What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Rules based detection and correction of problems on mobile devices of enterprise users

US9286471B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9286471-B2
Application number	US-201213649071-A
Country	US
Kind code	B2
Filing date	Oct 10, 2012
Priority date	Oct 11, 2011
Publication date	Mar 15, 2016
Grant date	Mar 15, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.

First claim

Opening claim text (preview).

What is claimed is: 1. A mobile device comprising: a processor and memory; an enterprise agent installed on the mobile device, the enterprise agent being configured to enable enterprise applications installed on the mobile device to securely access resources of an enterprise system of an enterprise, the enterprise agent being further configured to collect state metric data values of a plurality of state metrics associated with the mobile device; a plurality of rules stored in the memory of the mobile device, each particular rule of the plurality of rules comprising a rule name, a security key, and an encrypted rule body comprising logic of the particular rule, at least some of the plurality of rules mapping states indicated by one or more of the state metric data values to problems indicative of security risks or productivity risks associated with the enterprise, a first problem of the problems comprising detecting downloading of more than a threshold amount of data to the mobile device within a time period, and a second problem of the problems comprising a disablement of password protection for the mobile device; and remedial action data stored in the memory of the mobile device, the remedial action data specifying remedial actions for addressing the problems, each of the remedial actions corresponding to at least one problem of the problems and being included in at least one rule of the plurality of rules for detecting the at least one problem of the problems, a first remedial action of the remedial actions comprising producing a message on a user interface of the mobile device, the message instructing a user of the mobile device to activate the password protection for the mobile device, and a second remedial action of the remedial actions comprising reducing a download throughput to the mobile device for a portion of the time period; wherein the enterprise agent installed on the mobile device is configured to: programmatically detect instances of the problems by using the rules to analyze the state metric data values using a process comprising: determining a rule of the rules to be analyzed based on the rule name of the rule to be analyzed; decrypting the encrypted rule body of the rule to be analyzed using the security key; evaluating the logic of the rule to be analyzed from the decrypted rule body; and detecting an instance of one of the problems based on the state metric data values; determine a remedial action of the remedial actions that corresponds to the one of the problems based on the decrypted rule body; and respond to the detected instance of one of the problems by executing the remedial action of the remedial actions on the mobile device, wherein the enterprise agent installed on the mobile device is further configured to: detect the disablement of the password protection for the mobile device; respond to the detected disablement of the password protection for the mobile device by producing the message on the user interface of the mobile device, the message instructing the user of the mobile device to activate the password protection for the mobile device; and determine whether the user of the mobile device activated the password protection for the mobile device within a threshold time period. 2. The mobile device of claim 1 , wherein the message instructing the user of the mobile device to execute the action on the device comprises instructing the user of the mobile device to uninstall an application from the mobile device. 3. The mobile device of claim 1 , wherein the message instructing the user of the mobile device to execute the action on the device comprises instructing the user of the mobile device to delete data from the mobile device, the data being related to the enterprise, the enterprise agent installed on the mobile device configured to: produce the message on the user interface of the mobile device, the message instructing the user of the mobile device to delete the data from the mobile device; and determine whether the user of the mobile device deleted the data from the mobile device within a threshold time period. 4. The mobile device of claim 1 , wherein the enterprise agent installed on the mobile device is configured to: receive a script configured to enforce the reducing the download throughput to the mobile device for the portion of the time period. 5. The mobile device of claim 1 , wherein a third remedial action of the remedial actions comprises revoking a certificate of the mobile device. 6. The mobile device of claim 1 , wherein the enterprise agent installed on the mobile device is configured to: detect the mobile device connecting to an unauthorized network connection; and respond to the unauthorized network connection by disconnecting from the unauthorized network connection. 7. The mobile device of claim 1 , wherein the enterprise agent installed on the mobile device is configured to: activate or deactivate a feature of the mobile device in response to the detected instance of one of the problems. 8. The mobile device of claim 7 , wherein the feature of the mobile device comprises a network-connection capability of the mobile device; and wherein a third remedial action of the remedial actions corresponds to a second problem of the problems, the second problem defined as the mobile device using the network-connection capability to connect to an unsecured network, and the third remedial action comprises one of: terminating the connection to the unsecured network, and deactivating the network-connection capability. 9. The mobile device of claim 1 , wherein the enterprise agent installed on the mobile device is configured to: selectively delete data related to the enterprise from the mobile device in response to the detected instance of one of the problems. 10. The mobile device of claim 1 , wherein the state metric data values comprise a battery level of the mobile device. 11. The mobile device of claim 1 , wherein the state metric data values comprise a signal strength of a network connection of the mobile device. 12. The mobile device of claim 1 , wherein the mobile device comprises: a plurality of separate rule packages stored in the memory of the mobile device, each rule package of the separate rule packages comprising a rule of the plurality of rules and remedial action data defining one or more remedial actions corresponding to the rule of the plurality of rules. 13. The mobile device of claim 12 , wherein at least one rule package of the plurality of separate rule packages is customized for a user with a specific user role in the enterprise. 14. The mobile device of claim 12 , wherein at least one rule package of the plurality of separate rule packages is customized for a particular device type of the mobile device. 15. The mobile device of claim 1 , wherein the enterprise agent installed on the mobile device is configured to: update the plurality of rules stored in the memory of the mobile device based on a rule update package received from the enterprise system, the rule update package comprising new rules to be added to the plurality of rules and modifications to existing rules of the plurality of rules, the rule update package being optimized by excluding rule information already existing on the mobile device. 16. The mobile device of claim 1 , wherein the enterprise agent is configured to select the executed remedial action based on a past result of executing the remedial action. 17. The mobile device of claim 1 , wherein the enterprise agent is configured to select the executed remed

Assignees

Citrix Systems Inc

Inventors

Classifications

G06F21/62
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
G06F21/6209
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
G06F21/14
against software analysis or reverse engineering, e.g. by obfuscation · CPC title

Patent family

Related publications grouped by family.

View patent family 49779221

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9286471B2 cover?: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal application…
Who is the assignee on this patent?: Citrix Systems Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).