Controlling distribution of resources on a network

US 9,705,813 B2
Filed: 09/20/2012
Issued: 07/11/2017
Est. Priority Date: 02/14/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising code that, when executed by the computing device, causes the computing device to perform a method comprising:

storing a plurality of resources in a data store associated with a distribution service in response to a request from a user interface to transfer the plurality of resources;

receiving a selection of access rights and a plurality of distribution rules associated with the plurality of resources;

receiving, from a client device, a request to access the plurality of resources hosted by the distribution service;

determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service based at least in part on the access rights associated with the plurality of resources;

identifying which of a plurality of resource grouping identifiers are associated with the pairing, in response to determining that the pairing is authorized to access the distribution service;

identifying which of the plurality of resources are associated with the resource grouping identifiers;

identifying which of the plurality of distribution rules are associated with the identified resources, the distribution rules comprising at least one of a plurality of location rules or a plurality of time rules; and

transmitting the identified resources and the identified distribution rules to the client device, the resources being encrypted and configured to be exclusively accessible by a containerized client side application using a decryption key while the client device satisfies the identified distribution rules associated with the resources based on a device profile, wherein the containerized client side application is configured to prevent access to the identified resources by another application executed by the client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for controlling distribution of resources on a network. In one embodiment, a distribution service receives a request from a client device to access resources hosted by a distribution service. In response, the distribution service determines whether the client device is authorized to access the distribution service. The distribution service identifies which of the resources hosted by the distribution service are accessible to the client device based on the resource grouping identifiers associated with the client device. The distribution service determines which distribution rules are associated with the identified resources, the distribution rules including location rules and time rules. The distribution service then transmits the identified resources and identified distribution rules to the client device, where the resources are configured to be exclusively accessible via a containerized client application on the client device while the client device satisfies the distribution rules associated with the resources.

179 Citations

60 Claims

1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising code that, when executed by the computing device, causes the computing device to perform a method comprising:
- storing a plurality of resources in a data store associated with a distribution service in response to a request from a user interface to transfer the plurality of resources;
  
  receiving a selection of access rights and a plurality of distribution rules associated with the plurality of resources;
  
  receiving, from a client device, a request to access the plurality of resources hosted by the distribution service;
  
  determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service based at least in part on the access rights associated with the plurality of resources;
  
  identifying which of a plurality of resource grouping identifiers are associated with the pairing, in response to determining that the pairing is authorized to access the distribution service;
  
  identifying which of the plurality of resources are associated with the resource grouping identifiers;
  
  identifying which of the plurality of distribution rules are associated with the identified resources, the distribution rules comprising at least one of a plurality of location rules or a plurality of time rules; and
  
  transmitting the identified resources and the identified distribution rules to the client device, the resources being encrypted and configured to be exclusively accessible by a containerized client side application using a decryption key while the client device satisfies the identified distribution rules associated with the resources based on a device profile, wherein the containerized client side application is configured to prevent access to the identified resources by another application executed by the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-readable medium of claim 1, wherein the containerized client side application is configured to enforce a plurality of transmission restrictions while the resources are being accessed by the containerized client side application, wherein the transmission restrictions comprise prohibiting transmitting, cutting, copying, and pasting the resources.
  - 3. The computer-readable medium of claim 1, wherein the containerized client side application is pre-installed on the client device.
  - 4. The computer-readable medium of claim 1, wherein the location rules comprise a plurality of authorized locations where the resources are accessible by the client device.
  - 5. The computer-readable medium of claim 4, wherein the authorized locations correspond to a plurality of locations of a plurality of meetings, and wherein the resources associated with the authorized locations are specifically related to the meetings.
  - 6. The computer-readable medium of claim 1, wherein the time rules comprise a plurality of authorized time windows during which the resources may be accessed by the client device.
  - 7. The computer-readable medium of claim 6, wherein the authorized time windows correspond to a plurality of time windows of a plurality of meetings, and wherein the resources associated with the authorized time windows are specifically related to the meetings.
  - 8. The computer-readable medium of claim 1, further comprising:
    - removing the resources from the client device if the client device does not satisfy the distribution rules associated with the resources.
  - 9. The computer-readable medium of claim 8, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 10. The computer-readable medium of claim 1, wherein the distribution rules further comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, or a plurality of resource related requirements.
  - 11. The computer-readable medium of claim 1, wherein the identified resources include metadata that specifies whether transmission of the identified resources outside of the containerized client side application is authorized.
  - 12. The computer-readable medium of claim 1, wherein the pairing is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user and a device identifier associated with the client device, and wherein the request comprises the user credentials and a device identifier.

