| 主权项 |
1. A method for deploying applications to endpoint devices, the method comprising:
obtaining an application for an endpoint device, said endpoint device having a particular user and said application including application logic, wherein the application has embedded therein a device-binding token and the endpoint device includes a device ID; launching the application, wherein the application has embedded therein a user-binding token and has an application ID, and wherein the application holds cryptographic keys for enabling decryption of encrypted data on the endpoint device; during the launching of the application, connecting the application to a gateway, determining whether the application is bound to the endpoint device, and halting the launch of the application if the application is not bound to the endpoint device, wherein the step of determining whether an application is bound to an endpoint device is performed by obtaining the device ID of the endpoint device and comparing the device-binding token to the device ID to determine if the device-binding token matches the device ID; determining the authenticity of the user; determining whether the application is bound to the user, wherein determining whether the application is bound to the user comprises:
obtaining the user-binding token;comparing the user-binding token to the application ID to determine if the user-binding token matches the application ID; andwhen the user-binding token does not match the application ID, disconnecting the application from the gateway and erasing cryptographic keys held by the application prior to disconnecting the application from the gateway to cause encrypted data on the endpoint device to be unreadable; and invoking the application logic on the endpoint device if the application is bound to the user and to the device and the user is authenticated. |
