Certificate based profile confirmation
First Claim
1. A method for managing a device independent of enrollment with a mobile device management (MDM) service, comprising:
- installing a profile in the device, wherein the profile specifies that an application is permitted to execute on the device, the profile comprises a certificate that uniquely identifies the profile from another profile, the profile is uniquely associated with the application, and the certificate comprises at least one of a root certificate or an intermediate certificate;
storing the certificate in storage accessible to the device to indicate that the profile is installed in the device and that the profile is applicable to the device;
receiving, using the device, a request to execute the application on the device;
in response to the request to execute the application, determining, using the device, that the certificate is located in the storage accessible to the device to verify that the profile that specifies that the application is permitted to execute on the device is applicable to the device; and
responsive to determining that the certificate is located in the storage accessible to the device, initiating an execution of the application on the device.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
-
Citations
18 Claims
-
1. A method for managing a device independent of enrollment with a mobile device management (MDM) service, comprising:
-
installing a profile in the device, wherein the profile specifies that an application is permitted to execute on the device, the profile comprises a certificate that uniquely identifies the profile from another profile, the profile is uniquely associated with the application, and the certificate comprises at least one of a root certificate or an intermediate certificate; storing the certificate in storage accessible to the device to indicate that the profile is installed in the device and that the profile is applicable to the device; receiving, using the device, a request to execute the application on the device; in response to the request to execute the application, determining, using the device, that the certificate is located in the storage accessible to the device to verify that the profile that specifies that the application is permitted to execute on the device is applicable to the device; and responsive to determining that the certificate is located in the storage accessible to the device, initiating an execution of the application on the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for managing a device independent of enrollment with a mobile device management (MDM) service, comprising:
-
determining, by the device, that a profile has been disabled in the device, wherein the profile specifies that an application is permitted to execute on the device, the profile is uniquely associated with the application, the profile comprises a certificate that uniquely identifies the profile from another profile, and the certificate comprises at least one of a root certificate or an intermediate certificate; in response to determining that the profile has been disabled in the device, removing the certificate from storage that is accessible to the device to indicate that the profile has been uninstalled from the device; receiving, in the device, a request to execute the application on the device; determining, using the device, that the certificate is inaccessible to the device; and responsive to determining that the certificate is inaccessible to the device, refusing the request to execute the application in the device. - View Dependent Claims (10)
-
-
11. An apparatus for managing a computing device independent of enrollment with a mobile device management (MDM) service, the computing device comprising:
-
a display; and at least one processor configured to execute program instructions that cause the at least one processor to at least; install a profile that specifies that an application is permitted to execute on the computing device, wherein the profile comprises a certificate that uniquely the profile from another profile, the profile is uniquely associated with the application, and the certificate comprises at least one of a root certificate or an intermediate certificate; install the certificate associated with the profile to indicate to the computing device that the computing device is in compliance with the profile; receive a request to execute the application by the at least one processor; in response to the request to execute the application, determine that the certificate is installed the computing device; and responsive to a determination that the certificate is installed on the computing device, execute the application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification