Gateway for controlling mobile device access to enterprise resources
First Claim
1. A system comprising:
- an enterprise resource comprising computer hardware configured to electronically communicate with a computing device over a communication network; and
a gateway comprising computer hardware, the gateway configured to;
receive a request from a mobile device to access the enterprise resource, the request formatted according to a protocol and including a property of the mobile device, the request comprising a header and a payload;
store a gateway rule comprising an indication to encrypt data transmitted to the mobile device via the gateway when the property of the request from the mobile device corresponds to a property value in the gateway rule;
parse the payload of the request from the mobile device to determine a character-encoding scheme of the payload of the request;
based on the character-encoding scheme of the payload of the request, determine whether the property of the request from the mobile device corresponds to the property value in the gateway rule; and
responsive to determining that the property of the request from the mobile device corresponds to the property value in the gateway rule, cause the data transmitted to the mobile device via the gateway to be encrypted.
10 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
-
Citations
29 Claims
-
1. A system comprising:
-
an enterprise resource comprising computer hardware configured to electronically communicate with a computing device over a communication network; and a gateway comprising computer hardware, the gateway configured to; receive a request from a mobile device to access the enterprise resource, the request formatted according to a protocol and including a property of the mobile device, the request comprising a header and a payload; store a gateway rule comprising an indication to encrypt data transmitted to the mobile device via the gateway when the property of the request from the mobile device corresponds to a property value in the gateway rule; parse the payload of the request from the mobile device to determine a character-encoding scheme of the payload of the request; based on the character-encoding scheme of the payload of the request, determine whether the property of the request from the mobile device corresponds to the property value in the gateway rule; and responsive to determining that the property of the request from the mobile device corresponds to the property value in the gateway rule, cause the data transmitted to the mobile device via the gateway to be encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Non-transitory computer-readable media storing executable instructions that, when executed by one or more processors, cause a system to:
-
receive, from a mobile device, a request to access an enterprise resource, the request formatted according to a protocol and including a property of the mobile device, the request comprising a header and a payload; parse the payload of the request to determine a character-encoding scheme of the payload of the request; based on the character-encoding scheme of the payload of the request, determine whether the property of the request from the mobile device corresponds to a property value in a gateway rule stored on the system; and responsive to determining that the property of the request corresponds to the property value in the gateway rule, cause data transmitted to the mobile device via the gateway to be encrypted. - View Dependent Claims (10, 11, 12)
-
-
13. A method comprising:
-
monitoring, by a computing device, communications between a mobile device and an enterprise resource of an enterprise-computing system; detecting, by the computing device, that a selected one of the communications between the mobile device and the enterprise resource is formatted according to a protocol; parsing, by the computing device, a payload of the selected one of the communications to determine a character-encoding scheme of the payload; based on the character-encoding scheme of the payload, determining, by the computing device, whether a condition of the selected one of the communications corresponds to a condition identified in one or more predefined rules; and responsive to determining that the condition of the selected one of the communications corresponds to the condition identified in the one or more predefined rules, encrypting, by the computing device, data in the selected one of the communications between to the mobile device and the enterprise resource, the data being transmitted via the computing device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system comprising:
-
one or more processors; and non-transitory memory storing executable instructions that, when executed by the one or more processors, cause the system to; receive, from a mobile device, a request to access an enterprise resource, the request formatted according to a protocol and including a property of the mobile device, the request comprising a header and a payload; parse the payload of the request to determine a character-encoding scheme of the payload of the request; based on the character-encoding scheme of the payload of the request, determine whether the property of the request from the mobile device corresponds to a property value in a rule stored on the system; and responsive to determining that the property of the request corresponds to the property value in the rule, cause data transmitted to the mobile device via the system to be encrypted. - View Dependent Claims (27)
-
-
28. A gateway comprising:
-
one or more processors; and non-transitory memory storing executable instructions that, when executed by the one or more processors, cause the gateway to; receive, from a mobile device, a request to access an enterprise resource, the request formatted according to a protocol and including a property of the mobile device, the request comprising a header and a payload; parse the payload of the request to determine a character-encoding scheme of the payload of the request; based on the character-encoding scheme of the payload of the request, determine whether the property of the request from the mobile device corresponds to a property value in a gateway rule stored on the gateway; and responsive to determining that the property of the request corresponds to the property value in the gateway rule, cause data transmitted to the mobile device via the gateway to be encrypted. - View Dependent Claims (29)
-
Specification