Unified enterprise management of wireless devices in a controlled environment

US 9,892,242 B1
Filed: 04/28/2017
Issued: 02/13/2018
Est. Priority Date: 04/28/2017
Status: Active Grant

First Claim

Patent Images

1. A method performed by a wireless device in a controlled environment, comprising:

receiving a client control subsystem, a file, and configuration information from an enterprise management server associated with the controlled environment;

installing the client control subsystem on the wireless device;

transmitting, by the client control subsystem, a message to the enterprise management server in response to installing the client control subsystem, wherein the message indicates that the wireless device is authorized to access a network associated with the enterprise management server;

creating, by the client control subsystem, a plurality of containers based at least on the configuration information, wherein each of the containers in the plurality of containers comprises a file system, is associated with a profile associated with a user of the wireless device, and is associated with at least one execution rule that restricts or allows execution of files within the associated container based on at least one execution condition comprising at least one of a time-based restriction and a usage-based restriction;

organizing, by the client control subsystem, the file into a container of the plurality of containers based at least on the configuration information;

receiving a request to execute the file;

allowing, denying, or limiting execution of the file based at least on the profile associated with the user of the wireless device, the at least one execution rule, and the at least one execution condition associated with the container;

determining whether execution of the file requires transmitting data over the network;

tagging data that requires transmission with an identifier of the container in which the file is located and with an identifier of the at least one execution rule; and

receiving a signal, at the client control subsystem from the enterprise management server, to allow, deny, or limit execution of the file.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless device enterprise management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes implementing a container-based file system on wireless devices within the controlled environment. Enterprise management system manages and controls the organization of files into one or more containers on each wireless device. Each container is associated with one or more execution rules that allow or restrict execution of files that are located in the container.

101 Citations

View as Search Results

20 Claims

1. A method performed by a wireless device in a controlled environment, comprising:
- receiving a client control subsystem, a file, and configuration information from an enterprise management server associated with the controlled environment;
  
  installing the client control subsystem on the wireless device;
  
  transmitting, by the client control subsystem, a message to the enterprise management server in response to installing the client control subsystem, wherein the message indicates that the wireless device is authorized to access a network associated with the enterprise management server;
  
  creating, by the client control subsystem, a plurality of containers based at least on the configuration information, wherein each of the containers in the plurality of containers comprises a file system, is associated with a profile associated with a user of the wireless device, and is associated with at least one execution rule that restricts or allows execution of files within the associated container based on at least one execution condition comprising at least one of a time-based restriction and a usage-based restriction;
  
  organizing, by the client control subsystem, the file into a container of the plurality of containers based at least on the configuration information;
  
  receiving a request to execute the file;
  
  allowing, denying, or limiting execution of the file based at least on the profile associated with the user of the wireless device, the at least one execution rule, and the at least one execution condition associated with the container;
  
  determining whether execution of the file requires transmitting data over the network;
  
  tagging data that requires transmission with an identifier of the container in which the file is located and with an identifier of the at least one execution rule; and
  
  receiving a signal, at the client control subsystem from the enterprise management server, to allow, deny, or limit execution of the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the container is created based at least on the at least one execution rule.
  - 3. The method of claim 1, further comprising:
    - receiving the at least one execution rule from the enterprise management server.
  - 4. The method of claim 1, wherein the configuration information identifies the file as being banned from execution by the controlled environment.
  - 5. The method of claim 1, wherein the configuration information identifies the file as being approved for execution by the controlled environment.
  - 6. The method of claim 1, further comprising:
    - identifying a second file;
      
      comparing the second file to the configuration information; and
      
      organizing the second file into a second container of the plurality of containers based at least on the comparing.
  - 7. The method of claim 1, wherein the client control subsystem is pushed to the wireless device from the enterprise management server.

