Dynamic enterprise boundary determination for external mobile devices
US-9307451-B1 · Apr 5, 2016 · US
Time-based functionality restrictions
US11880477B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11880477-B2 |
| Application number | US-202016986465-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 6, 2020 |
| Priority date | Apr 13, 2013 |
| Publication date | Jan 23, 2024 |
| Grant date | Jan 23, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Time-based functionality restrictions may be provided. Periodic scans may be performed to identify requests to perform functions on user devices, to determine whether the functions are compliant with compliance rules associated with the user devices that specify time periods during which the user devices are authorized to perform the functions, and to perform remedial actions if the functions are not compliant with the compliance rules.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: identifying, using an agent application, a request for an application executed in a user device based on detecting an operating system call made by the application on the user device, wherein the user device has access to a first account and a second account for the application; identifying, using the agent application, a compliance rule associated with the application for the user device, wherein the compliance rule specifies that the user device is authorized to access the first account for the application within a first time period on a particular day and the user device is authorized to access the second account for the application within a second time period; determining, using the agent application, that the request for accessing the first account of the application does not comply with the compliance rule based on a time of the request and the first time period; performing, using the agent application, at least one remedial action by instructing an operating system to disable access to the first account for the application; and enabling, using the agent application, the user device to access to the second account for the application based at least in part on the time of the request and the second time period. 2. The method of claim 1 , wherein the request comprises accessing an email account and the at least one remedial action comprises instructing the operating system to disable an email port of the user device. 3. The method of claim 1 , wherein determining that the request for the application does not comply with the compliance rule is further based on a user credential. 4. The method of claim 1 , wherein the first account comprises a business account and the second account is a personal account. 5. The method of claim 1 , wherein the time of the request represents a first attempt for the request, and further comprising: determining, using the agent application, that the request for the application does not comply with the compliance rule based on a second attempt for the request in an instance in which the first attempt has been denied; and performing, using the agent application, an escalated remedial action on the user device. 6. The method of claim 5 , wherein the escalated remedial action comprises at least one of erasing business data on the user device that is associated with the application or restoring the user device to a factory state. 7. The method of claim 1 , wherein performing the at least one remedial action by instructing the operating system to disable access to the account for the application further comprises at least one of: blocking data transmission from the user device to a remote service for the account of the application; or blocking data transmission from the remote service to the user device for the account of the application. 8. A system, comprising, a user device that comprises a processor; a memory in communication to the user device, wherein the memory comprises a plurality of machine instructions that, when executed, cause the user device to at least: identify a functionality request for an application executed in the user device based on detecting an operating system call made by the application on the user device, wherein the user device has access to a first account and a second account for the application; identify a compliance rule associated with the application for the user device, wherein the compliance rule specifies that the user device is authorized to access the first account for the application within a first time period on a particular day and the user device is authorized to access the second account for the application within a second time period on the particular day; determine that the functionality request for accessing the first account of the application does not comply with the compliance rule based on a time of the functionality request and the first time period; perform at least one remedial action by instructing an operating system to disable access to the first account for the application; and authorize the user device to access to the second account for the application based at least in part on the time of the request and the second time period. 9. The system of claim 8 , wherein the first account is a first email account and the second account is a second email account, wherein the application is an email application. 10. The system of claim 8 , wherein determining that the functionality request for the application does not comply with the compliance rule is further based on an authorized time window for the functionality request. 11. The system of claim 8 , wherein the first account comprises a business account and the second account is a personal account. 12. The system of claim 8 , wherein the time of the functionality request represents a first attempt for the functionality request, and further comprising: determine that the functionality request for the application does not comply with the compliance rule based on a second attempt for the functionality request in an instance in which the first attempt has been denied; and perform an escalated remedial action on the user device. 13. The system of claim 12 , wherein the escalated remedial action comprises at least one of erasing business data on the user device that is associated with the application or restoring the user device to a factory state. 14. The system of claim 8 , wherein performing the at least one remedial action by instructing the operating system to disable access to the account for the application further comprises at least one of: blocking data transmission from the user device to a remote service for the account of the application; or blocking data transmission from the remote service to the user device for the account of the application. 15. The system of claim 8 , wherein the plurality of machine instructions that, when executed, cause the user device to at least: enabling access to the first account for the application based at least in part on an expiration of the first time period. 16. A non-transitory computer-readable medium embodying program instructions executable in a client computing device that, when executed by the client computing device, cause the client computing device to at least: identify a functionality request for an application executed in the client computing device based on detecting an operating system call made by the application on the client computing device, wherein the client computing device has access to a first account and a second account for the application; identify a compliance rule associated with the application for the client computing device, wherein the compliance rule specifies that the client computing device is authorized to access the first account for the application within a first time period on a particular day and the client computing device is authorized to access the second account for the application within a second time period on the particular day; determine that the functionality request for accessing the first account of the application does not comply with the compliance rule based on a time of the functionality request and the first time period; perform at least one remedial action by instructing an operating system to disable access to the first account for the application; and authorize the client computing device to access to the second account for the application based at least in part on the time of the request and the second time period. 17. The non-transitory computer-readable medium of claim 16
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Entity profiles · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
Time limited access, e.g. to a computer or data · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11880477B2 cover?
- Time-based functionality restrictions may be provided. Periodic scans may be performed to identify requests to perform functions on user devices, to determine whether the functions are compliant with compliance rules associated with the user devices that specify time periods during which the user devices are authorized to perform the functions, and to perform remedial actions if the functions a…
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 23 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).