×

Dynamically generating perimeters

  • US 9,497,220 B2
  • Filed: 10/17/2011
  • Issued: 11/15/2016
  • Est. Priority Date: 10/17/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • receiving a request to add to a mobile device an enterprise application for accessing an enterprise account;

    in response to detection of a parameter or a pattern associated with an account setting, retrieving a security policy from a resource server for the enterprise account;

    in response to the request to add the enterprise application and the detection of the parameter or the pattern associated with the account setting, generating, by the mobile device, a new logical separation of resources associated with the enterprise application and other enterprise resources on the mobile device, wherein the new logical separation of resources prevents applications on the mobile device external to the new logical separation of resources from accessing resources associated with the new logical separation of resources;

    receiving, from the resource server, a client certificate for establishing a secure channel with an enterprise;

    assigning the client certificate to the new logical separation of resources;

    when the new logical separation of resources is unlocked, granting access between the other enterprise resources and the enterprise application and granting the external resources on the mobile device to access the enterprise application and the other enterprise resources on the mobile device, wherein an unlock state allows applications to access files in a file system domain;

    when the new logical separation of resources is soft locked, granting access and operations between the other enterprise resources and the enterprise application while preventing user interactions with the enterprise application the external resources on the mobile device from accessing the enterprise application and the other enterprise resources on the mobile device, wherein the soft locked state allows applications running on the mobile device to access the files in the file system domain and locks an user interface on the mobile device; and

    when the new logical separation of resources is hard locked, preventing access between the other enterprise resources and the enterprise application while preventing the external resources on the mobile device from accessing the enterprise application and the other enterprise resources on the mobile device, wherein a hard lock state prohibits applications from accessing the files in the file system domain and locks an underlying encryption domain.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×