Application gateway architecture with multi-level security policy and rule promulgations
First Claim
1. A system, comprising:
- an application gateway server computer communicatively connected to backend systems, to an application repository, and to client devices,the application gateway server computer and the application repository residing on a content management layer between the backend systems running in an enterprise computing environment and the client devices,the backend systems residing behind a firewall of the enterprise computing environment,the application gateway server computer residing in the enterprise computing environment outside of the firewall of the enterprise computing environment and comprising application programming interfaces and services configured for communicating with the backend systems and with managed containers operating on the client devices,the services provided by the application gateway server computer comprising an application service, a device management service, and an authentication service;
wherein the application gateway server computer communicates with the backend systems through the firewall of the enterprise computing environment; and
a client device comprising a managed container embodied on a non-transitory computer readable medium,the managed container written in a programming language native to the client device and downloaded by the client device from a network source,the managed container having a managed cache and an application framework with an execution engine that provides a runtime environment for running applications on the client device, the applications associated with the backend systems running in the enterprise computing environment,the managed container configured for;
communicating with the application service of the application gateway server computer;
receiving, from the application gateway server computer via the application service of the application gateway server computer, one or more applications stored in the application repository, the one or more applications written in a cross-platform language and hosted by at least one backend system of the backend systems;
storing the one or more applications received from the application gateway server computer and data associated with the one or more applications in the managed cache of the managed container running on the client device;
providing a secure runtime shell within which the one or more applications received from the application gateway server computer and hosted by the at least one backend system of the backend systems are run on the client device;
communicating with the authentication service of the application gateway server computer, the authentication service providing the managed container with a common authentication mechanism to the backend systems such that, once authenticated by the authentication service at the application gateway server computer, the managed container has access to the backend systems through the common authentication mechanism; and
controlling the one or more applications received from the application gateway server computer and the data associated with the one or more applications stored in the managed cache of the managed container running on the client device in accordance with a set of rules, the set of rules propagated from the at least one backend system of the backend systems to the managed container via the device management service of the application gateway server computer;
wherein the application gateway server computer is further configured for;
managing the managed cache on the client device, wherein the managed cache includes a content cache for storing data associated with managed applications received from the application gateway server computer, a settings cache for storing application settings information, and a state cache for saving application state information on the client device; and
controlling the data associated with the managed applications stored in the content cache based on a rule generated on a backend system.
8 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer.
183 Citations
37 Claims
-
1. A system, comprising:
-
an application gateway server computer communicatively connected to backend systems, to an application repository, and to client devices, the application gateway server computer and the application repository residing on a content management layer between the backend systems running in an enterprise computing environment and the client devices, the backend systems residing behind a firewall of the enterprise computing environment, the application gateway server computer residing in the enterprise computing environment outside of the firewall of the enterprise computing environment and comprising application programming interfaces and services configured for communicating with the backend systems and with managed containers operating on the client devices, the services provided by the application gateway server computer comprising an application service, a device management service, and an authentication service; wherein the application gateway server computer communicates with the backend systems through the firewall of the enterprise computing environment; and a client device comprising a managed container embodied on a non-transitory computer readable medium, the managed container written in a programming language native to the client device and downloaded by the client device from a network source, the managed container having a managed cache and an application framework with an execution engine that provides a runtime environment for running applications on the client device, the applications associated with the backend systems running in the enterprise computing environment, the managed container configured for; communicating with the application service of the application gateway server computer; receiving, from the application gateway server computer via the application service of the application gateway server computer, one or more applications stored in the application repository, the one or more applications written in a cross-platform language and hosted by at least one backend system of the backend systems; storing the one or more applications received from the application gateway server computer and data associated with the one or more applications in the managed cache of the managed container running on the client device; providing a secure runtime shell within which the one or more applications received from the application gateway server computer and hosted by the at least one backend system of the backend systems are run on the client device; communicating with the authentication service of the application gateway server computer, the authentication service providing the managed container with a common authentication mechanism to the backend systems such that, once authenticated by the authentication service at the application gateway server computer, the managed container has access to the backend systems through the common authentication mechanism; and controlling the one or more applications received from the application gateway server computer and the data associated with the one or more applications stored in the managed cache of the managed container running on the client device in accordance with a set of rules, the set of rules propagated from the at least one backend system of the backend systems to the managed container via the device management service of the application gateway server computer; wherein the application gateway server computer is further configured for; managing the managed cache on the client device, wherein the managed cache includes a content cache for storing data associated with managed applications received from the application gateway server computer, a settings cache for storing application settings information, and a state cache for saving application state information on the client device; and controlling the data associated with the managed applications stored in the content cache based on a rule generated on a backend system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
sending, by an application service of an application gateway server computer, one or more applications stored in an application repository to a managed container embodied on a non-transitory computer readable medium of a client device, the application gateway server computer communicatively connected to backend systems, to the application repository, and to the client device, the application gateway server computer and the application repository residing on a content management layer between the backend systems running in an enterprise computing environment and the client devices, the backend systems residing behind a firewall of the enterprise computing environment, the application gateway server computer residing in the enterprise computing environment outside of the firewall of the enterprise computing environment and comprising application programming interfaces and services configured for communicating with the backend systems and with the managed container, wherein the application gateway server computer communicates with the backend systems through the firewall of the enterprise computing environment, the managed container written in a programming language native to the client device and downloaded by the client device from a network source, the managed container having a managed cache and an application framework with an execution engine that provides a runtime environment for applications associated with the backend systems running in the enterprise computing environment; receiving, by the managed container from the application gateway server computer via the application service of the application gateway server computer, the one or more applications stored in the application repository, the one or more applications written in a cross-platform language; storing, by the managed container running on the client device, the one or more applications received from the application gateway server computer and data associated with the one or more applications in the managed cache of the managed container running on the client device; providing, by the managed container running on the client device, a secure runtime shell within which the one or more applications received from the application gateway server computer and hosted by at least one backend system of the backend systems running in the enterprise computing environment are run on the client device; communicating, by the managed container running on the client device with an authentication service of the application gateway server computer that provides a common authentication mechanism to the backend systems such that, once authenticated by the authentication service at the application gateway server computer, the managed container has access to the backend systems through the common authentication mechanism; controlling, by the managed container, the one or more applications received from the application gateway server computer and the data associated with the one or more applications stored in the managed cache of the managed container running on the client device in accordance with a set of rules, the set of rules propagated from at least one backend system of the backend systems to the managed container via a device management service of the application gateway server computer; managing, by the application gateway server computer, the managed cache on the client device, wherein the managed cache includes a content cache for storing data associated with managed applications received from the application gateway server computer, a settings cache for storing application settings information, and a state cache for saving application state information on the client device; and controlling, by the application gateway server computer, the data associated with the managed applications stored in the content cache based on a rule generated on a backend system. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification