US20140164437A1 - Selective management of mobile device data in an enterprise environment - Google Patents
Selective management of mobile device data in an enterprise environment Download PDFInfo
- Publication number
- US20140164437A1 US20140164437A1 US14/179,309 US201414179309A US2014164437A1 US 20140164437 A1 US20140164437 A1 US 20140164437A1 US 201414179309 A US201414179309 A US 201414179309A US 2014164437 A1 US2014164437 A1 US 2014164437A1
- Authority
- US
- United States
- Prior art keywords
- data
- mobile device
- logging
- device management
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
- G06F16/24573—Query processing with adaptation to user needs using data annotations, e.g. user-defined metadata
Definitions
- This disclosure relates generally to mobile devices and management systems.
- business enterprises e.g., companies, corporations, etc.
- mobile devices In a manner similar to personal computers and laptops, business enterprises (e.g., companies, corporations, etc.) increasingly rely on mobile and handheld devices. Indeed, the capabilities and uses of mobile devices have moved beyond voice communications and personal information management applications to a variety of communications- and business-related functions including email, browsing, instant messaging, enterprise applications, and video applications. For example, the functionality of many mobile devices have been extended to include cellular and wireless local area network (WLAN) communications interfaces, as well as virtual private network (VPN) and other client applications. Furthermore, mobile devices used in enterprises may also include enterprise applications used by employees in the field or otherwise.
- WLAN wireless local area network
- VPN virtual private network
- FIG. 1 illustrates an example mobile device management architecture according to an embodiment of the present disclosure.
- FIG. 2 is a schematic diagram illustrating an example server system architecture.
- FIG. 3 is a schematic diagram illustrating an example mobile device system architecture.
- FIGS. 4A-4C illustrate example user interfaces for designating one or more group designations.
- FIGS. 5A and 5B illustrate example user interfaces for selecting data logging policies for one or more mobile devices.
- FIG. 6 shows a flowchart illustrating an example process for collecting and receiving call data from a mobile device.
- FIGS. 7A and 7B illustrate example user interfaces for selectively erasing data from one or more mobile devices.
- Particular embodiments of the present disclosure provide methods, apparatuses and systems directed to facilitating and managing the use of mobile devices in an enterprise environment without sacrificing user experience or enterprise security.
- a mobile device management application hosted on a device management server selectively logs data received from the mobile device.
- the logged data may include particular files (e.g., documents, spreadsheets, pdfs, pictures, etc.) stored in the mobile device as well particular application usage data in the form of, by way of example, activity data (e.g., data regarding calls, messages, and email), content data (e.g., the text within the message or email body), and/or context data (e.g., timestamps and location data, etc.), as will be described in more detail below.
- the mobile device management application maintains a device object for each mobile device at a device management database connected with or residing at the device management server.
- the device management application maintains a virtual instance of each mobile device that may completely emulate the corresponding physical instance of the mobile device as described in copending patent application Ser. No. 12/181,124 (Attorney Docket No. 079198.0104) filed 28 Jul. 2008 and copending patent application Ser. No. 12/421,517 (Attorney Docket No. 079198.0107) filed 9 Apr. 2009, both of which are hereby incorporated by reference herein. Even in embodiments in which a virtual instance is not maintained, various embodiments may still include systems, devices, components, and functionality similar to those described in these copending applications.
- each mobile device includes a control client application (hereinafter referred to as “control client”) that is configured to interact with the device management application via the device management server and a network link. More particularly, the control client application is configured to receive data, commands, and other messages from the device management server via a network link, to synchronize the state of the mobile device with the corresponding device object stored at the device management database, and to selectively track and upload data over the network link to the device management server and database, as will be described in detail below.
- the control client logs man-machine interface (MMI) data, file system commands, and other data characterizing usage of, and/or the actions performed on, the mobile device. Some or all of the log data is provided to the device management application hosted on the device management server, which can synchronize the device object stored at the database with that of the mobile device, and vice versa.
- MMI man-machine interface
- the device management application may provide an administrator a detailed snapshot of the state of the mobile device, and facilitate device management operations, as described below.
- various embodiments enable selective erasing, tagging, copying, moving, modifying, viewing, and/or other selective action on or of particular data stored in a particular registered mobile device or designated group of mobile devices via the device management server.
- FIG. 1 illustrates a block diagram of a computer network environment 100 in accordance with an example embodiment.
- Computer network environment 100 includes a device management system 102 and a plurality of mobile devices 104 that may each communicate with device management system 102 via one or more network links 106 .
- device management system 102 may actually comprise one or more device management servers and device management databases, one or more of which may or may not be physically located within the physical boundaries of the enterprise.
- Network link(s) 106 may include any suitable number or arrangement of interconnected networks including both wired and wireless networks.
- a wireless communication network link over which mobile devices 104 communicate may utilize a cellular-based communication infrastructure that includes cellular-based communication protocols such as AMPS, CDMA, TDMA, GSM (Global System for Mobile communications), iDEN, GPRS, EDGE (Enhanced Data rates for GSM Evolution), UMTS (Universal Mobile Telecommunications System), WCDMA and their variants, among others.
- network link 106 may further include, or alternately include, a variety of communication channels and networks such as WLAN/WiFi, WiMAX, Wide Area Networks (WANs), and BlueTooth.
- device management system 102 may be operably connected with (or included within) an enterprise network 110 (which may include or be a part of network link(s) 106 ).
- Enterprise network 110 may further include one or more of email or exchange servers 112 , enterprise application servers 114 , authentication (AAA) servers 116 , directory servers 118 , Virtual Private Network (VPN) gateways, firewalls, among other servers and components.
- the mobile devices 104 may access or utilize one or more of these enterprise systems or associated functionality.
- Management system 102 may actually include one or more hardware, firmware, and software components residing at one or more computer servers or systems (hereinafter referred to as computer systems).
- Software components of device management system 102 may be at one or more of the same computer systems.
- FIG. 2 illustrates an example computer system 200 .
- Device management system 102 may include software components at one or more computer systems, which may be similar to example computer system 200 .
- Particular embodiments may implement various functions of device management system 102 as hardware, software, or a combination of hardware and software.
- one or more computer systems may execute particular logic or software to perform one or more steps of one or more processes described or illustrated with respect to device management system 102 .
- One or more of the computer systems may be unitary or distributed, spanning multiple computer systems or multiple datacenters, where appropriate.
- the present disclosure contemplates any suitable computer system.
- reference to logic may encompass software, and vice versa, where appropriate.
- Reference to software may encompass one or more computer programs, and vice versa, where appropriate.
- Reference to software may encompass data, instructions, or both, and vice versa, where appropriate.
- reference to data may encompass instructions, and vice versa, where appropriate.
- One or more tangible computer-readable media may store or otherwise embody software implementing particular embodiments.
- a tangible computer-readable medium may be any tangible medium capable of carrying, communicating, containing, holding, maintaining, propagating, retaining, storing, transmitting, transporting, or otherwise embodying software, where appropriate.
- a tangible computer-readable medium may be a biological, chemical, electronic, electromagnetic, infrared, magnetic, optical, quantum, or other suitable medium or a combination of two or more such media, where appropriate.
- a tangible computer-readable medium may include one or more nanometer-scale components or otherwise embody nanometer-scale design or fabrication.
- Example tangible computer-readable media include, but are not limited to, application-specific integrated circuits (ASICs), compact discs (CDs), field-programmable gate arrays (FPGAs), floppy disks, floptical disks, hard disks, holographic storage devices, magnetic tape, caches, programmable logic devices (PLDs), random-access memory (RAM) devices, read-only memory (ROM) devices, semiconductor memory devices, and other suitable computer-readable media.
- ASICs application-specific integrated circuits
- CDs compact discs
- FPGAs field-programmable gate arrays
- FPGAs field-programmable gate arrays
- floppy disks floppy disks
- floptical disks hard disks
- holographic storage devices magnetic tape
- caches caches
- PLDs programmable logic devices
- RAM random-access memory
- ROM read-only memory
- semiconductor memory devices semiconductor memory devices
- Software implementing particular embodiments may be written in any suitable programming language (which may be procedural or object oriented) or combination of programming languages, where appropriate. Any suitable type of computer system (such as a single- or multiple-processor computer system) or systems may execute software implementing particular embodiments, where appropriate. A general-purpose or specific-purpose computer system may execute software implementing particular embodiments, where appropriate.
- Computer system 200 may have any suitable physical form, including but not limited to one or more integrated circuits (ICs), printed circuit boards (PCBs), mobile handheld devices (such as mobile telephones or PDAs), laptop or notebook computers, distributed computer systems, computing grids, or servers.
- Computer system 200 may include a display 232 , one or more input devices 233 (which may, for example, include a keypad, a keyboard, a mouse, a stylus, etc.), one or more output devices 234 , one or more storage devices 235 , and various tangible storage media 236 .
- Bus 240 connects a wide variety of subsystems.
- reference to a bus may encompass one or more digital signal lines serving a common function, where appropriate.
- Bus 240 may be any of several types of bus structures including a memory bus, a peripheral bus, or a local bus using any of a variety of bus architectures.
- bus architectures include an Industry Standard Architecture (ISA) bus, an Enhanced ISA (EISA) bus, a Micro Channel Architecture (MCA) bus, a Video Electronics Standards Association local bus (VLB), a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, and an Accelerated Graphics Port (AGP) bus.
- ISA Industry Standard Architecture
- EISA Enhanced ISA
- MCA Micro Channel Architecture
- VLB Video Electronics Standards Association local bus
- PCI Peripheral Component Interconnect
- PCI-X PCI-Express
- AGP Accelerated Graphics Port
- Processor(s) 201 (or central processing unit(s) (CPU(s))) optionally contains a cache memory unit 202 for temporary local storage of instructions, data, or computer addresses.
