Method, system and computer program product for enforcing access controls to features and subfeatures on uncontrolled web application
US-2017104791-A1 · Apr 13, 2017 · US
Managing applications across multiple management domains
US10716005B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10716005-B2 |
| Application number | US-201815935860-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 26, 2018 |
| Priority date | Jul 7, 2014 |
| Publication date | Jul 14, 2020 |
| Grant date | Jul 14, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques to manage applications, such as mobile apps, across multiple management domains are disclosed. In various embodiments, a set of one or more application management policies to be enforced with respect to a mobile device is received from a management entity to which a scope of authority to manage applications with respect to the mobile device has been delegated. A management agent on the mobile device is used to enforce the one or more application management policies with respect to applications and application data that are within the scope of authority delegated to the management entity.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising: a processor configured to: receive from a first management domain at a mobile device, an indication to remove an application installed on the mobile device, wherein the mobile device is configured to store data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determine whether the application is associated with a plurality of management domains; and in response to a determination that the application is associated with the plurality of management domains, secure on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 , wherein a policy associated with the first management domain indicates that the application should be removed. 3. The system of claim 1 , wherein the processor is further configured to: in response to a determination that the application is not associated with the plurality of management domains, remove from the mobile device the application and the data of the application that is associated with the first management domain. 4. The system of claim 1 , wherein the processor is further configured to return a result indicating that the application could not be removed and that the data of the application that is associated with the first management domain has been removed or secured. 5. The system of claim 4 , wherein information included in the result is filtered to limit access to data owned by the first management domain. 6. The system of claim 5 , wherein the information included in the result is filtered based on an information disclosure policy. 7. The system of claim 1 , wherein the first management domain's application lifecycle indicates that the application should be removed. 8. The system of claim 7 , wherein a mobile device management component is configured to provide the indication to the first management domain when the first management domain's application lifecycle is limited. 9. The system of claim 1 , wherein the indication is received from a device management server associated with the first management domain. 10. The system of claim 1 , wherein the processor is further configured to receive a definition of each of the plurality of management domains from a corresponding management entity. 11. The system of claim 10 , wherein each of the plurality of management domains has a corresponding scope of management authority with respect to the system. 12. The system of claim 10 , wherein the definition includes conflict resolution and/or precedence rules. 13. A method, comprising: receiving from a first management domain at a mobile device an indication to remove an application installed on the mobile device, wherein the mobile device stores data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determining whether the application is associated with a plurality of management domains; and in response to determining that the application is associated with the plurality of management domains, securing on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded. 14. The method of claim 13 , further comprising returning a result indicating that the application could not be removed and that the data of the application that is associated with the first management domain has been removed or secured. 15. The method of claim 13 , wherein the first management domain's application lifecycle indicates that the application should be removed. 16. The method of claim 13 , wherein the indication is received from a device management server associated with the first management domain. 17. A computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving from a first management domain at a mobile device an indication to remove an application installed on the mobile device, wherein the mobile device stores data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determining whether the application is associated with a plurality of management domains; and in response to determining that the application is associated with the plurality of management domains, securing on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded.
Assignees
Inventors
Classifications
Managing security policies for mobile devices or for controlling mobile applications · CPC title
Tools and structures for managing or administering access control systems · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04W12/08Primary
Access security · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10716005B2 cover?
- Techniques to manage applications, such as mobile apps, across multiple management domains are disclosed. In various embodiments, a set of one or more application management policies to be enforced with respect to a mobile device is received from a management entity to which a scope of authority to manage applications with respect to the mobile device has been delegated. A management agent on t…
- Who is the assignee on this patent?
- Mobile Iron Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 14 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).