Systems and methods for providing controls for application behavior
US-9147066-B1 · Sep 29, 2015 · US
Location and time based mobile app policies
US9727747B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9727747-B1 |
| Application number | US-201314137758-A |
| Country | US |
| Kind code | B1 |
| Filing date | Dec 20, 2013 |
| Priority date | Dec 21, 2012 |
| Publication date | Aug 8, 2017 |
| Grant date | Aug 8, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Location, time, and other contextual mobile application policies are disclosed. Access state information associated with a managed set of applications may be determined based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed set of applications. The access state information may be provided to at least one application included in the managed set of applications, wherein at least one application in the managed set of applications is configured to use the access state information to regulate use of the application in a manner required by the one or more contextual policies.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: determining, at a management agent on a mobile device, access state information associated with a managed subset of two or more applications based at least in part on environmental context data associated with the mobile device and one or more contextual policies associated with the managed subset of applications, the contextual policies determined at a security management platform to be associated with the managed subset of applications; and providing the access state information from the management agent to a library associated with a managed application included in the managed subset of applications, wherein the library associated with the managed application is configured to use the access state information to regulate use of the managed application in a manner required by the one or more contextual policies, wherein the library is configured to use a previously-shared key to decrypt the access state information. 2. The method of claim 1 , further comprising: receiving, at the management agent, the contextual policies associated with the managed subset of applications. 3. The method of claim 1 , wherein the contextual policies are determined based at least in part on mobile device user information in an enterprise directory. 4. The method of claim 1 , wherein the contextual policies comprise one or more of at least one temporal policy, at least one location policy, and at least one connection policy. 5. The method of claim 1 , further comprising: retrieving, by the management agent, the environmental context data associated with the mobile device. 6. The method of claim 5 , wherein the environmental context data is retrieved from one or more of an operating system and an application associated with the mobile device. 7. The method of claim 1 , further comprising: retrieving, by the library associated with the managed application, the access state information associated with the managed subset of applications; and executing at least one access control restriction associated with the managed application based at least in part on the retrieved access state information. 8. The method of claim 7 , wherein: retrieving the access state information comprises retrieving, by the library associated with the managed application, the access state information from a secure application connection bus; and executing the at least one access control restriction includes executing, by the library, the at least one access control restriction associated with the managed application. 9. The method of claim 7 , further comprising: providing an output including an indication that access is restricted. 10. The method of claim 1 , wherein determining the access state information associated with the managed subset of applications includes: determining that the environmental context data does not satisfy at least one of the contextual policies associated with the managed subset of applications; and generating access state information including an access control restriction based at least in part on the determination. 11. The method of claim 10 , wherein the access control restriction includes one or more of a command to block access to the managed subset of applications and a command to restrict access to the managed subset of applications. 12. The method of claim 10 , further comprising: determining that updated environmental context data satisfies at least one of the contextual policies; and generating access state information including a command to allow access to the managed subset of applications. 13. The method of claim 1 , wherein determining the access state information associated with the managed subset of applications includes: determining that the environmental context data satisfies at least one of the contextual policies associated with the managed subset of applications; and generating access state information including a command to allow access to the managed subset of applications. 14. A system, comprising: a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to: determine, at a management agent on a mobile device, access state information associated with a managed subset of two or more applications based at least in part on environmental context data associated with the mobile device and one or more contextual policies associated with the managed subset of applications, the contextual policies determined at a security management platform to be associated with associated with the managed subset of applications; and provide the access state information from the management agent to a library associated with a managed application included in the managed subset of applications, wherein the library associated with the managed application is configured to use the access state information to regulate use of the managed application in a manner required by the one or more contextual policies, wherein the library is configured to use a previously-shared key to decrypt the access state information. 15. The system recited in claim 14 , wherein the memory is further configured to provide the processor with instructions which when executed cause the processor to: retrieve, by the library associated with the managed application, the access state information associated with the managed subset of applications; and execute at least one access control restriction associated with the managed application based at least in part on the retrieved access state information. 16. The system recited in claim 14 , wherein the memory is further configured to provide the processor with instructions which when executed cause the processor to: determine that the environmental context data does not satisfy at least one of the contextual policies associated with the managed subset of applications; and generate access state information including an access control restriction based at least in part on the determination. 17. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for: determining, at a management agent on a mobile device, access state information associated with a managed subset of two or more applications based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed subset of applications, the contextual policies determined at a security management platform to be associated with the managed subset of applications; and providing the access state information from the management agent to a library associated with a managed application included in the managed subset of applications, wherein the library associated with the managed application is configured to use the access state information to regulate use of the managed application in a manner required by the one or more contextual policies, wherein the library is configured to use a previously-shared key to decrypt the access state information. 18. The computer program product recited in claim 17 , further comprising computer instructions for: determining that the environmental context data does not satisfy at least one of the contextual policies associated with the managed subset of applications; and generating access state information including an access control restriction based at least in part on the determination. 19
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Services making use of location information · CPC title
Tools and structures for managing or administering access control systems · CPC title
- G06F21/62Primary
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9727747B1 cover?
- Location, time, and other contextual mobile application policies are disclosed. Access state information associated with a managed set of applications may be determined based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed set of applications. The access state information may be provided to at least o…
- Who is the assignee on this patent?
- Mobile Iron Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/62. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 08 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).