- Processor(s) 201 are coupled to tangible storage devices including memory 203 .
- Memory 203 may include random access memory (RAM) 204 and read-only memory (ROM) 205 .
- ROM 205 may act to communicate data and instructions unidirectionally to processor(s) 201
- RAM 704 may act to communicate data and instructions bidirectionally with processor(s) 201 .
- ROM 205 and RAM 204 may include any suitable tangible computer-readable media described below.
- Fixed storage 208 is connected bidirectionally to processor(s) 201 , optionally through storage control unit 207 .
- Fixed storage 208 provides additional data storage capacity and may also include any suitable tangible computer-readable media described. Storage 208 may be used to store operating system 209 , EXECs 210 , data 211 , application programs 212 , and the like. Typically, storage 208 is a secondary storage medium (such as a hard disk) that is slower than primary storage. Information in storage 208 may, in appropriate cases, be incorporated as virtual memory in memory 203 .
- Processor(s) 201 is connected to multiple interfaces, such as graphics control 221 , video interface 222 , input interface 223 , output interface 224 , storage interface 225 , and storage medium interface 226 . These interfaces are in turn connected to appropriate devices, as may be illustrated.
- an input/output (I/O) device may be a video display, a track ball, a mouse, a keyboard, a microphone, a touch-sensitive display, a transducer card reader, a magnetic- or paper-tape reader, a tablet, a stylus, a voice or handwriting recognizer, a biometrics reader, another computer system, or other suitable I/O device or a combination of two or more such I/O devices.
- Processor(s) 201 may connect to another computer system or to telecommunications network 230 (which may include network link 106 or enterprise network 110 ) through network interface 220 . With network interface 220 , CPU 201 may communicate with network 230 in the course of performing one or more steps of one or more processes described or illustrated herein, according to particular needs. Moreover, one or more steps of one or more processes described or illustrated herein may execute solely at CPU 201 . In addition or as an alternative, one or more steps of one or more processes described or illustrated herein may execute at multiple CPUs 201 that are remote from each other across network 230 .
- computer system 200 when computer system 200 is connected to network 230 , computer system 200 may communicate with other devices, specifically mobile devices 104 and enterprise systems, connected to network 230 . Communications to and from computer system 200 may be sent through network interface 220 .
- network interface 220 may receive incoming communications (such as requests or responses from other devices) in the form of one or more packets (such as Internet Protocol (IP) packets) from network 230 and computer system 200 may store the incoming communications in memory 203 for processing.
- IP Internet Protocol
- Computer system 200 may similarly store outgoing communications (such as requests or responses to other devices) in the form of one or more packets in memory 203 and communicated to network 230 from network interface 220 .
- Processor(s) 201 may access these communication packets stored in memory 203 for processing.
- Computer system 200 may provide functionality as a result of processor(s) 201 executing software embodied in one or more tangible computer-readable storage media, such as memory 203 , storage 208 , storage devices 235 , and/or storage medium 236 .
- the computer-readable media may store software that implements particular embodiments, and processor(s) 201 may execute the software.
- Memory 203 may read the software from one or more other computer-readable media (such as mass storage device(s) 235 , 236 ) or from one or more other sources through a suitable interface, such as network interface 220 .
- the software may cause processor(s) 201 to carry out one or more processes or one or more steps of one or more processes described or illustrated herein.
- Carrying out such processes or steps may include defining data structures stored in memory 203 and modifying the data structures as directed by the software.
- computer system 200 may provide functionality as a result of logic hardwired or otherwise embodied in a circuit, which may operate in place of or together with software to execute one or more processes or one or more steps of one or more processes described or illustrated herein.
- reference to software may encompass logic, and vice versa, where appropriate.
- reference to a computer-readable medium may encompass a circuit (such as an IC) storing software for execution, a circuit embodying logic for execution, or both, where appropriate.
- the present disclosure encompasses any suitable combination of hardware, software, or both.
- a mobile device 104 is a wireless phone such as a mobile or cellular phone.
- mobile device 104 may be a smartphone (e.g., the iPhone or iPhone 3G manufactured by Apple Inc. of Cupertino, Calif., the BlackBerry manufactured by Research in Motion (RIM), the G1 based on the Android operating system, or Samsung BlackJack based on the Windows Mobile operating system), feature phone, basic cellular phone, personal digital assistant, or other multimedia device.
- mobile device 104 may be affiliated with and supported by any suitable carrier or network service provider such as, by way of example, Sprint PCS, T-Mobile, Verizon, AT&T, or other suitable carrier.
- various different employees of the same enterprise may have different billing plans.
- most employees will have corporate liable mobile device (e.g., phone) plans. These plans are billed to the enterprise by the service provider. However, some employees may wish to use their own personal phones for enterprise related calls, text, data transmission and other enterprise usage. Such plans are known as individual liable plans. Such plans are billed to the individual employee by the corresponding employee's service provider (which may be different from the service provider supporting the enterprise's corporate liable mobile devices). Generally, the employee pays the bill and then submits an expense report (e.g., monthly) to the enterprise seeking reimbursement for the employee's enterprise related mobile activities.
- an expense report e.g., monthly
- FIG. 3 shows a schematic representation of the main components of an example mobile device 104 , according to various particular embodiments, which is adapted for use in connection with a GSM network or any other mobile telephone network as described above, and which may also be configured to meet the wireless application protocol specification (WAP).
- Mobile device 104 generally includes a controller 304 which may comprise a microcontroller or one or more processors configured to execute instructions and to carry out operations associated with mobile device 104 .
- controller 304 may be implemented as a single-chip, multiple chips and/or other electrical components including one or more integrated circuits and printed circuit boards.
- Controller 304 may optionally contain a cache memory unit for temporary local storage of instructions, data, or computer addresses. By way of example, using instructions retrieved from memory, controller 304 may control the reception and manipulation of input and output data between components of mobile device 104 .
- Controller 304 together with a suitable operating system may operate to execute instructions in the form of computer code and produce and use data.
- the operating system may be Windows-based, Mac-based, or Unix or Linux-based, or Symbian-based, among other suitable operating systems.
- the operating system, other computer code (including control client 308 described below) and/or data may be physically stored within a memory block 306 that is operatively coupled to controller 304 .
- Memory block 306 encompasses one or more storage mediums and generally provides a place to store computer code (e.g., software and/or firmware) and data that are used by mobile device 104 .
- memory block 306 may include various tangible computer-readable storage media including Read-Only Memory (ROM) and/or Random-Access Memory (RAM).
- ROM Read-Only Memory
- RAM Random-Access Memory
- ROM acts to transfer data and instructions unidirectionally to controller 304
- RAM is used typically to transfer data and instructions in a bi-directional manner.
- Memory block 306 may also include one or more fixed storage devices in the form of, by way of example, solid-state hard disk drives (HDDs), among other suitable forms of memory coupled bi-directionally to controller 304 .
- HDDs solid-state hard disk drives
- mobile device 104 may also include a subscriber identification module (SIM) card 328 and a SIM card reader 330 .
- SIM subscriber identification module
- Controller 304 is also generally coupled to a variety of interfaces such as graphics control, video interface, input interface, output interface, and storage interface, and these interfaces in turn are coupled to the appropriate devices. Controller 304 is also coupled to a network interface 305 that allows mobile device 104 , and particularly controller 304 , to be coupled to another computer (e.g., device management system 102 ) or telecommunications network (e.g., network link 106 or enterprise network 110 ). More particularly, network interface 305 generally allows controller 304 to receive information from network link 106 , or might output information to the network link in the course of performing various method steps described below. Communications may be sent to and from mobile device 104 via network interface 305 .
- a network interface 305 that allows mobile device 104 , and particularly controller 304 , to be coupled to another computer (e.g., device management system 102 ) or telecommunications network (e.g., network link 106 or enterprise network 110 ). More particularly, network interface 305 generally allows controller 304 to receive information from network
- incoming communications such as a request or a response from another device (e.g., device management system 102 ), in the form of one or more packets, may be received from network link 106 at network interface 305 and stored in selected sections in memory block 306 for processing.
- Outgoing communications such as a request or a response to another device (e.g., device management system 102 ), again in the form of one or more packets, may also be stored in selected sections in memory 306 and sent out to network link 106 at network interface 305 .
- Controller 304 may access these communication packets stored in memory 306 for processing.
- Electric signals may be produced by microphone 310 and fed to earpiece 312 .
- Controller 304 may receive instruction signals from keypad 314 (which may include soft keys) and control the operation of display 316 (In alternate embodiments, keypad 314 may be implemented as a virtual keypad displayed on display 316 ).
- display 316 may incorporate liquid crystal display (LCD), light emitting diode (LED), Interferometric modulator display (IMOD), or any other suitable display technology.
- Radio signals may be transmitted and received by means of an antenna 318 that may be connected through a radio interface 320 to codec 322 configured to process signals under control of controller 304 .
- codec 322 may receive signals (e.g., analog) from microphone 310 , digitize them into a form suitable for transmission, and feed them to radio interface 320 for transmission through antenna 318 to, for example, a public land mobile network (PLMN). Similarly, received signals may be fed to codec 322 so as to produce signals (e.g., analog) which may be fed to ear piece 312 .
- Mobile device 104 also generally includes a ringer (e.g., speaker) 324 and may also include light emitting diodes (LEDs) 326 .
- a ringer e.g., speaker
- LEDs light emitting diodes
- mobile device 104 may be a dual mode phone having a wireless local area network (WLAN) interface, Worldwide Interoperability for Microwave Access (WiMAX) interface, and/or other wireless or physical interfaces (such as BlueTooth® and USB). Additionally, mobile device 104 may be powered by a removable battery pack 332 .
- WLAN wireless local area network
- WiMAX Worldwide Interoperability for Microwave Access
- WiMAX Worldwide Interoperability for Microwave Access
- mobile device 104 may be powered by a removable battery pack 332 .
- Mobile device 104 may also include one or more user input devices 334 (other than keypad 314 ) that are operatively coupled to the controller 304 .
- input devices 334 are configured to transfer data, commands and responses from the outside world into mobile device 108 .
- mobile device may include a joystick or directional pad.
- Input devices 334 may also include one or more hard buttons.
- Display device 316 is generally configured to display a graphical user interface (GUI) that provides an easy to use visual interface between a user of the mobile device 104 and the operating system or application(s) running on the mobile device.
- GUI graphical user interface
- the GUI presents programs, files and operational options with graphical images.
- the user may select and activate various graphical images displayed on the display 316 in order to initiate functions and tasks associated therewith.
- each mobile device 104 includes a control client 308 that is configured to interact with the device management system 102 via network link 106 .
- Control client 308 may generally be implemented as one or more software programs or applications stored in, by way of example, memory 306 .
- Control client 308 is configured to receive data, commands, and other messages from the device management system 102 via network link 106 , to synchronize the state of the mobile device 104 with a corresponding device object stored at a device management database, and to selectively track and upload data over the network link to the device management system for logging by the device management system, as will be described in detail below.
- the logged data may include particular files (e.g., documents, spreadsheets, pdfs, pictures, etc.) stored in the mobile device as well particular application usage data in the form of, by way of example, activity data (e.g., data regarding calls, messages, and email), content data (e.g., the text within the message or email body), and/or context data (e.g., timestamps and location data, etc.), as will be described in more detail below.
- the control client logs man-machine interface (MMI) data, file system commands, and other data characterizing usage of, and/or the actions performed on, the mobile device.
- MMI man-machine interface
- the device management system 102 may provide an administrator a detailed snapshot of the state of each mobile device 104 , and facilitate device management operations, as described below.
- various embodiments enable selective erasing, tagging, copying, moving, modifying, viewing, and/or other selective action on or of particular data stored in a particular registered mobile device or designated group of mobile devices via the device management server.
- device management system 102 is configured to selectively log data from each of the mobile devices 104 of an enterprise. More particularly, mobile device 104 may be configured to selectively track and/or log data and to upload this data to device management system 102 which, in turn, selectively logs or stores the data.
- each mobile device 104 is first registered with the device management system 102 by creating and storing a device object for the mobile device within the device management system 102 .
- an employee desiring to use a personally owned mobile device 104 may indicate to management that he or she desires to use the personally owned mobile device 104 with enterprise related services (e.g., email or access to an enterprise database) and needs enterprise access.
- enterprise related services e.g., email or access to an enterprise database
- an employee receiving a mobile device 104 under a corporate liable plan may receive an enterprise owned mobile device 104 upon commencing employment or receiving a mobile device upgrade, by way of example.
- registering a mobile device 104 with the device management system 102 includes creating and storing a device object in a database within or connected with device management system 102 .
- the device object may be implemented as part of a data structure corresponding to the particular mobile device 104 .
- a particular device object may include a device identifier that uniquely identifies the corresponding mobile device.
- device management system 102 designates one or more group designations for the particular mobile device 104 .
- device management system may present a user interface to an IT manager or administrator enabling the manager to enter designation information for each of a plurality of mobile devices.
- Device management system 102 then designates the one or more group designations with the mobile device by storing or otherwise associating the group designations with the device object within the database.
- FIGS. 4A-4C illustrate example user interfaces for designating one or more group designations (also referred to herein as labels) for one or more mobile devices 104 of an enterprise.
- an IT manager may utilize active window 402 to designate the particular mobile device 104 as being either personally owned or enterprise (company) owned as illustrated in FIG.
- the IT manager may designate the mobile device 104 as being registered with an employee of a particular enterprise department (e.g., sales, marketing, research and development, management, human resources, accounting, etc.).
- the IT manager may designate the mobile device 104 as being registered with an employee of a particular class (e.g., management, staff, intern, new hire, etc.).
- a mobile device 104 may be designated based on the type (e.g., smartphone versus non-smartphone) or manufacturer (e.g., blackberry, apple) of the mobile device 104 , as shown in FIGS. 4B and 4C .
- some or all of the group designations may be designated and stored automatically by device management system 102 based on mined information already stored in the database or other location.
- Device management system 102 determines one or more data logging policies for each mobile device based on the group designations associated with each particular mobile device.
- an enterprise manager or administrator may dictate particular policies and enter these policies via active window 404 into device management system 102 as shown in FIGS. 5A and 5B (e.g., see active windows 504 and 506 , respectively).
- device management system may then, using the policies entered by the manager, automatically determine data logging policies for the mobile device 104 .
- the data logging policies govern which data is logged (e.g., tracked and/or uploaded) from a particular mobile device to device management system 102 .
- a particular device object may be associated with one or more data logging policies stored within the database.
- Device management system 102 selectively logs (e.g., tracks and/or stores) data from the mobile devices 104 of the enterprise based on the data logging policies associated with each particular mobile device.
- the database within or connected with device management system 102 stores resources associated with the mobile devices 104 .
- each resource may store a particular file, or generally a data structure, as well as corresponding metadata.
- Each mobile device 104 also stores (e.g., within memory 306 ) a number of resources each storing a file or data structure and corresponding metadata.
- control client 308 determines that a particular file or other data structure (hereinafter referred to as “file”) has been newly stored, updated, or otherwise modified within mobile device 104 , control client 308 creates a hash for the particular file and causes mobile device 104 to transmit the hash to device management system 102 .
- file a particular file or other data structure
- device management system 102 Upon receipt of the hash, device management system 102 determines if the particular file corresponding to the hash (and the file in the mobile device 104 ) is already stored in one of the resources stored within device management system 102 . In particular embodiments, if device management system 102 determines that the resource already exists, the device management system 102 creates a new resource link to the resource and stores or otherwise associates the new resource link with the device object corresponding to the mobile device 104 .
- device management system 102 determines that an earlier version of the file exists within an existing resource within device management system 102 , then device management system 102 sends a message to control client 308 requesting the resource (or alternately data that corresponds to the differences between the modified file and the original or earlier version of the file).
- device management system 102 may store the new version as a new resource (and may associate the new resource with the pre-existing resource containing the earlier version) and may create a new resource link for the modified resource and associate the new resource link with the corresponding device object.
- the device management system 102 determines that no version of the resource exists within the device management system 102 , then the device management system 102 sends a message to control client 308 requesting the resource from mobile device 102 . Upon receipt of the new resource, device management system 102 stores the resource as a new resource within device management system 102 and creates a new resource link for the new resource that it then associates with the corresponding device object.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to a particular file type (e.g., .doc, .xls, .jpeg, .mpeg, .pdf, .mp3, etc.). That is, device management system 102 may request client 308 to selectively track and upload these resources, and device management system 102 may selectively track and store the uploaded resources.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data within one or more particular folders or directories.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to predetermined period of time (e.g., within the last week, within the last month, since the mobile device was registered, or within any selected time frame).
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to files stored in the mobile device (or modified in the mobile device) by the employee (e.g., pictures stored by the employee, documents stored by the employee, music stored by the employee, etc.).
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to files pre-tagged by an administrator.
- client 308 may be configured to track resources pre-tagged or otherwise recognizable as confidential, enterprise-privileged, black-listed, restricted, regulatory, and those that contain customer data, etc.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to particular application usage data within device management system 102 .
- device management system 102 may include an application usage log for the mobile devices 104 registered with the enterprise.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to particular activity data.
- the particular activity data may comprise voice (or call) usage information, SMS usage information (or other text message protocol information), or other data usage information (e.g., MMS or internet/web browser data usage).
- activity data may include the number of calls made by a particular user, the durations of such calls, and the identity of the user placing a particular call.
- the data logging policies for a particular mobile device 104 may cause device management system 102 to selectively log data corresponding to particular context data corresponding to particular activity data.
- context data may include information concerning the receiver of a particular call, whether the call was domestic versus international, the location of the user or receiver of the call at the time of the call (which may be determined using GPS, Cell ID, or other location detection technology and which may be incorporated into the corresponding mobile phone), the type of network used to make the call (e.g., 3G or 2G, as well as carrier), among other information.
- SMS, email, and other data usage may also be tracked and logged.
- device management system 102 may log activity data such as the number of SMS messages sent and/or received, the quantity (e.g., in kilobytes (kB) or megabytes (MB)) of data sent or received in each SMS message, as well as the quantity of data sent or received in an MMS message, email message, or from the internet in, for example, a mobile web browsing session.
- activity data such as the number of SMS messages sent and/or received, the quantity (e.g., in kilobytes (kB) or megabytes (MB)) of data sent or received in each SMS message, as well as the quantity of data sent or received in an MMS message, email message, or from the internet in, for example, a mobile web browsing session.
- kB kilobytes
- MB megabytes
- the data logging policies may be implemented on an individual, group, department, or enterprise basis, among other divisions. Additionally, data logging policies may vary based on the type of usage (e.g., voice call, SMS, MMS, email, internet, etc.)
- device management system 102 may log the number of SMS messages or email messages sent or received for a particular mobile device 104 based on the data logging policies associated with the mobile device, device management system 102 may or may not store the content of these messages (hereinafter referred to as content data).
