What technology area does this patent fall under?

Primary CPC classification H04L63/205. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 01 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Policy-based secure containers for multiple enterprise applications

US9276963B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9276963-B2
Application number	US-201213729586-A
Country	US
Kind code	B2
Filing date	Dec 28, 2012
Priority date	Dec 28, 2012
Publication date	Mar 1, 2016
Grant date	Mar 1, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

First claim

Opening claim text (preview).

The invention claimed is: 1. A client computing device for applying enterprise policies to applications comprising: trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and security management circuitry to: send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data; receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application; determine whether a secure container exists on the client computing device for the security policy; construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; and add the enterprise application to the secure container; wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device. 2. The client computing device of claim 1 , wherein the security management circuitry is further to receive the enterprise application from the enterprise policy server. 3. The client computing device of claim 1 , wherein the security policy comprises a security policy to: allow the enterprise application to securely communicate with other enterprise applications in the secure container; and prevent the enterprise application from communicating with applications not in the secure container. 4. The client computing device of claim 1 , wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application. 5. The client computing device of claim 4 , wherein the security policy comprises a security policy to require the user to authenticate for the secure container without requiring the user to authenticate for the enterprise application of the secure container. 6. The client computing device of claim 1 , wherein the security policy comprises a security policy to: (i) encrypt data accessed or stored by the enterprise application or (ii) remove data created by the enterprise application when the enterprise application terminates. 7. The client computing device of claim 1 , wherein the security policy comprises a security policy to log activities of the enterprise application. 8. One or more non-transitory, machine readable storage media comprising a plurality of instructions that in response to being executed result in a client computing device: sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; sending a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. 9. The non-transitory, machine-readable media of claim 8 , further comprising a plurality of instructions that in response to being executed result in the client computing device receiving the enterprise application from the enterprise policy server. 10. The non-transitory, machine-readable media of claim 8 , wherein enforcing the security policy comprises: allowing the enterprise application to securely communicate with other enterprise applications in the secure container; and preventing the enterprise application from communicating with applications not in the secure container. 11. The non-transitory, machine-readable media of claim 8 , wherein enforcing the security policy comprises requiring a user of the client computing device to authenticate prior to execution of the enterprise application. 12. The non-transitory, machine-readable media of claim 11 , wherein requiring the user to authenticate comprises requiring the user to authenticate for the secure container without requiring the user to authenticate for the enterprise application of the secure container. 13. The non-transitory, machine-readable media of claim 8 , wherein enforcing the security policy comprises one of: (i) encrypting data accessed or stored by the enterprise application or (ii) removing data created by the enterprise application when the enterprise application terminates. 14. The non-transitory, machine-readable media of claim 8 , wherein enforcing the security policy comprises logging activities of the enterprise application. 15. A method to apply enterprise policies to applications on a client computing device, the method comprising: sending device attribute information that identifies attributes of the client computing device from the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; sending, from the client computing device, a request for access to an enterprise application to the enterprise policy server, wherein the enterprise application is to access enterprise data; receiving, on the client computing device, a security policy for the enterprise application based on the device attribute information in response to sending the request for access to the enterprise application; determining, on the client computing device, whether a secure container exists for the security policy; constructing, on the client computing device, the secure container for the security policy in response to determining the secure container does not exist; adding, on the client computing device, the enterprise application to the secure container; executing, on the client computing device, the enterprise application; and enforcing, on the client computing device, the security policy while the enterprise application is executed on the client computing device. 16. The method of claim 15 , wherein enforcing the security policy comprises: allowing the enterprise application to securely communicate with other enterprise applications in the secure container; and preventing the enterprise application from communicating with applications not in the secure container. 17. The method of claim 15 , wherein enforcing the security policy comprises requiring a user of the client computing device to authenticate prior t

Assignees

Intel Corp

Inventors

Classifications

H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
H04L63/105
Multiple levels of security · CPC title
H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title

Patent family

Related publications grouped by family.

View patent family 51018946

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9276963B2 cover?: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attr…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 01 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).