Controlling Mobile Device Access to Secure Data
First Claim
1. A method, comprising:
- as part of a process of configuring a managed application of a mobile device such that the managed application is able to be executed in accordance with a management framework defined by policy information received by the mobile device via an access gateway;
determining that legacy data associated with an application of the mobile device that was executed not in accordance with the management framework is to be configured for the managed application;
responsive to determining that the legacy data is to be configured for the managed application, encrypting the legacy data, resulting in encrypted legacy data;
storing a first set of the encrypted legacy data in a private secure container, wherein the private secure container is defined by the policy information and is private to the managed application; and
storing a second set of the encrypted legacy data in a shared secure container, wherein the shared secure container is defined by the policy information and is shared with at least one other managed application of the mobile device.
0 Assignments
0 Petitions
Accused Products
Abstract
Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.
6 Citations
20 Claims
-
1. A method, comprising:
as part of a process of configuring a managed application of a mobile device such that the managed application is able to be executed in accordance with a management framework defined by policy information received by the mobile device via an access gateway; determining that legacy data associated with an application of the mobile device that was executed not in accordance with the management framework is to be configured for the managed application; responsive to determining that the legacy data is to be configured for the managed application, encrypting the legacy data, resulting in encrypted legacy data; storing a first set of the encrypted legacy data in a private secure container, wherein the private secure container is defined by the policy information and is private to the managed application; and storing a second set of the encrypted legacy data in a shared secure container, wherein the shared secure container is defined by the policy information and is shared with at least one other managed application of the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. An apparatus, comprising:
-
at least one processor; and memory storing executable instructions configured to, when executed by the at least one processor, cause the apparatus to; as part of a process of configuring a managed application of the apparatus such that the managed application is able to be executed in accordance with a management framework defined by policy information received by the apparatus via an access gateway; determine that legacy data associated with an application of the apparatus that was executed not in accordance with the management framework is to be configured for the managed application; responsive to determining that the legacy data is to be configured for the managed application, encrypt the legacy data, resulting in encrypted legacy data; store a first set of the encrypted legacy data in a private secure container, wherein the private secure container is defined by the policy information and is private to the managed application; and store a second set of the encrypted legacy data in a shared secure container, wherein the shared secure container is defined by the policy information and is shared with at least one other managed application of the apparatus. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. One or more non-transitory memory storing executable instructions configured to, when executed, cause an apparatus to:
as part of a process of configuring a managed application of the apparatus such that the managed application is able to be executed in accordance with a management framework defined by policy information received by the apparatus via an access gateway; determine that legacy data associated with an application of the apparatus that was executed not in accordance with the management framework is to be configured for the managed application; responsive to determining that the legacy data is to be configured for the managed application, encrypt the legacy data, resulting in encrypted legacy data; store a first set of the encrypted legacy data in a private secure container, wherein the private secure container is defined by the policy information and is private to the managed application; and store a second set of the encrypted legacy data in a shared secure container, wherein the shared secure container is defined by the policy information and is shared with at least one other managed application of the apparatus. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification