Adapting a mobile application to a partitioned environment

US 9,430,641 B1
Filed: 11/05/2012
Issued: 08/30/2016
Est. Priority Date: 11/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of providing a secure partition, comprising:

receiving an indication that a first app is to be available to be used in a secure zone of a mobile device, wherein the indication comprises an attempt to install the first app to the secure zone, wherein the secure zone corresponds to a partition of the mobile device in which a second app and a third app are executed, wherein the second app is configured to store and access data that is accessible to the third app operating within the secure zone and that is inaccessible to a fourth app that operates outside the secure zone;

determining whether the first app is authorized to be installed in the secure zone;

in the event the first app is authorized to be installed in the secure zone, installing a secure zone version of the first app that exhibits a behavior associated with the secure zone on the mobile device, wherein the secure zone version is generated at least in part by;

performing reverse engineering on code included in the first app to determine a behavior to be modified to adapt the first app to the secure zone, andreplacing portions of the code of the first app, the portions of the code being associated with the behavior to be modified with code exhibiting the behavior associated with the secure zone, wherein the behavior associated with the secure zone is not a native behavior of the first app; and

in the event the first app is not authorized to be installed in the secure zone, replacing the first app with one that will not launch within the secure zone.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Adapting a mobile or other application (“app”) to a partitioned environment is disclosed. In various embodiments, a “secure zone” or other logical partition is created and enforced at least in part by adapting a mobile or other app to behave in a manner required by and/or otherwise associated with the secure zone or other partition and which behavior is or in various embodiments may be different than a native behavior of the mobile or other app as designed and written by an application developer of the app.

33 Citations

View as Search Results

26 Claims

1. A method of providing a secure partition, comprising:
- receiving an indication that a first app is to be available to be used in a secure zone of a mobile device, wherein the indication comprises an attempt to install the first app to the secure zone, wherein the secure zone corresponds to a partition of the mobile device in which a second app and a third app are executed, wherein the second app is configured to store and access data that is accessible to the third app operating within the secure zone and that is inaccessible to a fourth app that operates outside the secure zone;
  
  determining whether the first app is authorized to be installed in the secure zone;
  
  in the event the first app is authorized to be installed in the secure zone, installing a secure zone version of the first app that exhibits a behavior associated with the secure zone on the mobile device, wherein the secure zone version is generated at least in part by;
  
  performing reverse engineering on code included in the first app to determine a behavior to be modified to adapt the first app to the secure zone, andreplacing portions of the code of the first app, the portions of the code being associated with the behavior to be modified with code exhibiting the behavior associated with the secure zone, wherein the behavior associated with the secure zone is not a native behavior of the first app; and
  
  in the event the first app is not authorized to be installed in the secure zone, replacing the first app with one that will not launch within the secure zone.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein the secure zone version is generated at least in part by sending a request to a remote compliance server.
  - 3. The method of claim 2, wherein the remote compliance server is configured to generate the secure zone version of the first app in real time.
  - 4. The method of claim 1, wherein the secure zone version of the first app exhibits the behavior associated with the secure zone at least in part by invoking a replacement operating system component instead of a corresponding operating system component that the original version of the first app was configured to invoke.
  - 5. The method of claim 1, wherein the secure zone version of the first app is generated at least in part by modifying or replacing one or more classes included in the first app.
  - 6. The method of claim 5, wherein the secure zone version of the first app is generated at least in part by modifying one or more pointers included in the first app to point to said modified or replacement classes.
  - 7. The method of claim 1, wherein the behavior associated with the secure zone includes storing app data in encrypted form.
  - 8. The method of claim 1, wherein the behavior associated with the secure zone includes performing network communication via a virtual private network or other secure connection.
  - 9. The method of claim 1, wherein the behavior associated with the secure zone includes storing cut or copied app data in a replacement clipboard component.
  - 10. The method of claim 9, wherein the replacement clipboard component is configured to provide access to content only to apps associated with the secure zone.
  - 11. The method of claim 1, further comprising receiving a password associated with the secure zone and allowing access to one or more apps associated with the secure zone, without requiring reentry of the password when the user switches from using one of the one or more apps in the secure zone to using another of the one or more apps in the secure zone.
  - 12. The method of claim 11, further comprising requiring password reentry if a no activity timer associated with the secure zone has expired.
  - 13. The method of claim 1, wherein the secure zone version of the first app is configured to make app content available to one or more other apps associated with the secure zone at least in part by invoking an agent to back up the app content to a shared storage location.
  - 14. The method of claim 13, wherein the one or more other apps are configured to access the app content at least in part by invoking the agent to recover the app content from the shared storage location.
  - 15. The method of claim 1, further comprising providing one or more replacement operating system components configured to hide one or more resources from apps associated with the secure zone.
  - 16. The method of claim 15, wherein the one or more resources include one or more of the following:
    - a set of contacts, an address book, a camera, a non-secure network connection, an unencrypted file.
  - 22. The method of claim 1, wherein the secure zone version of the first app is generated at least in part by changing a launcher associated with the first app to ensure that apps not authorized to be installed in the secure zone cannot launch in the secure zone.
  - 23. The method of claim 1, wherein the secure zone version is generated at least in part by analyzing execution of the first app in a controlled test environment to observe one or more behaviors of the first app that are to be modified.
  - 24. The method of claim 1, wherein a plurality of apps executed in the secure zone store corresponding content data in a secure zone app data storage that is accessible to the plurality of apps in the secure zone.
  - 25. The method of claim 1, wherein the plurality of apps are installed in the secure zone.
  - 26. The method of claim 1, wherein the plurality of apps that are installed in the secure zone are secured apps, and an unsecured app is installed and operated outside the secure zone.

