Protection of resources downloaded to portable devices from enterprise systems

摘要

Protection of resources hosted on enterprise systems. In an embodiment, an enterprise system receives a request from a portable device to download a resource, and in response formulates multiple security actions and associated conditions for the requested resource. The enterprise system sends the requested resource, the security actions and the conditions to the portable device. The portable device determines whether each condition is satisfied and performs the security actions associated with the conditions determined to have been satisfied. Due to the ability to send multiple security actions and associated conditions, better control in protection and retention of downloaded resources is obtained.

主权项

1. A method of protecting resources hosted on enterprise systems, said method being performed at least in part by an enterprise system, said method comprising:
maintaining security policies applicable to said resources; receiving a request from a portable device to download a resource of said resources, wherein said resource is a data file for use by an application executing in said portable device; formulating a plurality of security actions and a plurality of conditions applicable for said data file, wherein each security action is associated with a corresponding condition of said plurality of conditions, wherein a first condition specifies a retention duration and an associated first security action indicates a delete action, wherein said formulating comprises:
identifying a set of security policies of said security policies applicable to a combination of two or more of said resources, a user at said portable device, said application accessing said data file and a type of said portable device, wherein each of said set of security policies comprises a general condition; andtranslating each of said general conditions to corresponding specific conditions as applicable to said combination,wherein said specific conditions are included in said plurality of conditions; sending to said portable device, said data file along with said plurality of security actions and said plurality of conditions, including said first security action and said first condition, as a response to said request; determining whether each of said plurality of conditions is satisfied in said portable device, wherein said determining determines at a first time instance that the duration of said data file on said portable device has exceeded said retention duration; and performing on said data file, the security action associated with a condition determined to have been satisfied, wherein said performing performs said delete action by deleting said data file on said portable device after said first time instance, wherein said data file is available on said portable device only for said retention duration, thereby protecting said data file downloaded to said portable device.