Policy-based runtime control of a software application
First Claim
1. A method of policy-based runtime control of a software application, the method comprising:
- a hardware-based processor of a computer system receiving a request to launch a software program comprised by an enhanced application,wherein the enhanced application further comprises;
security instructions that perform a security-related function associated with the software program; and
an application policy descriptor,wherein the application policy descriptor identifies a global policy and a security policy,wherein the global policy identifies conditions under which the software program is capable of being launched; and
wherein the security policy identifies the security instructions;
the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid version of the global policy and a latest valid version of the security policy;
the processor replacing, in the enhanced application, the application policy descriptor with the latest valid the policy descriptor;
the processor confirming that the latest valid version of global policy permits the software program to launch;
the processor launching the software program in response to the confirming; and
the processor running a set of security instructions identified by the latest valid version of the security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies.
27 Citations
19 Claims
-
1. A method of policy-based runtime control of a software application, the method comprising:
-
a hardware-based processor of a computer system receiving a request to launch a software program comprised by an enhanced application, wherein the enhanced application further comprises;
security instructions that perform a security-related function associated with the software program; and
an application policy descriptor,wherein the application policy descriptor identifies a global policy and a security policy, wherein the global policy identifies conditions under which the software program is capable of being launched; and wherein the security policy identifies the security instructions; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid version of the global policy and a latest valid version of the security policy; the processor replacing, in the enhanced application, the application policy descriptor with the latest valid the policy descriptor; the processor confirming that the latest valid version of global policy permits the software program to launch; the processor launching the software program in response to the confirming; and the processor running a set of security instructions identified by the latest valid version of the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by a hardware-based processor of a computer system to implement a method of policy-based runtime control of a software application that comprises:
-
the processor receiving a request to launch a software program comprised by an enhanced application, wherein the enhanced application further comprises;
security instructions that perform a security-related function associated with the software program; and
an application policy descriptor,wherein the application policy descriptor identifies a global policy and a security policy, wherein the global policy identifies conditions under which the software program is capable of being launched; and wherein the security policy identifies the security instructions; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid version of the global policy and a latest valid version of the security policy; the processor replacing, in the enhanced application, the application policy descriptor with the latest valid the policy descriptor; the processor confirming that the latest valid version of global policy permits the software program to launch; the processor launching the software program in response to the confirming; and the processor running a set of security instructions identified by the latest valid version of the security policy. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A security system comprising a hardware-based processor, a memory coupled to the processor, an interface between the processor and a mobile device, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method of policy-based runtime control of a software application that comprises:
-
the processor receiving a request to launch a software program comprised by an enhanced application, wherein the enhanced application further comprises;
security instructions that perform a security-related function associated with the software program; and
an application policy descriptor,wherein the application policy descriptor identifies a global policy and a security policy, wherein the global policy identifies conditions under which the software program is capable of being launched; and wherein the security policy identifies the security instructions; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid version of the global policy and a latest valid version of the security policy; the processor replacing, in the enhanced application, the application policy descriptor with the latest valid the policy descriptor; the processor confirming that the latest valid version of global policy permits the software program to launch; the processor launching the software program in response to the confirming; and the processor running a set of security instructions identified by the latest valid version of the security policy. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification