Secure execution of enterprise applications on mobile devices
DCFirst Claim
1. A method comprising:
- generating, by an enterprise agent operable on a client device, a secure container in a first portion of a computer-readable storage of the client device, the secure container being encrypted and comprising a file system, wherein the first portion of the computer-readable storage is separate from a second portion of the computer-readable storage;
verifying, by the enterprise agent, a user of the client device based upon one or more enterprise credentials associated with the user;
establishing, by the enterprise agent, a secure tunnel between the enterprise agent and a server associated with an enterprise, the enterprise having one or more associated applications;
receiving, by the enterprise agent, enterprise data from the server, the enterprise data received via the secure tunnel; and
storing, by the enterprise agent, the enterprise data in the secure container in accordance with one or more data policies of the enterprise,wherein the secure container is only accessible by a verified user and by the one or more applications associated with the enterprise.
9 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
656 Citations
27 Claims
-
1. A method comprising:
-
generating, by an enterprise agent operable on a client device, a secure container in a first portion of a computer-readable storage of the client device, the secure container being encrypted and comprising a file system, wherein the first portion of the computer-readable storage is separate from a second portion of the computer-readable storage; verifying, by the enterprise agent, a user of the client device based upon one or more enterprise credentials associated with the user; establishing, by the enterprise agent, a secure tunnel between the enterprise agent and a server associated with an enterprise, the enterprise having one or more associated applications; receiving, by the enterprise agent, enterprise data from the server, the enterprise data received via the secure tunnel; and storing, by the enterprise agent, the enterprise data in the secure container in accordance with one or more data policies of the enterprise, wherein the secure container is only accessible by a verified user and by the one or more applications associated with the enterprise. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
generating a secure container in a first portion of a computer-readable storage of a client device, the secure container being encrypted and comprising a file system, and being separate from a second portion of the computer-readable storage; verifying a user of the client device based upon one or more enterprise credentials associated with the user; establishing a secure tunnel between the client device and a server associated with an enterprise, the enterprise having one or more associated applications; and storing enterprise data in the secure container in accordance with one or more data policies of the enterprise, the enterprise data received from the server via the secure tunnel, wherein the secure container is only accessible by a verified user and by the one or more applications associated with the enterprise. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method comprising:
-
establishing a secure tunnel between a client device and a server associated with an enterprise, wherein the secure tunnel is established for a verified user of the client device based upon one or more enterprise credentials associated with the user; determining one or more applications associated with the enterprise; transmitting enterprise data from the server to the client device via the secure tunnel, wherein the enterprise data is stored in a secure container of the client device in accordance with one or more data policies of the enterprise, wherein the secure container is located in a first portion of a computer-readable storage of the client device, the secure container being encrypted and comprising a file system, wherein the first portion of the computer-readable storage is separate from a second portion of the computer-readable storage, and wherein the secure container is only accessible by the verified user and by the one or more applications associated with the enterprise.
-
Specification