Systems and methods for controlling email access

US 9,853,928 B2
Filed: 12/30/2014
Issued: 12/26/2017
Est. Priority Date: 12/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a plurality of email resources associated with a client device;

identifying at least one resource rule that specifies that the client device is only authorized to access the email resources when a portion of individual ones of the email resources is configured for exclusive access by a secure container application executable by the client device, wherein the secure container application is configured to prevent performance of at least one of;

a cut function, a copy function, and a screen capture function on the client device;

determining that the email resources do not satisfy the at least one resource rule;

in response to the email resources not satisfying the at least one resource rule;

causing the portion of the individual ones of the email resources to be configured for exclusive access by the secure container application by encrypting the portion of the individual ones of the email resources using a cryptographic key;

identifying a request by the secure container application executable by the client device to access an encrypted portion of at least one of the email resources;

providing the cryptographic key to the secure container application on the client device; and

providing the encrypted portion of the at least one of the email resources to the client device for access by the secure container application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various examples for providing secure access to email resources. Email resources associated with client devices may be identified, and resource rules associated with the email resources may be identified. A determination of whether the email resources satisfy the resource rules may be made. If the email resources do not satisfy the resource rules, the email resources may be modified based at least in part on the resource rules

Citations

20 Claims

1. A method, comprising:
- identifying a plurality of email resources associated with a client device;
  
  identifying at least one resource rule that specifies that the client device is only authorized to access the email resources when a portion of individual ones of the email resources is configured for exclusive access by a secure container application executable by the client device, wherein the secure container application is configured to prevent performance of at least one of;
  
  a cut function, a copy function, and a screen capture function on the client device;
  
  determining that the email resources do not satisfy the at least one resource rule;
  
  in response to the email resources not satisfying the at least one resource rule;
  
  causing the portion of the individual ones of the email resources to be configured for exclusive access by the secure container application by encrypting the portion of the individual ones of the email resources using a cryptographic key;
  
  identifying a request by the secure container application executable by the client device to access an encrypted portion of at least one of the email resources;
  
  providing the cryptographic key to the secure container application on the client device; and
  
  providing the encrypted portion of the at least one of the email resources to the client device for access by the secure container application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising authorizing the client device to access the email resources.
  - 3. The method of claim 1, further comprisingdetermining that a particular user of the client device is authorized to access the email resources based at least in part on the at least one resource rule;
    - andin response to the particular user of the client device being authorized to access the email resources based at least in part on the at least one resource rule, permitting access to the email resources on the client device associated with the client device.
  - 4. The method of claim 1, wherein the at least one resource rule comprises at least one of:
    - a format rule, a content rule, an attachment rule, or an access rule.
  - 5. The method of claim 1, wherein causing the at least one particular portion of the email resources to be configured to be exclusively accessible to the secure container application comprises:
    - removing the portion of the individual ones of the email resources from the individual ones of the email resources;
      
      encrypting the portion of the individual ones of the email resources as removed using the cryptographic key; and
      
      providing the portion of the individual ones of the email resources to client device; and
      
      providing a remaining portion of the individual ones of the email resources to the client device, wherein at least one unauthorized client application is capable of accessing the remaining portion of the email resources and the secure container application is capable of accessing the encrypted portion of the email resources using the cryptographic key.
  - 6. The method of claim 1, wherein the secure container application is configured to prevent at least one unauthorized application executable by the client device from accessing data within a data store associated with the secure container application.
  - 7. The method of claim 6, wherein the secure container application is further configured to prevent the performance of at least one of:
    - a print function, a transmission function, and a paste function.
  - 8. The method of claim 1, further comprising causing a stringency level of the at least one resource rule to be modified based at least in part on a state of the client device.