17. A mobile device, comprising:
- a processor configured to;
  
  receive an indication that a first app is to be available to be used in a secure zone of a mobile device, wherein the indication comprises an attempt to install the first app to the secure zone, wherein the secure zone corresponds to a partition of the mobile device in which a second app is configured to store and access data that is accessible to a third app operating within the secure zone and that is inaccessible to a fourth app that operates outside the secure zone;
  
  determine whether the first app is authorized to be installed in the secure zone;
  
  in the event the first app is authorized to be installed in the secure zone, installing a secure zone version of the first app that exhibits a behavior associated with the secure zone on the mobile device, wherein the secure zone version of the first app is generated at least in part by performing reverse engineering on code included in the first app to determine a behavior to be modified to adapt the first app to the secure zone and replacing portions of the code of the first app, the portions of the code being associated with the behavior to be modified with code corresponding to the behavior associated with the secure zone, wherein the behavior is not a native behavior of the first app; and
  
  in the event the first app is not authorized to be installed in the secure zone, replacing the first app with one that will not launch within the secure zone; and
  
  a memory or other storage device coupled to the processor and configured to store the secure zone version of the first app.
- View Dependent Claims (18, 19, 20)
- - 18. The mobile device of claim 17, wherein the secure zone version is generated at least in part by sending a request to a remote compliance server that is configured to provide the secure zone version of the first app.
  - 19. The mobile device of claim 18, wherein the remote compliance server is configured to generate the secure zone version of the first app in real time based at least in part on app code comprising the first app.
  - 20. The mobile device of claim 17, wherein the secure zone version of the first app exhibits the behavior associated with the secure zone at least in part by invoking a replacement operating system component instead of a corresponding operating system component that the original version of the first app was configured to invoke.

21. A computer program product to provide a secure partition, the computer program product being embodied in a tangible, non-transitory computer readable storage medium and comprising computer instructions for:
- receiving an indication that a first app is to be available to be used in a secure zone of a mobile device, wherein the indication comprises an attempt to install the first app to the secure zone, wherein the secure zone corresponds to a partition of the mobile device in which a second app is configured to store and access data that is accessible to a third app operating within the secure zone and that is inaccessible to a fourth app that operates outside the secure zone;
  
  determining whether the first app is authorized to be installed in the secure zone;
  
  in the event the first app is authorized to be installed in the secure zone, installing a secure zone version of the first app that exhibits a behavior associated with the secure zone on the mobile device, wherein the secure zone version of the first app is generated at least in part by;
  
  performing reverse engineering on code included in the first app to determine a behavior to be modified to adapt the first app to the secure zone, andreplacing portions of the code of the first app, the portions of the code being associated with the behavior to be modified with code corresponding to the behavior associated with the secure zone, wherein the behavior is not a native behavior of the first app; and
  
  in the event the first app is not authorized to be installed in the secure zone, replacing the first app with one that will not launch within the secure zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Marion, Eric M., Sonawane, Nitin
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
McCoy, Richard

Application Number

US13/669,082
Time in Patent Office

1,394 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/1011   to devices

G06F 21/121   Restricting unauthorised ex...

G06F 21/53   by executing in a restricte...

G06F 2221/2105   Dual mode as a secondary as...

G06F 8/61   Installation

G06F 9/45533   Hypervisors; Virtual machin...

Adapting a mobile application to a partitioned environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Adapting a mobile application to a partitioned environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links