Providing secure mobile device access to enterprise resources using application tunnels

摘要

A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.

主权项

1. A non-transitory computer-readable medium having stored thereon an agent component that is configured to be installed on a mobile device of a user to provide secure access over a network to an enterprise resource of an enterprise system, the agent component comprising executable code that implements a process that comprises:
intercepting, by the agent component installed on the mobile device, a hypertext transfer protocol (HTTP) request generated by an application installed on the mobile device; modifying the HTTP request by replacing a hostname of the HTTP request with a hostname of the enterprise resource; encapsulating, by the agent component installed on the mobile device, a representation of the modified HTTP request according to a tunneling protocol; and sending, by the agent component installed on the mobile device, the encapsulated representation of the HTTP request from the mobile device over a network to a tunnel mediator that is configured to extract and forward the representation of the HTTP request to a corresponding enterprise resource, wherein the agent component is configured to send the encapsulated representation of the HTTP request using a tunnel definition that is specific to the application installed on the mobile device.