System for the distribution and deployment of applications, with provisions for security and policy conformance
First Claim
1. A method for deploying applications to endpoint devices, the method comprising:
- launching an application on an endpoint device, wherein a user-binding token and a device-binding token are embedded in the application, and wherein the endpoint device includes a device ID and a user ID of a user of the device;
determining whether the application is bound to the endpoint device by comparing the device-binding token to the device ID, and terminating the application if the device-binding token does not match the device ID;
determining whether the application is bound to the user by comparing the user-binding token to the user ID to determine if the user-binding token matches the user ID, and terminating the application if the user-binding token does not match the user ID;
wherein the application holds cryptographic keys for enabling a decryption of encrypted data on the endpoint device; and
erasing any cryptographic keys held by the application when the device-binding token does not match the device ID or the user-binding token does not match the user ID.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are disclosed for deploying applications to end point devices. The applications are obtained from a marketplace that checks the applications and packages them for endpoint use according to certain policies. Packaging an application includes compiling or assembling and linking the application, possibly with a framework and possibly with a binding token, which can be a device binding token and/or a user binding token. The application is loaded onto an endpoint device and if the application is bound to the device and the user is allowed to use the application, the application is enabled to be used on the endpoint device. A gateway between the endpoint device and an authentication server helps to authenticate the user. The gateway also manages data transfers between the endpoint device and a data server according to a selected protocol.
68 Citations
20 Claims
-
1. A method for deploying applications to endpoint devices, the method comprising:
-
launching an application on an endpoint device, wherein a user-binding token and a device-binding token are embedded in the application, and wherein the endpoint device includes a device ID and a user ID of a user of the device; determining whether the application is bound to the endpoint device by comparing the device-binding token to the device ID, and terminating the application if the device-binding token does not match the device ID; determining whether the application is bound to the user by comparing the user-binding token to the user ID to determine if the user-binding token matches the user ID, and terminating the application if the user-binding token does not match the user ID; wherein the application holds cryptographic keys for enabling a decryption of encrypted data on the endpoint device; and erasing any cryptographic keys held by the application when the device-binding token does not match the device ID or the user-binding token does not match the user ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computing device configured for deploying applications to endpoint devices, comprising:
-
a processor; memory in electronic communication with the processor, wherein the memory stores computer executable instructions that when executed by the processor cause the processor to perform the steps of; launching an application on an endpoint device, wherein a user-binding token and a device-binding token are embedded in the application, and wherein the endpoint device includes a device ID and a user ID of a user of the device; determining whether the application is bound to the endpoint device by comparing the device-binding token to the device ID, and terminating the application if the device-binding token does not match the device ID; determining whether the application is bound to the user by comparing the user-binding token to the user ID to determine if the user-binding token matches the user ID, and terminating the application if the user-binding token does not match the user ID; wherein the application holds cryptographic keys for enabling a decryption of encrypted data on the endpoint device; and erasing any cryptographic keys held by the application when the device-binding token does not match the device ID or the user-binding token does not match the user ID. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium storing computer executable instructions that when executed by a processor cause the processor to perform the steps of:
-
launching an application on an endpoint device, wherein a user-binding token and a device-binding token are embedded in the application, and wherein the endpoint device includes a device ID and a user ID of a user of the device; determining whether the application is bound to the endpoint device by comparing the device-binding token to the device ID, and terminating the application if the device-binding token does not match the device ID; determining whether the application is bound to the user by comparing the user-binding token to the user ID to determine if the user-binding token matches the user ID, and terminating the application if the user-binding token does not match the user ID; wherein the application holds cryptographic keys for enabling a decryption of encrypted data on the endpoint device; and erasing any cryptographic keys held by the application when the device-binding token does not match the device ID or the user-binding token does not match the user ID.
-
Specification