- device management system 102 may be configured to track and store activity data activity and/or context data associated with emails or SMS text messages, but not the content (i.e., message body) of the email or SMS text message.
- the data logging policies may cause particular email or text messages, including the content data, to be archived in the device management database.
- an enterprise manager may choose different data logging policies for each mobile device 104 depending on the group designations associated with the particular mobile device.
- FIG. 6 shows a flowchart illustrating an example process for collecting and receiving call data from a mobile phone.
- the data is collected by the client (e.g., client 308 ) in the background of the normal operations of the mobile device 104 .
- any and all of the data described above may be collected and transmitted by the mobile devices on an event driven, periodic or continuous (e.g., whenever available) basis.
- data logging for various mobile devices 104 may vary according to the user of the particular mobile device or the device itself. By way of example, mobile phones that are roaming may be tracked more frequently then those that are not.
- the usage data may be temporarily stored in memory 306 within the mobile device and, specifically, within various data storage logs such as, for example, a file system log, behavior log, control log, or in other call and data usage logs.
- a call event at 602 e.g., a call end event corresponding to the termination of a call
- device management system 102 polls the mobile device 104 at 604 .
- the mobile device client 308 extracts usage data associated with the call at 606 .
- the call data may include any of the call information described above.
- This usage data may be collected from, by way of example, any of the aforementioned data storage logs.
- the mobile device client 308 may then timestamp or otherwise correlate the usage data with context data at 608 based on the time of usage (e.g., start time of the call and end time of the call) and other identifying and descriptive data.
- the usage data is also correlated based on the geographical location (i.e., “location”-stamp the usage data) of the mobile device at the time of the call (e.g., obtained through GPS location data).
- the usage data is also correlated based on the cellular tower used by the mobile device during the call. More particularly, information that is usable in identifying a cellular tower used by the mobile device during use is associated with the usage data (the device management server or other server or computer system may then use this cellular tower information to identify the specific cellular tower used by the mobile device during the call).
- the usage data may also be correlated with other user data, carrier data, enterprise data, etc.
- the client 308 or other module may then package (or cause to be packaged) the relevant correlated data at 610 and transmit the packaged data at 612 to device management system 102 . Additionally or alternatively, various data may be collected, correlated, packaged, and transmitted on a periodic or threshold basis (e.g., once data levels reach a predetermined memory level).
- SMS text, email or other data usage information may also be collected by the mobile device client 308 and stored in various memory locations and/or SMS and data logs.
- SMS text or MMS message information may be collected, correlated, packaged and transmitted to device management system 102 upon receipt or sending of an SMS or MMS message.
- data associated with emails may be transmitted upon receipt or sending of an email message, upon downloading an email message from an email server (e.g., from a BlackBerry® server), upon opening of an email, as well as on periodic or threshold bases.
- the employee using the mobile device 104 may also be presented with a user interface showing the data (or at least a portion) logged by the device management system 102 .
- some or all of the employees may have access to a user interface, based on the group designations designated to their respective mobile devices, that allows these employees to tag files, calls, and/or other data within their respective mobile devices as personal.
- data tagged by an employee as personal may not be logged by device management server.
- some data tagged as personal may be logged, but access to the logged personal data may be restricted to only one or a few high-level administrators.
- device management server 102 and/or mobile devices 104 may include algorithms that, based on data usage for example, intelligently determine personal versus enterprise (work) data for purposes of billing, audit, privacy, etc.
- an administrator may not be able to view some or all of the data logged by device management system 102 .
- the administrator may be able to view activity and/or context data, but not content data or particular files determined to be personal files.
- rule-based access may be provided to ensure data privacy.
- one class of administrators will not have access to any activity, content, or context data
- another class of administrators may have access only to activity data
- a “super” administrator may have access to all activity, content, and context data.
- such access may be sliced based on group designation such that, by way of example, an administrator may only have access to particular data for a single division, department, or other group of the enterprise.
- device management system 102 is additionally or alternatively configured to selectively erase (or selectively “wipe”) particular data in a particular mobile device 104 (or group of devices sharing one or more group designations) of an enterprise based on one or more erasure policies associated with the one or more mobile devices.
- a particular mobile device 104 or group of devices sharing one or more group designations
- erasure policies associated with the one or more mobile devices.
- an enterprise typically only has the ability to erase all the data, i.e., bring the mobile device 104 back to the factory reset state.
- each mobile device 104 may be registered with device management system 102 as described above.
- device management system 102 designates one or more group designations for each mobile device 104 as described above.
- device management system 102 determines one or more data erasure policies for each mobile device 104 based on the group designations associated with each particular mobile device.
- an enterprise manager or administrator may dictate particular erasure policies and enter these policies via a user interface.
- device management system 102 Upon the determination that particular data in one or more particular mobiles devices 104 is to be erased, device management system 102 causes the particular data to be erased in the mobile devices.
- the enterprise manager may select the particular device or devices using a user interface, as shown in FIG. 7A .
- the enterprise manager may determine that the data should be erased because the mobile device has been unsecured, lost, or stolen, the employee associated with the mobile device has voluntarily terminated employment with the enterprise, the employee has been involuntarily terminated by the enterprise (e.g., “fired”), the mobile device has or is to be retired or deactivated, the mobile device is to be transitioned to another employee, or the mobile device has been infected by a virus or malicious program.
- the erasure policies govern the selective erasure (e.g., determine which data is to be erased) based in part on the determination of why the particular data is to be erased (e.g., device unsecured).
- device management system 102 may be configured to make the determination that particular data should be erased automatically and subsequently automatically select the data to be erased.
- selectively erasing particular data for a particular mobile device 104 includes erasing resource links stored within or associated with the device object corresponding to the particular mobile device. More particularly, the resource links are erased that correspond to the particular resources within the device management system 102 that correspond to the resources in the mobile device containing the data to be erased. Device management system 102 then synchronizes the modified device object with the mobile device 104 . More particular, device management system 102 may pass a device object mapping to client 308 . Upon receipt of the device object mapping, client 308 erases or causes to be erased the resources within the mobile device 104 that no longer have corresponding resource links in the corresponding device object.
- the data erasure policies for a particular mobile device 104 may cause device management system 102 to selectively erase or selectively not erase data corresponding to a particular file type (e.g., .doc, .xls, .jpeg, .mpeg, .pdf, .mp3, etc.), folder, and/or directory.
- a particular file type e.g., .doc, .xls, .jpeg, .mpeg, .pdf, .mp3, etc.
- Microsoft Excel documents may be determined to more likely contain enterprise privileged information (e.g., confidential or customer data), and as such, one of the erasure policies may dictate that Microsoft Excel documents should be erased at a particular mobile device 104 .
- the data erasure policies for a particular mobile device 104 may cause device management system 102 to selectively erase or selectively not erase data corresponding to files that have been pre-tagged.
- client 308 may be configured to erase resources pre-tagged or otherwise recognizable as confidential, enterprise-privileged, black-listed, restricted, regulatory, and those that contain customer data, etc.
- the data erasure policies for a particular mobile device 104 may cause device management system 102 to selectively erase data that has been designated as black-listed automatically and immediately after being detected by client 308 and/or device management system 102 .
- an employee that used his or her own personal mobile device may leave the enterprise knowing that the user's personal data is safe. That is, if or when the employee leaves the enterprise, the device management system 102 may selectively erase enterprise-privileged data (e.g., emails, documents, etc.) and leave the user's personal data (e.g., personal emails, pictures, music) stored in the mobile device.
- enterprise-privileged data e.g., emails, documents, etc.
- the user's personal data e.g., personal emails, pictures, music
- device management system 102 may be configured to delete all the data on a particular mobile device (i.e., return the mobile device to factory reset). Additionally, in particular embodiments, client 308 may be selectively erased or automatically erased in a partial erasure or complete erasure, respectively.
- an enterprise administrator may set policies for tagging, viewing, moving, copying, and otherwise modifying particular data stored in a particular mobile device 104 or group of mobile devices 104 sharing one or more group designations.
- an administrator may select all the mobile devices 104 associated with the staff group designation within the research and development department, and tag all Microsoft Excel files in these mobile devices 104 .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Library & Information Science (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
In various embodiments, a method is described that includes registering a mobile device with an enterprise by storing registration data for the mobile device in a device management database; designating one or more group designations for the mobile device; storing the one or more group designations in the device management database; determining one or more policies for the mobile device based at least in part on the one or more group designations; and selectively taking action on selected data from the mobile device in the device management database based on the one or more policies.
Description
- This disclosure relates generally to mobile devices and management systems.
- In a manner similar to personal computers and laptops, business enterprises (e.g., companies, corporations, etc.) increasingly rely on mobile and handheld devices. Indeed, the capabilities and uses of mobile devices have moved beyond voice communications and personal information management applications to a variety of communications- and business-related functions including email, browsing, instant messaging, enterprise applications, and video applications. For example, the functionality of many mobile devices have been extended to include cellular and wireless local area network (WLAN) communications interfaces, as well as virtual private network (VPN) and other client applications. Furthermore, mobile devices used in enterprises may also include enterprise applications used by employees in the field or otherwise.
- Deployment, management and configuration of mobile and handheld devices in enterprise environments, however, present certain challenges. For example, the vast and constantly changing variety of mobile device types, functions and capabilities presents challenges to configuration, provisioning and troubleshooting.