13. A method comprising:
- transmitting a request to store a plurality of resources to a distribution service via a user interface;
  
  transmitting a selection of a plurality of authorized locations associated with the plurality of resources;
  
  determining, in a containerized client side application being executed by a client device, whether the client device is located at one of the plurality of authorized locations;
  
  responsive to a determination that the client device is located at an authorized location of the plurality of authorized locations, transmitting a request for access to the plurality of resources to the distribution service;
  
  receiving the resources that are configured to be exclusively accessible by the containerized client side application using a decryption key and based on a device profile, wherein the containerized client side application is configured to prevent access to the resources by another application executed by the client device; and
  
  removing the resources from the client device if the client device is no longer located at an authorized location.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 24)
- - 14. The method of claim 13, wherein the containerized client side application is configured to enforce a plurality of transmission restrictions while the resources are being accessed by the containerized client side application, wherein the transmission restrictions comprise prohibiting transmitting, cutting, copying, and pasting the resources.
  - 15. The method of claim 13, wherein the containerized client application is pre-installed on the client device.
  - 16. The method of claim 13, wherein the authorized locations are bound at least in part by one or more of a plurality of physical boundaries, a plurality of virtual boundaries, or a plurality of economic boundaries.
  - 17. The method of claim 13, wherein the authorized locations correspond to a plurality of locations of meetings, and wherein the resources associated with the authorized locations are specifically related to the meetings.
  - 18. The method of claim 13, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 19. The method of claim 13, further comprising:
    - determining whether a current time is within one of a plurality of authorized time windows before transmitting the request to access the resources; and
      
      removing the resources from the client device if the current time is not within the one of the authorized time windows, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 20. The method of claim 19, wherein the plurality of authorized time windows correspond to a plurality of time windows of meetings, and wherein the resources associated with the plurality of authorized time windows are specifically related to the meetings.
  - 21. The method of claim 13, further comprising:
    - determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service before transmitting the request to access resources, wherein the client device is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user of the client device and a device identifier associated with the client device; and
      
      removing the resources from the client device if the pairing does is not authorized to access the distribution service, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 22. The method of claim 13, further comprising:
    - determining whether the client device satisfies a plurality of distribution rules associated with the resources before transmitting the request to access resources, wherein the distribution rules comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, or a plurality of resource related requirements; and
      
      removing the resources from the client device if the client device does not satisfy the distribution rules, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 24. The method of claim 13, wherein the resources include metadata that specifies whether transmission of the resources outside of the containerized client side application is authorized.

23. A system for distributing resources comprising:
- a processor;
  
  a memory device including instructions that when executed by the processor cause the processor to perform a method comprising;
  
  storing a plurality of resources in a data store associated with a distribution service in response to a request from a user interface to transfer the plurality of resources;
  
  receiving a selection of a plurality of authorized time windows associated with the plurality of resources;
  
  receiving, from a client device, a request to access the plurality of resources hosted by a distribution service;
  
  determining whether a current time associated with the client device is within one of the plurality of authorized time windows associated with the plurality of resources;
  
  responsive to a determination that the current time is within at least one authorized time of the authorized time windows, transmitting the resources to a containerized client side application on the client device, the resources being encrypted and configured to be exclusively accessible by the containerized client side application using a decryption key and based on a device profile, wherein the containerized client side application is configured to prevent access to the resources by another application executed by the client device;
  
  monitoring the current time; and
  
  removing the resources from the client device if the current time is not within the at least one authorized time window.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The system of claim 23, wherein the authorized time windows correspond to a plurality of time windows of meetings, and wherein the resources associated with the authorized time windows are specifically related to the meetings.
  - 26. The system of claim 23, wherein the containerized client side application is configured to enforce a plurality of transmission restrictions while the resources are being accessed by the containerized client side application, wherein the transmission restrictions comprise prohibiting transmitting, cutting, copying, and pasting the resources.
  - 27. The system of claim 23, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 28. The system of claim 23, further comprising:
    - determining whether the client device is located at one of a plurality of authorized locations before transmitting the resources to the client device; and
      
      removing the resources from the client device if the client device is not located at an authorized location, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 29. The system of claim 28, wherein the authorized locations are bound at least in part by one or more of a plurality of physical boundaries, a plurality of virtual boundaries, and a plurality of economic boundaries.
  - 30. The system of claim 28, wherein the authorized locations correspond to a plurality of locations of meetings, and the resources associated with the authorized locations are specifically related to the meetings.
  - 31. The system of claim 23, further comprising:
    - determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service before transmitting the resources to the client device, wherein the client device is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user of the client device and a device identifier associated with the client device; and
      
      removing the resources from the client device if the pairing is not authorized to access the distribution service, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 32. The system of claim 23, further comprising:
    - determining whether the client device satisfies a plurality of distribution rules associated with the resources before transmitting the resources to the client device, wherein the distribution rules comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, or a plurality of resource related requirements; and
      
      removing the resources from the client device if the client device does not satisfy the distribution rules, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.

