Policy enforcement in mobile devices
First Claim
1. A method of controlling access to a resource in a mobile device, comprising:
- intercepting a request to access said resource;
determining a type of intended operation of a resource functionality based on said request, wherein said type of intended operation corresponds to a user'"'"'s purpose of intended use associated with a communication type of said mobile device;
selectively authorizing access to said resource according to said determined type of intended operation based on an encrypted enforcement policy stored in said mobile device, wherein said selectively authorizing comprises granting access to said resource when said intended operation utilizes resource functionality of a first communication type, and denying access to said resource when said intended operation utilizes resource functionality of a second communication type;
applying said encrypted enforcement policy;
monitoring one or more settings associated with said resource when said mobile device is offline;
detecting a change in said one or more settings, wherein said one or more settings are enforced by said encrypted enforcement policy;
determining whether said change in said one or more settings is authorized by said encrypted enforcement policy; and
restoring said one or more settings to a state based on determining that said change is not authorized, wherein said state is based on said encrypted enforcement policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and computer program products for enabling enforcement of an administrative policy on one or more mobile devices are described herein. In an embodiment, an administrator uses a policy server to create and provide an enforcement policy to a mobile device. An enforcement policy may include information on mobile device resources which may be controlled by an administrator. An enforcement policy also includes information on how mobile device features will be set, configured or disabled. An enforcement device driver and an enforcement monitor on a mobile device use the enforcement policy to control access to resources associated with the mobile device regardless of whether the mobile device is “online” and connected to a network or “offline” and disconnected from a network.
6 Citations
17 Claims
-
1. A method of controlling access to a resource in a mobile device, comprising:
-
intercepting a request to access said resource; determining a type of intended operation of a resource functionality based on said request, wherein said type of intended operation corresponds to a user'"'"'s purpose of intended use associated with a communication type of said mobile device; selectively authorizing access to said resource according to said determined type of intended operation based on an encrypted enforcement policy stored in said mobile device, wherein said selectively authorizing comprises granting access to said resource when said intended operation utilizes resource functionality of a first communication type, and denying access to said resource when said intended operation utilizes resource functionality of a second communication type; applying said encrypted enforcement policy; monitoring one or more settings associated with said resource when said mobile device is offline; detecting a change in said one or more settings, wherein said one or more settings are enforced by said encrypted enforcement policy; determining whether said change in said one or more settings is authorized by said encrypted enforcement policy; and restoring said one or more settings to a state based on determining that said change is not authorized, wherein said state is based on said encrypted enforcement policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of controlling resources in a mobile device, comprising:
-
determining a type of intended operation of a resource functionality based on said request, wherein said type of intended operation corresponds to a user'"'"'s purpose of intended use associated with a communication type of said mobile device; selectively authorizing access to said resource according to aid determined type of intended operation based on an encrypted enforcement policy stored in said mobile device, wherein said selectively authorizing comprises granting access to said resource when said intended operation utilizes resource functionality of a first communication type, and denying access to said resource when said intended operation utilizes resource functionality of a second communication type; applying said encrypted enforcement policy; monitoring one or more settings associated with said resource when said mobile device is offline; detecting a presence of an external data store; determining whether an addition of said external data store is authorized by said enforcement policy; and restoring said one or more settings to a state based on determining that said addition is not authorized, wherein said state is based on said enforcement policy. - View Dependent Claims (8)
-
-
9. A processor-based system for controlling access to resources in a mobile device, comprising:
-
one or more computer processors; a first module configured to intercept a request to access said resource; a second module configured to determine a type of intended operation of a resource functionality based on said request, wherein said type of intended operation corresponds to a user'"'"'s purpose of intended use associated with a communication type of said mobile device; a third module configured to selectively authorize access to said resource according to said determined type of intended operation based on an encrypted enforcement policy stored in said mobile device, wherein said selectively authorizing comprises granting access to said resource when said intended operation utilizes resource functionality of a first communication type, and denying access to said resource when said intended operation utilizes resource functionality of a second communication type; and a fourth module configured to; monitor one or more settings associated with said resource when said mobile device is offline, detect a change in said one or more settings, wherein said one or more settings are enforced by said encrypted enforcement policy, determine whether said change in said one or more settings is authorized by said encrypted enforcement policy, and restore said one or more settings to a desired state, wherein said desired state is based on said encrypted enforcement policy, wherein said first module, said second module, said third module and said fourth module are implemented using said one or more computer processors. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product including a non-transitory computer-readable medium having instructions stored thereon that, if executed by a processing device, cause the processing device to perform operations comprising:
-
intercepting a request to access said resource; determining a type of intended operation of a resource functionality based on said request, wherein said type of intended operation corresponds to a user'"'"'s purpose of intended use associated with a communication type of said mobile device; selectively authorizing access to said resource according to said determined type of intended operation based on an encrypted enforcement policy stored in said mobile device, wherein said selectively authorizing comprises granting access to said resource when said intended operation utilizes resource functionality of a first communication type, and denying access to said resource when said intended operation utilizes resource functionality of a second communication type; applying said encrypted enforcement policy; monitoring one or more settings associated with said resource when said mobile device is offline; detecting a change in said one or more settings, wherein said one or more settings are enforced by said encrypted enforcement policy; determining whether said change in said one or more settings is authorized by said encrypted enforcement policy; and restoring said one or more settings to a state based on determining that said change is not authorized, wherein said state is based on said encrypted enforcement policy. - View Dependent Claims (15, 16, 17)
-
Specification