-
FIG. 1 illustrates an example mobile device management architecture according to an embodiment of the present disclosure. -
FIG. 2 is a schematic diagram illustrating an example server system architecture. -
FIG. 3 is a schematic diagram illustrating an example mobile device system architecture. -
FIGS. 4A-4C illustrate example user interfaces for designating one or more group designations. -
FIGS. 5A and 5B illustrate example user interfaces for selecting data logging policies for one or more mobile devices. -
FIG. 6 shows a flowchart illustrating an example process for collecting and receiving call data from a mobile device. -
FIGS. 7A and 7B illustrate example user interfaces for selectively erasing data from one or more mobile devices. - Particular embodiments of the present disclosure provide methods, apparatuses and systems directed to facilitating and managing the use of mobile devices in an enterprise environment without sacrificing user experience or enterprise security.
- In particular embodiments, for each of the mobile devices registered with an enterprise, a mobile device management application hosted on a device management server selectively logs data received from the mobile device. The logged data may include particular files (e.g., documents, spreadsheets, pdfs, pictures, etc.) stored in the mobile device as well particular application usage data in the form of, by way of example, activity data (e.g., data regarding calls, messages, and email), content data (e.g., the text within the message or email body), and/or context data (e.g., timestamps and location data, etc.), as will be described in more detail below. In particular embodiments, the mobile device management application maintains a device object for each mobile device at a device management database connected with or residing at the device management server. In one particular embodiment, the device management application maintains a virtual instance of each mobile device that may completely emulate the corresponding physical instance of the mobile device as described in copending patent application Ser. No. 12/181,124 (Attorney Docket No. 079198.0104) filed 28 Jul. 2008 and copending patent application Ser. No. 12/421,517 (Attorney Docket No. 079198.0107) filed 9 Apr. 2009, both of which are hereby incorporated by reference herein. Even in embodiments in which a virtual instance is not maintained, various embodiments may still include systems, devices, components, and functionality similar to those described in these copending applications.
- In particular embodiments, each mobile device includes a control client application (hereinafter referred to as “control client”) that is configured to interact with the device management application via the device management server and a network link. More particularly, the control client application is configured to receive data, commands, and other messages from the device management server via a network link, to synchronize the state of the mobile device with the corresponding device object stored at the device management database, and to selectively track and upload data over the network link to the device management server and database, as will be described in detail below. In various embodiments, the control client logs man-machine interface (MMI) data, file system commands, and other data characterizing usage of, and/or the actions performed on, the mobile device. Some or all of the log data is provided to the device management application hosted on the device management server, which can synchronize the device object stored at the database with that of the mobile device, and vice versa.
- In this manner, the device management application may provide an administrator a detailed snapshot of the state of the mobile device, and facilitate device management operations, as described below. In particular, various embodiments enable selective erasing, tagging, copying, moving, modifying, viewing, and/or other selective action on or of particular data stored in a particular registered mobile device or designated group of mobile devices via the device management server.
-
FIG. 1 illustrates a block diagram of a computer network environment 100 in accordance with an example embodiment. Computer network environment 100 includes adevice management system 102 and a plurality ofmobile devices 104 that may each communicate withdevice management system 102 via one ormore network links 106. In various embodiments,device management system 102 may actually comprise one or more device management servers and device management databases, one or more of which may or may not be physically located within the physical boundaries of the enterprise. - Network link(s) 106 may include any suitable number or arrangement of interconnected networks including both wired and wireless networks. By way of example, a wireless communication network link over which
mobile devices 104 communicate may utilize a cellular-based communication infrastructure that includes cellular-based communication protocols such as AMPS, CDMA, TDMA, GSM (Global System for Mobile communications), iDEN, GPRS, EDGE (Enhanced Data rates for GSM Evolution), UMTS (Universal Mobile Telecommunications System), WCDMA and their variants, among others. In various embodiments,network link 106 may further include, or alternately include, a variety of communication channels and networks such as WLAN/WiFi, WiMAX, Wide Area Networks (WANs), and BlueTooth. - As
FIG. 1 illustrates,device management system 102 may be operably connected with (or included within) an enterprise network 110 (which may include or be a part of network link(s) 106).Enterprise network 110 may further include one or more of email orexchange servers 112,enterprise application servers 114, authentication (AAA)servers 116,directory servers 118, Virtual Private Network (VPN) gateways, firewalls, among other servers and components. Themobile devices 104 may access or utilize one or more of these enterprise systems or associated functionality. -
Management system 102 may actually include one or more hardware, firmware, and software components residing at one or more computer servers or systems (hereinafter referred to as computer systems). Software components ofdevice management system 102 may be at one or more of the same computer systems.FIG. 2 illustrates anexample computer system 200.Device management system 102 may include software components at one or more computer systems, which may be similar toexample computer system 200. Particular embodiments may implement various functions ofdevice management system 102 as hardware, software, or a combination of hardware and software. As an example and not by way of limitation, one or more computer systems may execute particular logic or software to perform one or more steps of one or more processes described or illustrated with respect todevice management system 102. One or more of the computer systems may be unitary or distributed, spanning multiple computer systems or multiple datacenters, where appropriate. The present disclosure contemplates any suitable computer system. Herein, reference to logic may encompass software, and vice versa, where appropriate. Reference to software may encompass one or more computer programs, and vice versa, where appropriate. Reference to software may encompass data, instructions, or both, and vice versa, where appropriate. Similarly, reference to data may encompass instructions, and vice versa, where appropriate. - One or more tangible computer-readable media may store or otherwise embody software implementing particular embodiments. A tangible computer-readable medium may be any tangible medium capable of carrying, communicating, containing, holding, maintaining, propagating, retaining, storing, transmitting, transporting, or otherwise embodying software, where appropriate. A tangible computer-readable medium may be a biological, chemical, electronic, electromagnetic, infrared, magnetic, optical, quantum, or other suitable medium or a combination of two or more such media, where appropriate. A tangible computer-readable medium may include one or more nanometer-scale components or otherwise embody nanometer-scale design or fabrication. Example tangible computer-readable media include, but are not limited to, application-specific integrated circuits (ASICs), compact discs (CDs), field-programmable gate arrays (FPGAs), floppy disks, floptical disks, hard disks, holographic storage devices, magnetic tape, caches, programmable logic devices (PLDs), random-access memory (RAM) devices, read-only memory (ROM) devices, semiconductor memory devices, and other suitable computer-readable media.
- Software implementing particular embodiments may be written in any suitable programming language (which may be procedural or object oriented) or combination of programming languages, where appropriate. Any suitable type of computer system (such as a single- or multiple-processor computer system) or systems may execute software implementing particular embodiments, where appropriate. A general-purpose or specific-purpose computer system may execute software implementing particular embodiments, where appropriate.
- The components in
FIG. 2 are examples only and do not limit the scope of use or functionality of any hardware, software, embedded logic component, or a combination of two or more such components implementing particular embodiments.Computer system 200 may have any suitable physical form, including but not limited to one or more integrated circuits (ICs), printed circuit boards (PCBs), mobile handheld devices (such as mobile telephones or PDAs), laptop or notebook computers, distributed computer systems, computing grids, or servers.Computer system 200 may include adisplay 232, one or more input devices 233 (which may, for example, include a keypad, a keyboard, a mouse, a stylus, etc.), one ormore output devices 234, one ormore storage devices 235, and varioustangible storage media 236. -
Bus 240 connects a wide variety of subsystems. Herein, reference to a bus may encompass one or more digital signal lines serving a common function, where appropriate.Bus 240 may be any of several types of bus structures including a memory bus, a peripheral bus, or a local bus using any of a variety of bus architectures. As an example and not by way of limitation, such architectures include an Industry Standard Architecture (ISA) bus, an Enhanced ISA (EISA) bus, a Micro Channel Architecture (MCA) bus, a Video Electronics Standards Association local bus (VLB), a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, and an Accelerated Graphics Port (AGP) bus. - Processor(s) 201 (or central processing unit(s) (CPU(s))) optionally contains a
cache memory unit 202 for temporary local storage of instructions, data, or computer addresses. Processor(s) 201 are coupled to tangible storagedevices including memory 203.Memory 203 may include random access memory (RAM) 204 and read-only memory (ROM) 205.ROM 205 may act to communicate data and instructions unidirectionally to processor(s) 201, and RAM 704 may act to communicate data and instructions bidirectionally with processor(s) 201.ROM 205 andRAM 204 may include any suitable tangible computer-readable media described below.Fixed storage 208 is connected bidirectionally to processor(s) 201, optionally throughstorage control unit 207.Fixed storage 208 provides additional data storage capacity and may also include any suitable tangible computer-readable media described.Storage 208 may be used to storeoperating system 209,EXECs 210,data 211,application programs 212, and the like. Typically,storage 208 is a secondary storage medium (such as a hard disk) that is slower than primary storage. Information instorage 208 may, in appropriate cases, be incorporated as virtual memory inmemory 203. - Processor(s) 201 is connected to multiple interfaces, such as graphics control 221,
video interface 222,input interface 223,output interface 224,storage interface 225, andstorage medium interface 226. These interfaces are in turn connected to appropriate devices, as may be illustrated. In general, an input/output (I/O) device may be a video display, a track ball, a mouse, a keyboard, a microphone, a touch-sensitive display, a transducer card reader, a magnetic- or paper-tape reader, a tablet, a stylus, a voice or handwriting recognizer, a biometrics reader, another computer system, or other suitable I/O device or a combination of two or more such I/O devices. Processor(s) 201 may connect to another computer system or to telecommunications network 230 (which may includenetwork link 106 or enterprise network 110) throughnetwork interface 220. Withnetwork interface 220,CPU 201 may communicate withnetwork 230 in the course of performing one or more steps of one or more processes described or illustrated herein, according to particular needs. Moreover, one or more steps of one or more processes described or illustrated herein may execute solely atCPU 201. In addition or as an alternative, one or more steps of one or more processes described or illustrated herein may execute atmultiple CPUs 201 that are remote from each other acrossnetwork 230. - In particular embodiments, when
computer system 200 is connected to network 230,computer system 200 may communicate with other devices, specificallymobile devices 104 and enterprise systems, connected tonetwork 230. Communications to and fromcomputer system 200 may be sent throughnetwork interface 220. For example,network interface 220 may receive incoming communications (such as requests or responses from other devices) in the form of one or more packets (such as Internet Protocol (IP) packets) fromnetwork 230 andcomputer system 200 may store the incoming communications inmemory 203 for processing.Computer system 200 may similarly store outgoing communications (such as requests or responses to other devices) in the form of one or more packets inmemory 203 and communicated to network 230 fromnetwork interface 220. Processor(s) 201 may access these communication packets stored inmemory 203 for processing. -