9. A non-transitory computer-readable medium embodying program code executable by at least one computing device that, when executed, causes the at least one computing device to:
- access at least one email resource associated with a client device;
  
  identify at least one resource rule that specifies that the client device is only authorized to access the at least one email resource when a predetermined portion of the at least one email resource is configured for exclusive access by a secure container application executable by the client device, wherein the secure container application is configured to prevent performance of at least one of;
  
  a cut function, a copy function, and a screen capture function on the client device;
  
  determine that the at least one email resource does not satisfy the at least one resource rule; and
  
  in response to the at least one email resource not satisfying the at least one resource rule;
  
  causing the predetermined portion of the at least one email resource to be configured for exclusive access by the secure container application by encrypting the predetermined portion of the at least one email resource using a cryptographic key;
  
  identify a request by the particular secure container application executable by the client device to access the predetermined portion of the at least one email resource; and
  
  send the cryptographic key to the client device for access by the secure container application; and
  
  provide the encrypted portion of the at least one of the email resources to the client device for access by the secure container application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable medium of claim 9, further comprising program code that, when executed, causes the at least one computing device to authorize the client device to access the at least one email resource.
  - 11. The non-transitory computer-readable medium of claim 9, further comprising program code that, when executed, causes the at least one computing device to:
    - determine that a particular user of the client device is authorized to access the at least one email resource based at least in part on the at least one resource rule; and
      
      in response to the particular user of the client device being authorized to access the at least one email resource based at least in part on the at least one resource rule, provide access to the at least one email resource on the client device.
  - 12. The non-transitory computer-readable medium of claim 9, wherein the at least one resource rule comprises at least one of:
    - a format rule, a content rule, an attachment rule, and an access rule.
  - 13. The non-transitory computer-readable medium of claim 9, further comprising program code that, when executed, causes the at least one computing device to:
    - remove the predetermined portion of the at least one email resource from the at least one email resource; and
      
      encrypt the predetermined portion of the at least one email resource as removed using the cryptographic key;
      
      provide the predetermined portion of the at least one email resource to the client device; and
      
      provide a remaining portion of the at least one email resource to the client device, wherein at least one client application is capable of accessing to remaining portion of the at least one email resource and the secure container application is capable of accessing the predetermined portion using the cryptographic key.
  - 14. The non-transitory computer-readable medium of claim 9, wherein the secure container application is configured to prevent at least one unauthorized application executable by the client device from accessing data within a data store associated with the secure container application.
  - 15. The non-transitory computer-readable medium of claim 9, wherein the secure container application is further configured to prevent the performance of at least one of:
    - a print function, a transmission function, and a paste function.
  - 16. The non-transitory computer-readable medium of claim 9, wherein the program further comprises code that causes the at least one computing device to at least cause a stringency level of the at least one resource rule to be modified based at least in part upon a state of the client device.

17. A system, comprising:
- at least one computing device comprising at least one hardware processor; and
  
  memory comprising program instructions that, when executed by the at least one hardware processor, cause the at least one computing device to;
  
  identify a plurality of email resources accessible to a client device associated with a user account;
  
  identify at least one resource rule that specifies that the client device is only authorized to access the email resources in response to a predetermined portion of individual ones of the email resources being configured for exclusive access by a secure container application executable by the client device, wherein the secure container application is configured to prevent performance of a screen capture function on the client device when executed;
  
  determine that the email resources do not satisfy the at least one resource rule;
  
  in response to the email resources not satisfying the at least one resource rule;
  
  causing the predetermined portion of the individual ones of the email resources to be configured for exclusive access by the secure container application by encrypting the predetermined portion of the individual ones of the email resources using at least one cryptographic key;
  
  identify a request by the secure container application to access the predetermined portion of at least one of the email resources;
  
  send the at least one cryptographic key to the client device for access by the secure container application; and
  
  provide the encrypted portion of the at least one of the email resources to the client device for access by the secure container application.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the at least one resource rule comprises at least one of:
    - a format rule, a content rule, an attachment rule, and an access rule.
  - 19. The system of claim 17, wherein the predetermined portion of the individual ones of the email resources is removed from the email resources prior to encryption.
  - 20. The system of claim 17, wherein at least one cryptographic key is not accessible to at least one unauthorized application executable by the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Dabbiere, Alan, Stuntebeck, Erich, Brannon, Jonathan Blake
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Elmore, Gregory M

Application Number

US14/585,309
Publication Number

US 20150113085A1
Time in Patent Office

1,092 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 51/212   using filtering or selectiv...

H04L 63/10   for controlling access to d...

H04L 67/52   specially adapted for the l...

H04W 4/02   Services making use of loca...

H04W 4/023   using mutual or relative lo...

H04W 4/029   Location-based management o...

Systems and methods for controlling email access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling email access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links