Policy-based development and runtime control of mobile applications

摘要

A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies.

主权项

1. A method of policy-based development and runtime control of mobile applications that comprises:
a processor of a computer system receiving a request to launch an enhanced application, wherein the enhanced application comprises an application policy descriptor, wherein the application policy descriptor describes a global policy and an API policy; the processor requesting a latest valid policy descriptor from an enterprise server, wherein the latest valid policy descriptor identifies a latest valid global policy and a latest valid API policy; the processor determining whether the latest valid policy descriptor is identical to the application policy descriptor; the processor confirming, as a function of the determining, that the latest valid policy descriptor does not match the application policy descriptor; the processor modifying the application policy descriptor to match the latest valid policy descriptor, wherein the modifying comprises replacing the application policy descriptor with an updated application policy descriptor that identifies the latest valid global policy and the latest valid API policy, wherein the latest valid global policy identifies whether the enhanced application is allowed to launch when a predefined set of conditions exist, wherein the latest valid API policy identifies a security-related function that is performed by the enhanced application whenever the enhanced application is run, and wherein the latest valid API policy is implemented by code embedded into the enhanced application the processor concluding that the latest valid global policy permits the enhanced application to launch; the processor launching the enhanced application; the processor enforcing the API policy by running code embedded into the enhanced application.