Computer system 200 may provide functionality as a result of processor(s) 201 executing software embodied in one or more tangible computer-readable storage media, such asmemory 203,storage 208,storage devices 235, and/orstorage medium 236. The computer-readable media may store software that implements particular embodiments, and processor(s) 201 may execute the software.Memory 203 may read the software from one or more other computer-readable media (such as mass storage device(s) 235, 236) or from one or more other sources through a suitable interface, such asnetwork interface 220. The software may cause processor(s) 201 to carry out one or more processes or one or more steps of one or more processes described or illustrated herein. Carrying out such processes or steps may include defining data structures stored inmemory 203 and modifying the data structures as directed by the software. In addition or as an alternative,computer system 200 may provide functionality as a result of logic hardwired or otherwise embodied in a circuit, which may operate in place of or together with software to execute one or more processes or one or more steps of one or more processes described or illustrated herein. Herein, reference to software may encompass logic, and vice versa, where appropriate. Moreover, reference to a computer-readable medium may encompass a circuit (such as an IC) storing software for execution, a circuit embodying logic for execution, or both, where appropriate. The present disclosure encompasses any suitable combination of hardware, software, or both. - In particular embodiments, a
mobile device 104 is a wireless phone such as a mobile or cellular phone. By way of example,mobile device 104 may be a smartphone (e.g., the iPhone or iPhone 3G manufactured by Apple Inc. of Cupertino, Calif., the BlackBerry manufactured by Research in Motion (RIM), the G1 based on the Android operating system, or Samsung BlackJack based on the Windows Mobile operating system), feature phone, basic cellular phone, personal digital assistant, or other multimedia device. Additionally,mobile device 104 may be affiliated with and supported by any suitable carrier or network service provider such as, by way of example, Sprint PCS, T-Mobile, Verizon, AT&T, or other suitable carrier. - In particular embodiments, various different employees of the same enterprise may have different billing plans. By way of example, in general, most employees will have corporate liable mobile device (e.g., phone) plans. These plans are billed to the enterprise by the service provider. However, some employees may wish to use their own personal phones for enterprise related calls, text, data transmission and other enterprise usage. Such plans are known as individual liable plans. Such plans are billed to the individual employee by the corresponding employee's service provider (which may be different from the service provider supporting the enterprise's corporate liable mobile devices). Generally, the employee pays the bill and then submits an expense report (e.g., monthly) to the enterprise seeking reimbursement for the employee's enterprise related mobile activities.
-
FIG. 3 shows a schematic representation of the main components of an examplemobile device 104, according to various particular embodiments, which is adapted for use in connection with a GSM network or any other mobile telephone network as described above, and which may also be configured to meet the wireless application protocol specification (WAP).Mobile device 104 generally includes acontroller 304 which may comprise a microcontroller or one or more processors configured to execute instructions and to carry out operations associated withmobile device 104. In various embodiments,controller 304 may be implemented as a single-chip, multiple chips and/or other electrical components including one or more integrated circuits and printed circuit boards.Controller 304 may optionally contain a cache memory unit for temporary local storage of instructions, data, or computer addresses. By way of example, using instructions retrieved from memory,controller 304 may control the reception and manipulation of input and output data between components ofmobile device 104. -
Controller 304 together with a suitable operating system may operate to execute instructions in the form of computer code and produce and use data. By way of example and not by way of limitation, the operating system may be Windows-based, Mac-based, or Unix or Linux-based, or Symbian-based, among other suitable operating systems. The operating system, other computer code (includingcontrol client 308 described below) and/or data may be physically stored within amemory block 306 that is operatively coupled tocontroller 304. -
Memory block 306 encompasses one or more storage mediums and generally provides a place to store computer code (e.g., software and/or firmware) and data that are used bymobile device 104. By way of example,memory block 306 may include various tangible computer-readable storage media including Read-Only Memory (ROM) and/or Random-Access Memory (RAM). As is well known in the art, ROM acts to transfer data and instructions unidirectionally tocontroller 304, and RAM is used typically to transfer data and instructions in a bi-directional manner.Memory block 306 may also include one or more fixed storage devices in the form of, by way of example, solid-state hard disk drives (HDDs), among other suitable forms of memory coupled bi-directionally tocontroller 304. Information may also reside on a removable storage medium loaded into or installed inmobile device 104 when needed. By way of example, any of a number of suitable memory cards may be loaded intomobile device 104 on a temporary or permanent basis. By way of example,mobile device 104 may also include a subscriber identification module (SIM)card 328 and aSIM card reader 330. -
Controller 304 is also generally coupled to a variety of interfaces such as graphics control, video interface, input interface, output interface, and storage interface, and these interfaces in turn are coupled to the appropriate devices.Controller 304 is also coupled to anetwork interface 305 that allowsmobile device 104, and particularlycontroller 304, to be coupled to another computer (e.g., device management system 102) or telecommunications network (e.g., network link 106 or enterprise network 110). More particularly,network interface 305 generally allowscontroller 304 to receive information fromnetwork link 106, or might output information to the network link in the course of performing various method steps described below. Communications may be sent to and frommobile device 104 vianetwork interface 305. By way of example, incoming communications, such as a request or a response from another device (e.g., device management system 102), in the form of one or more packets, may be received fromnetwork link 106 atnetwork interface 305 and stored in selected sections inmemory block 306 for processing. Outgoing communications, such as a request or a response to another device (e.g., device management system 102), again in the form of one or more packets, may also be stored in selected sections inmemory 306 and sent out to network link 106 atnetwork interface 305.Controller 304 may access these communication packets stored inmemory 306 for processing. - Electric signals (e.g., analog) may be produced by
microphone 310 and fed toearpiece 312.Controller 304 may receive instruction signals from keypad 314 (which may include soft keys) and control the operation of display 316 (In alternate embodiments,keypad 314 may be implemented as a virtual keypad displayed on display 316). By way of example,display 316 may incorporate liquid crystal display (LCD), light emitting diode (LED), Interferometric modulator display (IMOD), or any other suitable display technology. Radio signals may be transmitted and received by means of anantenna 318 that may be connected through aradio interface 320 tocodec 322 configured to process signals under control ofcontroller 304. Thus, in use for speech,codec 322 may receive signals (e.g., analog) frommicrophone 310, digitize them into a form suitable for transmission, and feed them toradio interface 320 for transmission throughantenna 318 to, for example, a public land mobile network (PLMN). Similarly, received signals may be fed tocodec 322 so as to produce signals (e.g., analog) which may be fed toear piece 312.Mobile device 104 also generally includes a ringer (e.g., speaker) 324 and may also include light emitting diodes (LEDs) 326. In particular embodiments,mobile device 104 may be a dual mode phone having a wireless local area network (WLAN) interface, Worldwide Interoperability for Microwave Access (WiMAX) interface, and/or other wireless or physical interfaces (such as BlueTooth® and USB). Additionally,mobile device 104 may be powered by aremovable battery pack 332. -
Mobile device 104 may also include one or more user input devices 334 (other than keypad 314) that are operatively coupled to thecontroller 304. Generally,input devices 334 are configured to transfer data, commands and responses from the outside world into mobile device 108. By way of example, mobile device may include a joystick or directional pad.Input devices 334 may also include one or more hard buttons. -
Display device 316 is generally configured to display a graphical user interface (GUI) that provides an easy to use visual interface between a user of themobile device 104 and the operating system or application(s) running on the mobile device. Generally, the GUI presents programs, files and operational options with graphical images. During operation, the user may select and activate various graphical images displayed on thedisplay 316 in order to initiate functions and tasks associated therewith. - In particular embodiments, each
mobile device 104 includes acontrol client 308 that is configured to interact with thedevice management system 102 vianetwork link 106.Control client 308 may generally be implemented as one or more software programs or applications stored in, by way of example,memory 306.Control client 308 is configured to receive data, commands, and other messages from thedevice management system 102 vianetwork link 106, to synchronize the state of themobile device 104 with a corresponding device object stored at a device management database, and to selectively track and upload data over the network link to the device management system for logging by the device management system, as will be described in detail below. The logged data may include particular files (e.g., documents, spreadsheets, pdfs, pictures, etc.) stored in the mobile device as well particular application usage data in the form of, by way of example, activity data (e.g., data regarding calls, messages, and email), content data (e.g., the text within the message or email body), and/or context data (e.g., timestamps and location data, etc.), as will be described in more detail below. In various embodiments, the control client logs man-machine interface (MMI) data, file system commands, and other data characterizing usage of, and/or the actions performed on, the mobile device. Some or all of the log data is provided to the device management application hosted on the device management server, which can synchronize the device object stored at the database with that of the mobile device, and vice versa. - In this manner, the
device management system 102 may provide an administrator a detailed snapshot of the state of eachmobile device 104, and facilitate device management operations, as described below. In particular, various embodiments enable selective erasing, tagging, copying, moving, modifying, viewing, and/or other selective action on or of particular data stored in a particular registered mobile device or designated group of mobile devices via the device management server. - In particular embodiments,
device management system 102 is configured to selectively log data from each of themobile devices 104 of an enterprise. More particularly,mobile device 104 may be configured to selectively track and/or log data and to upload this data todevice management system 102 which, in turn, selectively logs or stores the data. In particular embodiments, eachmobile device 104 is first registered with thedevice management system 102 by creating and storing a device object for the mobile device within thedevice management system 102. By way of example, an employee desiring to use a personally ownedmobile device 104 may indicate to management that he or she desires to use the personally ownedmobile device 104 with enterprise related services (e.g., email or access to an enterprise database) and needs enterprise access. Alternately, an employee receiving amobile device 104 under a corporate liable plan may receive an enterprise ownedmobile device 104 upon commencing employment or receiving a mobile device upgrade, by way of example. In particular embodiments, registering amobile device 104 with thedevice management system 102 includes creating and storing a device object in a database within or connected withdevice management system 102. The device object may be implemented as part of a data structure corresponding to the particularmobile device 104. By way of example, a particular device object may include a device identifier that uniquely identifies the corresponding mobile device. - In particular embodiments,
device management system 102 designates one or more group designations for the particularmobile device 104. By way of example, device management system may present a user interface to an IT manager or administrator enabling the manager to enter designation information for each of a plurality of mobile devices.Device management system 102 then designates the one or more group designations with the mobile device by storing or otherwise associating the group designations with the device object within the database.FIGS. 4A-4C illustrate example user interfaces for designating one or more group designations (also referred to herein as labels) for one or moremobile devices 104 of an enterprise. By way of example, an IT manager may utilizeactive window 402 to designate the particularmobile device 104 as being either personally owned or enterprise (company) owned as illustrated inFIG. 4A (e.g., C=company owned, E=employee owned). As another example, the IT manager may designate themobile device 104 as being registered with an employee of a particular enterprise department (e.g., sales, marketing, research and development, management, human resources, accounting, etc.). As another example, the IT manager may designate themobile device 104 as being registered with an employee of a particular class (e.g., management, staff, intern, new hire, etc.). As yet another example, amobile device 104 may be designated based on the type (e.g., smartphone versus non-smartphone) or manufacturer (e.g., blackberry, apple) of themobile device 104, as shown inFIGS. 4B and 4C . In some embodiments, some or all of the group designations may be designated and stored automatically bydevice management system 102 based on mined information already stored in the database or other location. -
