What technology area does this patent fall under?

Primary CPC classification H04L63/205. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 06 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Policy-based secure containers for multiple enterprise applications

US10122766B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10122766-B2
Application number	US-201615051130-A
Country	US
Kind code	B2
Filing date	Feb 23, 2016
Priority date	Dec 28, 2012
Publication date	Nov 6, 2018
Grant date	Nov 6, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

First claim

Opening claim text (preview).

The invention claimed is: 1. An enterprise policy server to determine enterprise security policies for a client computing device comprising: trust calculation circuitry to: receive, from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; and policy determination circuitry to: receive a request for an enterprise application from the client computing device; determine a data sensitivity level based on the enterprise application; determine a security policy based on the device trust level and the data sensitivity level; and send the security policy to the client computing device. 2. The enterprise policy server of claim 1 , wherein the policy determination circuitry is further to select the data sensitivity level from a plurality of predefined data sensitivity levels associated with enterprise data that can be accessed by the enterprise application. 3. The enterprise policy server of claim 1 , wherein the policy determination circuitry is further to send the enterprise application to the client computing device. 4. The enterprise policy server of claim 1 , wherein the security policy comprises a security policy to: allow the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevent the enterprise application from communicating with applications not associated with the security policy. 5. The enterprise policy server of claim 1 , wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application. 6. The enterprise policy server of claim 1 , wherein the security policy comprises a security policy to require the client computing device to (i) encrypt data accessed or stored by the enterprise application; or (ii) remove data created by the enterprise application when the enterprise application terminates. 7. The enterprise policy server of claim 1 , wherein the security policy comprises a security policy to require the client computing device to log activities of the enterprise application. 8. A method to determine enterprise security policies for a client computing device, the method comprising: receiving, by an enterprise policy server from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; determining, by the enterprise policy server, a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receiving, by the enterprise policy server, a request for access to an enterprise application from the client computing device; determining, by the enterprise policy server, a data sensitivity level based on the requested enterprise application; determining, by the enterprise policy server, a security policy based on the device trust level and the data sensitivity level; and sending the security policy from the enterprise policy server to the client computing device. 9. The method of claim 8 , wherein determining the security policy comprises determining a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy. 10. The method of claim 8 , wherein determining the security policy comprises determining a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application. 11. The method of claim 8 , wherein determining the security policy comprises determining a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates. 12. The method of claim 8 , wherein determining the security policy comprises determining a security policy that requires the client computing device to log activities of the enterprise application. 13. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause an enterprise policy server to: receive, from a client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receive a request for access to an enterprise application from the client computing device; determine a data sensitivity level based on the requested enterprise application; determine a security policy based on the device trust level and the data sensitivity level; and send the security policy from the enterprise policy server to the client computing device. 14. The one or more non-transitory, computer-readable storage media of claim 13 , wherein to determine the security policy comprises to determine a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy. 15. The one or more non-transitory, computer-readable storage media of claim 13 , wherein to determine the security policy comprises to determine a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application. 16. The one or more non-transitory, computer-readable storage media of claim 13 , wherein to determine the security policy comprises to determine a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates. 17. The one or more non-transitory, computer-readable storage media of claim 13 , wherein to determine the security policy comprises to determine a security policy that requires the client computing device to log activities of the enterprise application. 18. The enterprise policy server of claim 1 , wherein to determine the device tru

Assignees

Intel Corp

Inventors

Classifications

H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/105
Multiple levels of security · CPC title
H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title

Patent family

Related publications grouped by family.

View patent family 51018946

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10122766B2 cover?: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attr…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 06 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).