Provisioning work environments on personal mobile devices

US 9,577,985 B2
Filed: 10/30/2015
Issued: 02/21/2017
Est. Priority Date: 11/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a business mobile device on a personal mobile device comprising:

binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode;

downloading, through the mobile application, a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server managed by an employer of a user of the personal mobile device, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image; and

permanently removing the virtual phone image of the business mobile device without affecting a personal use of the personal mobile device upon expiration of an auto-wipe time period specified in the security-related policy settings, wherein the management service component is configured to prevent the user of the personal mobile device from terminating the management service component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

61 Citations

View as Search Results

33 Claims

1. A method of provisioning a business mobile device on a personal mobile device comprising:
- binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode;
  
  downloading, through the mobile application, a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server managed by an employer of a user of the personal mobile device, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image; and
  
  permanently removing the virtual phone image of the business mobile device without affecting a personal use of the personal mobile device upon expiration of an auto-wipe time period specified in the security-related policy settings, wherein the management service component is configured to prevent the user of the personal mobile device from terminating the management service component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising initiating a periodic attempt to establish a connection between the management service component of the mobile application and the mobile management server to comply with the security-related policy settings.
  - 3. The method of claim 2, wherein the binding step comprises an authentication of the mobile application to the privileged component.
  - 4. The method of claim 3, wherein the privileged component facilitates transfer of control between the host operating system of the personal mobile device and the virtual machine of the business mobile device.
  - 5. The method of claim 1, wherein the mobile application is downloaded by the user to the personal mobile device from a mobile application store.
  - 6. The method of claim 1, wherein the downloading step is performed by a provisioning component of the mobile application.
  - 7. The method of claim 6, wherein the user provides the provisioning component of the mobile application with a network address of the mobile management server.
  - 8. The method of claim 1, wherein the security-related policy settings comprise at least one of an interval time period to establish communications between the management service component and the mobile management server, an auto-disable time period to temporarily disable the business mobile device and the auto-wipe time period to permanently remove the business mobile device from the personal mobile device.
  - 9. The method of claim 1, wherein the initiating step is performed by the management service component.
  - 10. The method of claim 1, further comprising downloading any updates to the business mobile device from the mobile management service upon successfully establishing a connection between the management service and the mobile management servicer during a periodic attempt.
  - 11. The method of claim 1, further comprising temporarily disabling access to the business mobile device upon expiration of an auto-disable time period specified in the security-related profile settings.

12. A mobile device configured to support a virtual business mobile device comprising a processor configured to perform the steps of:
- binding a mobile application for provisioning the virtual business mobile device to a privileged component of a host operating system of the mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode;
  
  downloading, through the mobile application, a virtual phone image for the virtual business mobile device and security-related policy settings relating to use of the virtual business mobile device from a mobile management server managed by an employer of a user of the mobile device, wherein the software virtualization layer is able to launch a virtual machine for the virtual business mobile device based on the virtual phone image; and
  
  permanently removing the virtual phone image of the business mobile device without affecting a personal use of the personal mobile device upon expiration of an auto-wipe time period specified in the security-related policy settings, wherein the management service component is configured to prevent the user of the personal mobile device from terminating the management service component.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The mobile device of claim 12, wherein the processor is further configured to perform the step of initiating a periodic attempt to establish a connection between the management service component of the mobile application and the mobile management server to comply with the security-related policy settings.
  - 14. The mobile device of claim 13, wherein the binding step comprises an authentication of the mobile application to the privileged component.
  - 15. The mobile device of claim 14, wherein the privileged component facilitates transfer of control between the host operating system of the mobile device and the virtual machine of the virtual business mobile device.
  - 16. The mobile device of claim 12, wherein the mobile application is downloaded by the user to the mobile device from a mobile application store.
  - 17. The mobile device of claim 12, wherein the downloading step is performed by a provisioning component of the mobile application.
  - 18. The mobile device of claim 17, wherein the user provides the provisioning component of the mobile application with a network address of the mobile management server.
  - 19. The mobile device of claim 12, wherein the security-related policy settings comprise at least one of an interval time period to establish communications between the management service component and the mobile management server, an auto-disable time period to temporarily disable the virtual business mobile device and the auto-wipe time period to permanently remove the virtual business mobile device from the mobile device.
  - 20. The mobile device of claim 12, wherein the initiating step is performed by the management service component.
  - 21. The mobile device of claim 12, wherein the processor is further configured to perform the step of downloading any updates to the virtual business mobile device from the mobile management service upon successfully establishing a connection between the management service and the mobile management servicer during a periodic attempt.
  - 22. The mobile device of claim 12, wherein the processor is further configured to perform the step of temporarily disabling access to the virtual business mobile device upon expiration of an auto-disable time period specified in the security-related profile settings.