33. A method comprising:
- storing a plurality of resources in a data store associated with a distribution service in response to a request from a user interface to transfer the plurality of resources;
  
  receiving a selection of a plurality of authorized locations associated with the plurality of resources;
  
  receiving, from a client device, a request to access the plurality of resources hosted by the distribution service;
  
  determining whether the client device is located at one of the plurality of authorized locations associated with the plurality of resources;
  
  responsive to a determination that the client device is located at an authorized location, transmitting the resources to a containerized client side application on the client device, the resources being encrypted and configured to be exclusively accessible by the containerized client side application using a decryption key and based on a device profile, the resources including metadata specifying whether transmission outside of the containerized client side application is authorized, wherein the containerized client side application is configured to prevent access to the resources by another application executed by the client device when the metadata specifies that transmission is prohibited outside of the containerized client side application;
  
  monitoring the location of the client device; and
  
  removing the resources from the client device if the client device is not located at an authorized location.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The method of claim 33, wherein the containerized client side application is pre-installed on the client device and is configured to enforce a plurality of transmission restrictions while the resources are being accessed by the containerized client side application, wherein the transmission restrictions comprise prohibiting transmitting, cutting, copying, and pasting the resources.
  - 35. The method of claim 33, wherein the authorized locations are bound at least in part by one or more of a plurality of physical boundaries, a plurality of virtual boundaries, and a plurality of economic boundaries.
  - 36. The method of claim 33, wherein the authorized locations correspond to a plurality of locations of meetings, and wherein the resources associated with the authorized locations are specifically related to the meetings.
  - 37. The method of claim 33, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 38. The method of claim 33, further comprising determining whether a current time is within one of a plurality of authorized time windows before transmitting the resources to the client device.
  - 39. The method of claim 38, wherein the authorized time windows correspond to a plurality of time windows of meetings, and the resources associated with the authorized time windows are specifically related to the meetings.
  - 40. The method of claim 33, further comprising removing the resources from the client device if a current time is not within one of a plurality of authorized time windows, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 41. The method of claim 33, further comprising:
    - determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service before transmitting the resources to the client device, wherein the client device is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user of the client device and a device identifier associated with the client device; and
      
      removing the resources from the client device if the pairing is not authorized to access the distribution service, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 42. The method of claim 33, further comprising:
    - determining whether the client device satisfies a plurality of distribution rules associated with the resources before transmitting the resources to the client device, wherein the distribution rules comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, and a plurality of resource related requirements; and
      
      removing the resources from the client device if the client device does not satisfy the distribution rules, wherein removing the resources from the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.

43. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising code that, when executed by a computing device, causes the computing device to perform a method comprising:
- transmitting a request to store a plurality of resources to a distribution service via user interface;
  
  transmitting a selection of a plurality of authorized locations and a plurality of authorized time windows associated with the plurality of resources;
  
  transmitting, from a containerized client side application executed by a client device, a request to access the plurality of resources hosted by the distribution service; and
  
  receiving access to the plurality of resources in the containerized client side application if the client device is located at one of the plurality of authorized locations and if a current time is within an authorized time window of the plurality of authorized time windows, the plurality of resources configured to be exclusively accessible in the containerized client side application using a decryption key, the plurality of resources including metadata specifying whether transmission outside of the containerized client side application is authorized based on a device profile, wherein the containerized client side application is configured to prevent access to the plurality of resources by another application executed by the client device when the metadata specifies that transmission is prohibited outside of the containerized client side application.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 44. The computer-readable medium of claim 43, further comprising monitoring the location of the client device and the current time.
  - 45. The computer-readable medium of claim 43, further comprising:
    - removing access to the resources on the client device if the client device is not located at an authorized location; and
      
      removing access to the resources on the client device if the current time is not within the authorized time window.
  - 46. The computer-readable medium of claim 45, wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 47. The computer-readable medium of claim 43, further comprising:
    - removing access to the resources on the client device if a pairing of a user of the client device and the client device is not authorized to access a distribution service associated with the resources,wherein the pairing is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user of the client device and a device identifier associated with the client device; and
      
      wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 48. The computer-readable medium of claim 43, further comprising:
    - removing access to the resources on the client device if the client device does not satisfy a plurality of distribution rules associated with the resources,wherein the distribution rules comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, or a plurality of resource related requirements, andwherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 49. The computer-readable medium of claim 43, wherein the containerized client side application is configured to enforce a plurality of transmission restrictions while the resources are being accessed by the containerized client side application, and wherein the transmission restrictions comprise prohibiting transmitting, cutting, copying, and pasting the resources.
  - 50. The computer-readable medium of claim 43, wherein the containerized client application is pre-installed on the client device.
  - 51. The computer-readable medium of claim 43, wherein the authorized locations are bound at least in part by one or more of a plurality of physical boundaries, a plurality of virtual boundaries, and a plurality of economic boundaries.
  - 52. The computer-readable medium of claim 43, wherein the authorized locations correspond to a plurality of locations of meetings, and wherein the resources associated with the authorized locations are specifically related to the meetings.
  - 53. The computer-readable medium of claim 43, wherein the authorized time windows correspond to a plurality of time windows of meetings, and the resources associated with the authorized time windows are specifically related to the meetings.

54. A client device operating in a system for distributing resources, the client device comprising:
- a processor;
  
  a memory device including instructions that when executed by the processor cause the processor to perform a method comprising;
  
  storing a plurality of resources in a data store in response to a request from a user interface to transfer the plurality of resources;
  
  receiving a selection of a plurality of authorized time windows associated with the plurality of resources;
  
  determining whether a client device has access to the plurality of resources associated with the plurality of authorized time windows, the plurality of resources being encrypted and configured to be exclusively accessible in a containerized client side application using a decryption key, the plurality of resources including metadata specifying whether transmission outside of the containerized client side application is authorized based on a device profile, wherein the containerized client side application is configured to prevent access to the plurality of resources by another application executed by the client device when the metadata specifies that transmission is prohibited outside of the containerized client side application;
  
  determining whether a current time associated with the client device is within an authorized time window; and
  
  removing access to the resources on the client device if the current time is not within the authorized time window.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. The system of claim 54, wherein determining whether the current time is within the authorized time window comprises determining the current time based at least in part on a location of the client device.
  - 56. The system of claim 54, wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 57. The system of claim 54, further comprising the steps of:
    - determining whether the client device has access to a plurality of resources associated with a plurality of authorized locations;
      
      determining whether the client device is located at an authorized location; and
      
      removing access to the resources on the client device if the client device is not located at an authorized location, wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 58. The system of claim 57, wherein the plurality of authorized locations correspond to a plurality of locations of meetings, and wherein the resources associated with the plurality of authorized locations are specifically related to the meetings.
  - 59. The system of claim 54, further comprising:
    - determining whether the client device has access to the plurality of resources hosted by a distribution service, wherein the client device is authorized to access the distribution service based at least in part on a plurality of user credentials associated with the user of the client device and a device identifier associated with the client device;
      
      determining whether a pairing of a user of the client device and the client device is authorized to access the distribution service; and
      
      removing access to the resources on the client device if the pairing is not authorized to access the distribution service, wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.
  - 60. The system of claim 54, further comprising:
    - determining whether the client device has access to the plurality of resources associated with a plurality of distribution rules, wherein the distribution rules comprise at least one of a plurality of client device hardware requirements, a plurality of client device software requirements, a plurality of client device configuration requirements, a plurality of client device maintenance requirements, or a plurality of resource related requirements;
      
      determining whether the client device satisfies the distribution rules; and
      
      removing access to the resources on the client device if the client device does not satisfy the distribution rules, wherein removing access to the resources on the client device comprises at least one of deleting the resources from the client device, disabling the resources on the client device, restoring the client device to a default state, or deleting all data from the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Marshall, John, Jayaprakash, Gopinath, Brannon, Jonathan Blake, Manton, John Joseph, Stuntebeck, Erich
Primary Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US13/623,627
Publication Number

US 20130254401A1
Time in Patent Office

1,755 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

H04L 47/70   Admission control; Resource...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/104   Grouping of entities

H04L 63/107   wherein the security polici...

H04W 12/61   Time-dependent

H04W 12/64   using geofenced areas

Controlling distribution of resources on a network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

179 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling distribution of resources on a network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

179 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links