Device management system 102 determines one or more data logging policies for each mobile device based on the group designations associated with each particular mobile device. By way of example, an enterprise manager or administrator may dictate particular policies and enter these policies via active window 404 intodevice management system 102 as shown inFIGS. 5A and 5B (e.g., seeactive windows mobile device 104, device management system may then, using the policies entered by the manager, automatically determine data logging policies for themobile device 104. The data logging policies govern which data is logged (e.g., tracked and/or uploaded) from a particular mobile device todevice management system 102. By way of example, a particular device object may be associated with one or more data logging policies stored within the database.Device management system 102 selectively logs (e.g., tracks and/or stores) data from themobile devices 104 of the enterprise based on the data logging policies associated with each particular mobile device. - In particular embodiments, the database within or connected with
device management system 102 stores resources associated with themobile devices 104. By way of example, each resource may store a particular file, or generally a data structure, as well as corresponding metadata. Eachmobile device 104 also stores (e.g., within memory 306) a number of resources each storing a file or data structure and corresponding metadata. In particular embodiments, whencontrol client 308 determines that a particular file or other data structure (hereinafter referred to as “file”) has been newly stored, updated, or otherwise modified withinmobile device 104,control client 308 creates a hash for the particular file and causesmobile device 104 to transmit the hash todevice management system 102. Upon receipt of the hash,device management system 102 determines if the particular file corresponding to the hash (and the file in the mobile device 104) is already stored in one of the resources stored withindevice management system 102. In particular embodiments, ifdevice management system 102 determines that the resource already exists, thedevice management system 102 creates a new resource link to the resource and stores or otherwise associates the new resource link with the device object corresponding to themobile device 104. - In particular embodiments, if
device management system 102 determines that an earlier version of the file exists within an existing resource withindevice management system 102, thendevice management system 102 sends a message to controlclient 308 requesting the resource (or alternately data that corresponds to the differences between the modified file and the original or earlier version of the file). Upon receipt of the new version,device management system 102 may store the new version as a new resource (and may associate the new resource with the pre-existing resource containing the earlier version) and may create a new resource link for the modified resource and associate the new resource link with the corresponding device object. If thedevice management system 102 determines that no version of the resource exists within thedevice management system 102, then thedevice management system 102 sends a message to controlclient 308 requesting the resource frommobile device 102. Upon receipt of the new resource,device management system 102 stores the resource as a new resource withindevice management system 102 and creates a new resource link for the new resource that it then associates with the corresponding device object. - In particular embodiments, only particular resources from the
mobile device 104 are logged bydevice management system 102 and associated with the corresponding device object withindevice management system 102. By way of example, in particular embodiments, the data logging policies for a particular mobile device 104 (or particular group of mobile devices sharing one or more group designations) may causedevice management system 102 to selectively log data corresponding to a particular file type (e.g., .doc, .xls, .jpeg, .mpeg, .pdf, .mp3, etc.). That is,device management system 102 may requestclient 308 to selectively track and upload these resources, anddevice management system 102 may selectively track and store the uploaded resources. Similarly, in particular embodiments, the data logging policies for a particularmobile device 104 may causedevice management system 102 to selectively log data within one or more particular folders or directories. - As another example, in particular embodiments, the data logging policies for a particular
mobile device 104 may causedevice management system 102 to selectively log data corresponding to predetermined period of time (e.g., within the last week, within the last month, since the mobile device was registered, or within any selected time frame). As another example, in particular embodiments, the data logging policies for a particularmobile device 104 may causedevice management system 102 to selectively log data corresponding to files stored in the mobile device (or modified in the mobile device) by the employee (e.g., pictures stored by the employee, documents stored by the employee, music stored by the employee, etc.). As yet another example, in particular embodiments, the data logging policies for a particularmobile device 104 may causedevice management system 102 to selectively log data corresponding to files pre-tagged by an administrator. By way of example,client 308 may be configured to track resources pre-tagged or otherwise recognizable as confidential, enterprise-privileged, black-listed, restricted, regulatory, and those that contain customer data, etc. - In particular embodiments, the data logging policies for a particular
mobile device 104 may causedevice management system 102 to selectively log data corresponding to particular application usage data withindevice management system 102. By way of example,device management system 102 may include an application usage log for themobile devices 104 registered with the enterprise. By way of example, in particular embodiments, the data logging policies for a particularmobile device 104 may causedevice management system 102 to selectively log data corresponding to particular activity data. By way of example, the particular activity data may comprise voice (or call) usage information, SMS usage information (or other text message protocol information), or other data usage information (e.g., MMS or internet/web browser data usage). In particular, activity data may include the number of calls made by a particular user, the durations of such calls, and the identity of the user placing a particular call. - As another example, in particular embodiments, the data logging policies for a particular
mobile device 104 may causedevice management system 102 to selectively log data corresponding to particular context data corresponding to particular activity data. By way of example, context data may include information concerning the receiver of a particular call, whether the call was domestic versus international, the location of the user or receiver of the call at the time of the call (which may be determined using GPS, Cell ID, or other location detection technology and which may be incorporated into the corresponding mobile phone), the type of network used to make the call (e.g., 3G or 2G, as well as carrier), among other information. - Similar to voice usage, SMS, email, and other data usage may also be tracked and logged. By way of example,
device management system 102 may log activity data such as the number of SMS messages sent and/or received, the quantity (e.g., in kilobytes (kB) or megabytes (MB)) of data sent or received in each SMS message, as well as the quantity of data sent or received in an MMS message, email message, or from the internet in, for example, a mobile web browsing session.Device management system 102 may also log context data such as, by way of example, network information (e.g., 3G or 2G, as well as carrier), average or current network speed (e.g., kB/s or MB/s), and from whom, to whom, and when the data was sent, as well as where the transmitting and receiving parties are physically or geographically located. Regarding internet usage,device management system 102 may also log which websites a user navigates to as well as the duration and frequency of usage. Additionally,device management system 102 may also be configured to log which applications a user of amobile device 104 uses, how frequently the user uses each application, which applications the user has downloaded, uploaded or otherwise installed, among other application data. - In particular embodiments, the data logging policies, as described above, may be implemented on an individual, group, department, or enterprise basis, among other divisions. Additionally, data logging policies may vary based on the type of usage (e.g., voice call, SMS, MMS, email, internet, etc.) By way of example, while
device management system 102 may log the number of SMS messages or email messages sent or received for a particularmobile device 104 based on the data logging policies associated with the mobile device,device management system 102 may or may not store the content of these messages (hereinafter referred to as content data). That is, in an example embodiment,device management system 102 may be configured to track and store activity data activity and/or context data associated with emails or SMS text messages, but not the content (i.e., message body) of the email or SMS text message. Alternately, the data logging policies may cause particular email or text messages, including the content data, to be archived in the device management database. In particular embodiments, it is the responsibility of the enterprise manager to legislate the data logging policies even though it isdevice management system 102 that may implement the data logging policies. By way of example, as described above, an enterprise manager may choose different data logging policies for eachmobile device 104 depending on the group designations associated with the particular mobile device. -
FIG. 6 shows a flowchart illustrating an example process for collecting and receiving call data from a mobile phone. In a particular embodiment, the data is collected by the client (e.g., client 308) in the background of the normal operations of themobile device 104. In some embodiments, any and all of the data described above may be collected and transmitted by the mobile devices on an event driven, periodic or continuous (e.g., whenever available) basis. As described above, data logging for variousmobile devices 104 may vary according to the user of the particular mobile device or the device itself. By way of example, mobile phones that are roaming may be tracked more frequently then those that are not. The usage data may be temporarily stored inmemory 306 within the mobile device and, specifically, within various data storage logs such as, for example, a file system log, behavior log, control log, or in other call and data usage logs. - In one particular embodiment, upon occurrence of a call event at 602 (e.g., a call end event corresponding to the termination of a call),
device management system 102 polls themobile device 104 at 604. Themobile device client 308 then extracts usage data associated with the call at 606. By way of example, the call data may include any of the call information described above. This usage data may be collected from, by way of example, any of the aforementioned data storage logs. Themobile device client 308 may then timestamp or otherwise correlate the usage data with context data at 608 based on the time of usage (e.g., start time of the call and end time of the call) and other identifying and descriptive data. In particular embodiments, the usage data is also correlated based on the geographical location (i.e., “location”-stamp the usage data) of the mobile device at the time of the call (e.g., obtained through GPS location data). In particular embodiments, the usage data is also correlated based on the cellular tower used by the mobile device during the call. More particularly, information that is usable in identifying a cellular tower used by the mobile device during use is associated with the usage data (the device management server or other server or computer system may then use this cellular tower information to identify the specific cellular tower used by the mobile device during the call). In various embodiments, the usage data may also be correlated with other user data, carrier data, enterprise data, etc. - The
client 308 or other module may then package (or cause to be packaged) the relevant correlated data at 610 and transmit the packaged data at 612 todevice management system 102. Additionally or alternatively, various data may be collected, correlated, packaged, and transmitted on a periodic or threshold basis (e.g., once data levels reach a predetermined memory level). - In a similar fashion, SMS text, email or other data usage information may also be collected by the
mobile device client 308 and stored in various memory locations and/or SMS and data logs. By way of example, SMS text or MMS message information may be collected, correlated, packaged and transmitted todevice management system 102 upon receipt or sending of an SMS or MMS message. As another example, data associated with emails may be transmitted upon receipt or sending of an email message, upon downloading an email message from an email server (e.g., from a BlackBerry® server), upon opening of an email, as well as on periodic or threshold bases. - In general, it may be desirable to transmit any of the described data as frequently as possible while keeping power consumption associated with the collecting, correlating, packaging, and (especially) transmitting below a power consumption threshold.