8. A wireless device in a controlled environment, comprising:
- a computer processor;
  
  a non-transitory computer-readable storage device with computer-executable instructions stored thereon that, when executed by the computer processor, causes the computer processor to perform operations comprising;
  
  receiving a client control subsystem, a file, and configuration information from an enterprise management server associated with the controlled environment;
  
  installing the client control subsystem on the wireless device;
  
  transmitting, by the client control subsystem, a message to the enterprise management server in response to installing the client control subsystem, wherein the message indicates that the wireless device is authorized to access a network associated with the enterprise management server;
  
  creating, by the client control subsystem, a plurality of containers based at least on the configuration information, wherein each of the containers in the plurality of containers comprises a file system, is associated with a profile associated with a user of the wireless device, and is associated with at least one execution rule that restricts or allows execution of files within the associated container based on at least one execution condition comprising at least one of a time-based restriction and a usage-based restriction;
  
  organizing, by the client control subsystem, the file into a container of the plurality of containers based at least on the configuration information;
  
  receiving a request to execute the file;
  
  allowing, denying, or limiting execution of the file based at least on the profile associated with the user of the wireless device, the at least one execution rule, and the at least one execution condition associated with the container;
  
  determining whether execution of the file requires transmitting data over the network;
  
  tagging data that requires transmission with an identifier of the container in which the file is located and with an identifier of the at least one execution rule; and
  
  receiving a signal, at the client control subsystem from the enterprise management server, to allow, deny, or limit execution of the file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The wireless device of claim 8, wherein the container is created based at least on the at least one execution rule.
  - 10. The wireless device of claim 8, the operations further comprising receiving the at least one execution rule from the enterprise management server.
  - 11. The wireless device of claim 8, wherein the configuration information identifies the file as being banned from execution by the controlled environment.
  - 12. The wireless device of claim 8, wherein the configuration information identifies the file as being approved for execution by the controlled environment.
  - 13. The wireless device of claim 8, the operations further comprising:
    - identifying a second file;
      
      comparing the second file to the configuration information; and
      
      organizing the second file into a second container of the plurality of containers based at least on the comparing.
  - 14. The wireless device of claim 8, wherein the client control subsystem is pushed to the wireless device from the enterprise management server.

15. A non-transitory computer-readable medium having instructions stored therein, which when executed by a processor in a wireless device, cause the processor to perform operations, the operations comprising:
- receiving a client control subsystem, a file, and configuration information from an enterprise management server associated with a controlled environment;
  
  installing the client control subsystem on the wireless device;
  
  transmitting, by the client control subsystem, a message to the enterprise management server in response to installing the client control subsystem, wherein the message indicates that the wireless device is authorized to access a network associated with the enterprise management server;
  
  creating, by the client control subsystem, a plurality of containers based at least on the configuration information, wherein each of the containers in the plurality of containers comprises a file system, is associated with a profile associated with a user of the wireless device, and is associated with at least one execution rule that restricts or allows execution of files within the associated container based on at least one execution condition comprising at least one of a time-based restriction and a usage-based restriction;
  
  organizing, by the client control subsystem, the file into a container of the plurality of containers based at least on the configuration information;
  
  receiving a request to execute the file;
  
  allowing, denying, or limiting execution of the file based at least on the profile associated with the user of the wireless device, the at least one execution rule, and the at least one execution condition associated with the container;
  
  determining whether execution of the file requires transmitting data over the network;
  
  tagging data that requires transmission with an identifier of the container in which the file is located and with an identifier of the at least one execution rule; and
  
  receiving a signal, at the client control subsystem from the enterprise management server, to allow, deny, or limit execution of the file.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, the operations further comprising receiving the at least one execution rule from the enterprise management server.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the configuration information identifies the file as being banned from execution by the controlled environment.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the configuration information identifies the file as being approved for execution by the controlled environment.
  - 19. The non-transitory computer-readable medium of claim 15, the operations further comprising:
    - identifying a second file;
      
      comparing the second file to the configuration information; and
      
      organizing the second file into a second container of the plurality of containers based at least on the comparing.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the client control subsystem is pushed to the wireless device from the enterprise management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Global Tel-Link Corporation
Original Assignee
Global Tel-Link Corporation
Inventors
Hodge, Stephen L.
Primary Examiner(s)
Bechtel, Kevin

Application Number

US15/581,962
Time in Patent Office

291 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/285   Clustering or classification

G06F 21/121   Restricting unauthorised ex...

G06F 21/6218   to a system of files or obj...

H04L 41/08   Configuration management of...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 41/50   Network service management,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

Unified enterprise management of wireless devices in a controlled environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unified enterprise management of wireless devices in a controlled environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links