Configuring and providing profiles that manage execution of mobile applications
First Claim
1. A method, comprising:
- displaying, by one or more computing devices and via a user interface, at least one first setting of policy settings for a managed application that is to be made available for download to a mobile device, wherein each of the policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway, wherein the at least one first setting instructs that a private secure container, which is to be private to the managed application, is to be configured on the mobile device such that a first read or write operation from the managed application is to be redirected to the private secure container;
displaying, by the one or more computing devices and via the user interface, at least one second setting of the policy settings, wherein the at least one second setting instructs that a shared secure container, which is to be accessible by at least one other managed application, is to be configured on the mobile device such that a second read or write operation from the managed application is to be redirected to the shared secure container;
displaying, by the one or more computing devices and via the user interface, at least one third setting of the policy settings, wherein the at least one third setting instructs that a ticket is to be used by the mobile device in connection with accessing the at least one resource via a per-application policy controlled virtual private network (VPN) tunnel that is inaccessible to other applications of the mobile device, and wherein the ticket is configured to provide authentication in connection with establishing and re-establishing the per-application policy-controlled VPN tunnel to the at least one resource;
modifying, in accordance with input received via the user interface, the policy settings, resulting in modified policy settings;
producing a policy file for the managed application that includes the modified policy settings; and
providing the policy file such that the policy is available for download to the mobile device.
7 Assignments
0 Petitions
Accused Products
Abstract
Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.
626 Citations
20 Claims
-
1. A method, comprising:
-
displaying, by one or more computing devices and via a user interface, at least one first setting of policy settings for a managed application that is to be made available for download to a mobile device, wherein each of the policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway, wherein the at least one first setting instructs that a private secure container, which is to be private to the managed application, is to be configured on the mobile device such that a first read or write operation from the managed application is to be redirected to the private secure container; displaying, by the one or more computing devices and via the user interface, at least one second setting of the policy settings, wherein the at least one second setting instructs that a shared secure container, which is to be accessible by at least one other managed application, is to be configured on the mobile device such that a second read or write operation from the managed application is to be redirected to the shared secure container; displaying, by the one or more computing devices and via the user interface, at least one third setting of the policy settings, wherein the at least one third setting instructs that a ticket is to be used by the mobile device in connection with accessing the at least one resource via a per-application policy controlled virtual private network (VPN) tunnel that is inaccessible to other applications of the mobile device, and wherein the ticket is configured to provide authentication in connection with establishing and re-establishing the per-application policy-controlled VPN tunnel to the at least one resource; modifying, in accordance with input received via the user interface, the policy settings, resulting in modified policy settings; producing a policy file for the managed application that includes the modified policy settings; and providing the policy file such that the policy is available for download to the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
one or more processors; and memory storing executable instructions that, when executed by the one or more processors, cause the apparatus to; display, via a user interface, at least one first setting of policy settings for a managed application that is to be made available for download to a mobile device, wherein each of the policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway, wherein the at least one first setting instructs that a private secure container, which is to be private to the managed application, is to be configured on the mobile device such that a first read or write operation from the managed application is to be redirected to the private secure container; display, via the user interface, at least one second setting of the policy settings, wherein the at least one second setting instructs that a shared secure container, which is to be accessible by at least one other managed application, is to be configured on the mobile device such that a second read or write operation from the managed application is to be redirected to the shared secure container; display, via the user interface, at least one third setting of the policy settings, wherein the at least one third setting instructs that a ticket is to be used by the mobile device in connection with accessing the at least one resource via a per-application policy controlled virtual private network (VPN) tunnel that is inaccessible to other applications of the mobile device, and wherein the ticket is configured to provide authentication in connection with establishing and re-establishing the per-application policy-controlled VPN tunnel to the at least one resource; modify, in accordance with input received via the user interface, the policy settings, resulting in modified policy settings; produce a policy file for the managed application that includes the modified policy settings; and provide the policy file such that the policy is available for download to the mobile device. - View Dependent Claims (15, 16, 17)
-
-
18. One or more non-transitory computer-readable media storing executable instructions that, when executed, cause an apparatus to:
-
display, via a user interface, at least one first setting of policy settings for a managed application that is to be made available for download to a mobile device, wherein each of the policy settings provides a constraint to be enforced by the mobile device prior to the managed application being provided access to at least one resource that is accessible through an access gateway, wherein the at least one first setting instructs that a private secure container, which is to be private to the managed application, is to be configured on the mobile device such that a first read or write operation from the managed application is to be redirected to the private secure container; display, via the user interface, at least one second setting of the policy settings, wherein the at least one second setting instructs that a shared secure container, which is to be accessible by at least one other managed application, is to be configured on the mobile device such that a second read or write operation from the managed application is to be redirected to the shared secure container; display, via the user interface, at least one third setting of the policy settings, wherein the at least one third setting instructs that a ticket is to be used by the mobile device in connection with accessing the at least one resource via a per-application policy controlled virtual private network (VPN) tunnel that is inaccessible to other applications of the mobile device, and wherein the ticket is configured to provide authentication in connection with establishing and re-establishing the per-application policy-controlled VPN tunnel to the at least one resource; modify, in accordance with input received via the user interface, the policy settings, resulting in modified policy settings; produce a policy file for the managed application that includes the modified policy settings; and provide the policy file such that the policy is available for download to the mobile device. - View Dependent Claims (19, 20)
-
Specification