23. A non-transitory computer readable storage medium including instructions that cause a processor of a mobile device to provision a virtual business mobile device by perform the steps of:
- binding a mobile application for provisioning the virtual business mobile device to a privileged component of a host operating system of the mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode;
  
  downloading, through the mobile application, a virtual phone image for the virtual business mobile device and security-related policy settings relating to use of the virtual business mobile device from a mobile management server managed by an employer of a user of the mobile device, wherein the software virtualization layer is able to launch a virtual machine for the virtual business mobile device based on the virtual phone image; and
  
  permanently removing the virtual phone image of the business mobile device without affecting a personal use of the personal mobile device upon expiration of an auto-wipe time period specified in the security-related policy settings, wherein the management service component is configured to prevent the user of the personal mobile device from terminating the management service component.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The non-transitory computer readable storage medium of claim 23, wherein the instructions further cause the processor to perform the step of initiating a periodic attempt to establish a connection between the management service component of the mobile application and the mobile management server to comply with the security-related policy settings.
  - 25. The non-transitory computer readable storage medium of claim 24, wherein the binding step comprises an authentication of the mobile application to the privileged component.
  - 26. The non-transitory computer readable storage medium of claim 25, wherein the privileged component facilitates transfer of control between the host operating system of the mobile device and the virtual machine of the virtual business mobile device.
  - 27. The non-transitory computer readable storage medium of claim 23, wherein the mobile application is downloaded by the user to the mobile device from a mobile application store.
  - 28. The non-transitory computer readable storage medium of claim 23, wherein the downloading step is performed by a provisioning component of the mobile application.
  - 29. The non-transitory computer readable storage medium of claim 28, wherein the user provides the provisioning component of the mobile application with a network address of the mobile management server.
  - 30. The non-transitory computer readable storage medium of claim 23, wherein the security-related policy settings comprise at least one of an interval time period to establish communications between the management service component and the mobile management server, an auto-disable time period to temporarily disable the virtual business mobile device and the auto-wipe time period to permanently remove the virtual business mobile device from the mobile device.
  - 31. The non-transitory computer readable storage medium of claim 23, wherein the initiating step is performed by the management service component.
  - 32. The non-transitory computer readable storage medium of claim 23, wherein the instructions further cause the processor to perform the step of downloading any updates to the virtual business mobile device from the mobile management service upon successfully establishing a connection between the management service and the mobile management servicer during a periodic attempt.
  - 33. The computer readable storage medium of claim 23, wherein the instructions further cause the processor to perform the step of temporarily disabling access to the virtual business mobile device upon expiration of an auto-disable time period specified in the security-related profile settings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Deasy, Stephen, Newell, Craig, Sit, Emil, Wisner, Paul, Furodet, David, Gyuris, Viktor, Meyer, Robert, Strudel, Fanny
Primary Examiner(s)
Nguyen, Simon

Application Number

US14/929,027
Publication Number

US 20160057559A1
Time in Patent Office

480 Days
Field of Search

455410-411, 455/414.1, 455418-420, 455/566
US Class Current

1/1
CPC Class Codes

C09J 7/21   Paper; Textile fabrics

C09J 7/30   characterised by the adhesi...

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/445   Program loading or initiati...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45529   Embedded in an application,...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/46   Multiprogramming arrangements

H04L 63/0272   Virtual private networks

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

H04N 21/443   OS processes, e.g. booting ...

H04N 21/4437   Implementing a Virtual Mach...

H04W 12/37   Managing security policies ...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 76/10   Connection setup

H04W 8/22 : Processing or transfer of t...

Y10T 428/14 : Layer or component removabl...

View All

Provisioning work environments on personal mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning work environments on personal mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links