters for accessing a second wireless network that is different than the first wireless network;
  
  receiving outbound data from the personal application associated with the personal perimeter;
  
  determining that the enterprise perimeter includes a policy that allows the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter, wherein personal resources associated with the personal perimeter, including the personal application, are different from enterprise resources associated with the enterprise perimeter;
  
  presenting, on the device, a user interface that allows a selection whether to allow the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter;
  
  determining, according to the selection, whether to route the outbound data to the enterprise network resource associated with the enterprise perimeter, wherein the device is connected to the first and the second wireless networks;
  
  if the outbound data is determined to be routed to the enterprise network resource, routing the outbound data to the first wireless network; and
  
  if the outbound data is determined not to be routed to the enterprise network resource, routing the outbound data to the second wireless network without disabling a connection to the first wireless network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the method further comprises routing the outbound data to one of the enterprise network resources associated with the enterprise perimeter.
  - 3. The method of claim 1, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication not to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the method further comprises routing the outbound data to a network resource associated with the personal perimeter.
  - 4. The method of claim 1, wherein the personal perimeter includes a first policy that defines rules for accessing resources associated with the personal perimeter, and the enterprise perimeter includes a second policy that defines rules for accessing resources associated with the enterprise perimeter.
  - 5. The method of claim 1, wherein the indication comprises an indication whether to allow data associated with the personal perimeter to be transmitted over an enterprise communication system.
  - 6. The method of claim 5, wherein the enterprise communication system includes at least one of a virtual private network of the enterprise or a wireless local area network of the enterprise.

7. A device comprising:
- one or more hardware processors operable to;
  
  generate a personal perimeter that includes a personal application and parameters for accessing a second wireless network;
  
  generate an enterprise perimeter that includes an enterprise network resource, wherein the enterprise perimeter is configured to prevent resources of the device external to the enterprise perimeter from accessing resources, including the enterprise network resource, associated with the enterprise perimeter unless an indication from user input is received granting access to an external resource, the enterprise perimeter including parameters for accessing a first wireless network that is different than the second wireless network;
  
  determine that the enterprise perimeter includes a policy that allows the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter, wherein resources associated with the personal perimeter, including the personal application, are different from resources associated with the enterprise perimeter;
  
  generate a user interface operable to receive an indication whether to allow the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter, the user interface comprising a graphical user interface that allows a selection whether to allow the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter;
  
  receive outbound data from the personal application associated with the personal perimeter;
  
  determine, according to the indication, whether to route the outbound data to the enterprise network resource associated with the enterprise perimeter, wherein the device is connected to the first and the second wireless networks;
  
  if the outbound data is determined to be routed to the enterprise network resource, route the outbound data to the first wireless network; and
  
  if the outbound data is determined not to be routed to the enterprise network resource, route the outbound data to the second wireless network without disabling a connection to the first wireless network.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The device of claim 7, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the one or more processors further operable to route the outbound data to one of the enterprise network resources associated with the enterprise perimeter in response to the determination according to the indication.
  - 9. The device of claim 7, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication not to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the one or more processors are further operable to route the outbound data to a network resource associated with the personal perimeter in response to the determination according to the indication.
  - 10. The device of claim 7, wherein the indication comprises an indication whether to allow data from the personal perimeter to be transmitted over an enterprise communication system.
  - 11. The device of claim 10, the one or more hardware processors are further operable to communicate with the enterprise communication system.

12. A non-transitory computer-readable storage medium comprising instructions that are operable when executed to cause data processing apparatus to perform operations comprising:
- receiving, from user input received at a device, an indication whether to allow a personal application associated with a personal perimeter on the device to access a enterprise network resource associated with an enterprise perimeter on the device, wherein the enterprise perimeter is configured to prevent resources of the device external to the enterprise perimeter from accessing resources, including the enterprise network resource, associated with the enterprise perimeter unless an indication from user input is received granting access to an external resource, the enterprise perimeter including parameters for accessing a first wireless network and the personal perimeter including parameters for accessing a second wireless network that is different than the first wireless network;
  
  receiving outbound data from the personal application associated with the personal perimeter;
  
  determining that the enterprise perimeter includes a policy that allows the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter, wherein resources associated with the personal perimeter, including the personal application, are different from resources associated with the enterprise perimeter;
  
  presenting, on the device, a user interface that allows a selection whether to allow the personal application associated with the personal perimeter to access the enterprise network resource associated with the enterprise perimeter;
  
  determining, according to the indication from the user input, whether to route the outbound data to the enterprise network resource associated with the enterprise perimeter, wherein the device is connected to the first and the second wireless networks;
  
  if the outbound data is determined to be routed to the enterprise network resource, routing the outbound data to the first wireless network; and
  
  if the outbound data is determined not to be routed to the enterprise network resource, routing the outbound data to the second wireless network without disabling a connection to the first wireless network.
- View Dependent Claims (13, 14, 15)
- - 13. The computer-readable storage medium of claim 12, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the operations further include routing the outbound data to one of the enterprise network resources associated with the enterprise perimeter.
  - 14. The computer-readable storage medium of claim 12, wherein the personal perimeter includes multiple personal applications, the enterprise perimeter includes multiple enterprise network resources, the indication comprises an indication not to allow any personal application associated with the personal perimeter to access any enterprise network resource associated with the enterprise perimeter, and the operations further include routing the outbound data to a network resource associated with the personal perimeter.
  - 15. The computer-readable storage medium of claim 12, wherein the indication comprises an indication whether to allow data associated with the personal perimeter to be transmitted over an enterprise communication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Ryerson, Christopher Maybee, Bender, Christopher Lyle, Winkler, Michael Thomas, Bukurak, David, Altman, Benjamin
Primary Examiner(s)
Tang, Karen
Assistant Examiner(s)
HABTEMARIAM, MELAKU Y

Application Number

US13/529,509
Publication Number

US 20130346606A1
Time in Patent Office

1,454 Days
Field of Search

709224-226, 709/211, 709/229
US Class Current

1/1
CPC Class Codes

H04L 47/70   Admission control; Resource...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04W 12/084   using delegated authorisati...

H04W 12/088   using filters or firewalls

Managing use of network resources

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

259 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Managing use of network resources

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

259 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links