Providing web service for new user account after installation of application on mobile device
US-2015087270-A1 · Mar 26, 2015 · US
Modifying pre-existing mobile applications to implement enterprise security policies
US9143529B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9143529-B2 |
| Application number | US-201213649022-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 10, 2012 |
| Priority date | Oct 11, 2011 |
| Publication date | Sep 22, 2015 |
| Grant date | Sep 22, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: disassembling, by a computing device, executable code of a mobile application associated with an enterprise into disassembled code; analyzing, by the computing device, the disassembled code; modifying, by the computing device, the disassembled code to add new code that causes the mobile application to: detect that the mobile application is being used within a pre-defined time window; detect a request by the mobile application to access a site not associated with the enterprise; and add one or more headers to the request that cause the request to be sent via an application tunnel to a content-filtering device configured to: determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window; strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access; and after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise; obfuscating at least a portion of the new code to inhibit reverse engineering of the new code; and rebuilding the mobile application using the modified disassembled code. 2. The method of claim 1 , wherein modifying the disassembled code comprises adding functionality that causes the mobile application to use an encryption library to encrypt data stored on a mobile device. 3. The method of claim 1 , further comprising replacing a reference in the mobile application to a general launcher of an operating system of a mobile device with a reference to a secure launcher application installed on the mobile device, to thereby cause the mobile application to use the secure launcher application instead of the general launcher of the operating system of the mobile device, wherein the secure launcher application implements at least one enterprise security policy of the enterprise. 4. The method of claim 1 , further comprising modifying a reference in the mobile application to cause the mobile application to run in a secure virtual machine that is separate from an operating system virtual machine. 5. The method of claim 1 , comprising: signing the rebuilt mobile application using a digital certificate. 6. Non-transitory computer-readable media storing computer-readable instructions that, when executed by a processor, cause a device to: disassemble executable code of a mobile application associated with an enterprise into disassembled code; analyze the disassembled code; modify the disassembled code to add new code that causes the mobile application to: detect that the mobile application is being used within a pre-defined time window; detect a request by the mobile application to access a site not associated with the enterprise; and add one or more headers to the request that cause the request to be sent via an application tunnel to a content-filtering device configured to: determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window; strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access; and after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise; obfuscate at least a portion of the new code to inhibit reverse engineering of the new code; and rebuild the mobile application using the modified disassembled code. 7. The non-transitory computer-readable media of claim 6 , wherein modifying the disassembled code comprises adding functionality that causes the mobile application to use an encryption library to encrypt data stored on a mobile device. 8. The non-transitory computer-readable media of claim 6 , wherein modifying the disassembled code to add the new code comprises adding functionality that causes a prompt for entry of a passcode to be displayed when the mobile application is launched. 9. The non-transitory computer-readable media of claim 6 , wherein modifying the disassembled code comprises disabling cut-and-paste functionality. 10. The non-transitory computer-readable media of claim 6 , wherein modifying the disassembled code comprises adding code that enables the enterprise to remotely initiate deletion of data associated with the mobile application from a mobile device. 11. The non-transitory computer-readable media of claim 6 , wherein the computer-readable instructions, when executed by the processor, further cause the device to replace a reference in the mobile application to a general launcher of an operating system of a mobile device with a reference to a secure launcher application installed on the mobile device, to thereby cause the mobile application to use the secure launcher application instead of the general launcher of the operating system of the mobile device, wherein the secure launcher application implements at least one enterprise security policy of the enterprise. 12. The non-transitory computer-readable media of claim 6 , wherein the computer-readable instructions, when executed by the processor, further cause the device to modify a reference in the mobile application to cause the mobile application to run in a secure virtual machine that is separate from an operating system virtual machine. 13. The non-transitory computer-readable media of claim 6 , wherein analyzing the disassembled code comprises checking for behaviors by the mobile application that represent potential security risks to the enterprise. 14. The non-transitory computer-readable media of claim 13 , wherein checking for behaviors that represent potential security risks comprises: generating a hash of at least a portion of the mobile application; comparing the hash to a library of hashes that are associated with known malware; and terminating the modifying of the disassembled code in response to finding a match between the hash and the library of hashes. 15. The non-transitory computer-readable media of claim 13 , wherein checking for behaviors that represent potential security risks comprises: inspecting one or more application programming interface calls by the mobile application for suspicious activity; generating a risk score based on the suspicious activity; and terminating the modifying of the disassembled code in response to the risk score being greater than a threshold. 16. The non-transitory computer-readable media of claim 15 , wherein checking for behaviors that represent potential security risks further comprises: generating a report of the suspicious activity; and prompting an administrator to indicate whether the modifying of the disassembled code should proceed. 17. The non-transitory computer-readable media of claim 6 , wherein the computer-readable instructions, when executed by the processor, further cause the device to generate a score representing a level of risk associated with the mobile application, the score being based at least partly on the analyzing of the disassembled code. 18. The non-transitory computer-readable media of claim 6 , storing computer-readable instructions that, when executed by the processor, cause the device to: determine an identifier of the mobile application; and select a dedicated application tunnel that is exclusively dedicated for use by the mobile application, wherein the request to be sent via the application tunnel to the content-filtering device is sent via the dedicated application tunnel that is exclu
Assignees
Inventors
Classifications
Multiple levels of security · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
against software analysis or reverse engineering, e.g. by obfuscation · CPC title
Authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9143529B2 cover?
- A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal application…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 22 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).