- In various embodiments, the employee using the
mobile device 104, in addition to an enterprise administrator, may also be presented with a user interface showing the data (or at least a portion) logged by thedevice management system 102. Moreover, some or all of the employees may have access to a user interface, based on the group designations designated to their respective mobile devices, that allows these employees to tag files, calls, and/or other data within their respective mobile devices as personal. In some embodiments, data tagged by an employee as personal may not be logged by device management server. In other embodiments, some data tagged as personal may be logged, but access to the logged personal data may be restricted to only one or a few high-level administrators. Additionally or alternately, in some embodiments,device management server 102 and/ormobile devices 104 may include algorithms that, based on data usage for example, intelligently determine personal versus enterprise (work) data for purposes of billing, audit, privacy, etc. - In some embodiments, an administrator may not be able to view some or all of the data logged by
device management system 102. By way of example, the administrator may be able to view activity and/or context data, but not content data or particular files determined to be personal files. Additionally, in some embodiments rule-based access may be provided to ensure data privacy. By way of example, one class of administrators will not have access to any activity, content, or context data, another class of administrators may have access only to activity data, while a “super” administrator may have access to all activity, content, and context data. Furthermore, such access may be sliced based on group designation such that, by way of example, an administrator may only have access to particular data for a single division, department, or other group of the enterprise. - In particular embodiments,
device management system 102 is additionally or alternatively configured to selectively erase (or selectively “wipe”) particular data in a particular mobile device 104 (or group of devices sharing one or more group designations) of an enterprise based on one or more erasure policies associated with the one or more mobile devices. As those of skill in the art will appreciate, conventionally an enterprise only has the ability to erase all the data, i.e., bring themobile device 104 back to the factory reset state. Again, eachmobile device 104 may be registered withdevice management system 102 as described above. Additionally,device management system 102 designates one or more group designations for eachmobile device 104 as described above. Furthermore,device management system 102 determines one or more data erasure policies for eachmobile device 104 based on the group designations associated with each particular mobile device. By way of example, an enterprise manager or administrator may dictate particular erasure policies and enter these policies via a user interface. Upon the determination that particular data in one or moreparticular mobiles devices 104 is to be erased,device management system 102 causes the particular data to be erased in the mobile devices. - By way of example, when an enterprise manager determines that some or all of the data in a particular
mobile device 104 should be erased, the enterprise manager may select the particular device or devices using a user interface, as shown inFIG. 7A . By way of example, the enterprise manager may determine that the data should be erased because the mobile device has been unsecured, lost, or stolen, the employee associated with the mobile device has voluntarily terminated employment with the enterprise, the employee has been involuntarily terminated by the enterprise (e.g., “fired”), the mobile device has or is to be retired or deactivated, the mobile device is to be transitioned to another employee, or the mobile device has been infected by a virus or malicious program. In particular embodiments, the erasure policies govern the selective erasure (e.g., determine which data is to be erased) based in part on the determination of why the particular data is to be erased (e.g., device unsecured). In alternate embodiments,device management system 102 may be configured to make the determination that particular data should be erased automatically and subsequently automatically select the data to be erased. - In particular embodiments, selectively erasing particular data for a particular
mobile device 104 includes erasing resource links stored within or associated with the device object corresponding to the particular mobile device. More particularly, the resource links are erased that correspond to the particular resources within thedevice management system 102 that correspond to the resources in the mobile device containing the data to be erased.Device management system 102 then synchronizes the modified device object with themobile device 104. More particular,device management system 102 may pass a device object mapping toclient 308. Upon receipt of the device object mapping,client 308 erases or causes to be erased the resources within themobile device 104 that no longer have corresponding resource links in the corresponding device object. - By way of example, in particular embodiments, the data erasure policies for a particular
mobile device 104 may causedevice management system 102 to selectively erase or selectively not erase data corresponding to a particular file type (e.g., .doc, .xls, .jpeg, .mpeg, .pdf, .mp3, etc.), folder, and/or directory. By way of example, Microsoft Excel documents may be determined to more likely contain enterprise privileged information (e.g., confidential or customer data), and as such, one of the erasure policies may dictate that Microsoft Excel documents should be erased at a particularmobile device 104. As another example, in particular embodiments, the data erasure policies for a particularmobile device 104 may causedevice management system 102 to selectively erase or selectively not erase data stored, updated or otherwise modified within a predetermined period of time (e.g., within the last week, within the last month, since the mobile device was registered, or within any selected time frame). As another example, in particular embodiments, the data erasure policies for a particularmobile device 104 may causedevice management system 102 to selectively erase or selectively not erase data corresponding to files stored in the mobile device by the employee (e.g., pictures stored by the employee, documents stored by the employee, music stored by the employee, etc.). - As another example, in particular embodiments, the data erasure policies for a particular
mobile device 104 may causedevice management system 102 to selectively erase or selectively not erase data corresponding to files that have been pre-tagged. By way of example,client 308 may be configured to erase resources pre-tagged or otherwise recognizable as confidential, enterprise-privileged, black-listed, restricted, regulatory, and those that contain customer data, etc. By way of example, in particular embodiments, the data erasure policies for a particularmobile device 104 may causedevice management system 102 to selectively erase data that has been designated as black-listed automatically and immediately after being detected byclient 308 and/ordevice management system 102. As another example, in particular embodiments, the data erasure policies for a particularmobile device 104 may causedevice management system 102 to selectively erase or selectively not erase data corresponding to files stored in a particular folder or directory. By way of example, an enterprise administrator may be presented with a user interface that includes afile browser 708 showing a file tree including directories or folders as shown inFIG. 7B . The enterprise administrator may then select particular files, folders, or directories to be erased in the mobile device. - In this manner, an employee that used his or her own personal mobile device may leave the enterprise knowing that the user's personal data is safe. That is, if or when the employee leaves the enterprise, the
device management system 102 may selectively erase enterprise-privileged data (e.g., emails, documents, etc.) and leave the user's personal data (e.g., personal emails, pictures, music) stored in the mobile device. A user may be more likely to buy into or subscribe to an enterprise's security policies if the user is assured that the user's personal data is safe; that is, that the user's personal data will not be erased without the user's consent. - It should also be appreciated that an administrator may select a group of
mobile devices 104 to be partially erased simultaneously. It should additionally be appreciated thatdevice management system 102 may be configured to delete all the data on a particular mobile device (i.e., return the mobile device to factory reset). Additionally, in particular embodiments,client 308 may be selectively erased or automatically erased in a partial erasure or complete erasure, respectively. - Although selective logging and erasure have been primarily described as actions that can be taken on a desired granular basis (e.g., individual, group, or sub-group level), it should also be noted that other actions may be taken at a variable granular level. By way of example, an enterprise administrator may set policies for tagging, viewing, moving, copying, and otherwise modifying particular data stored in a particular
mobile device 104 or group ofmobile devices 104 sharing one or more group designations. As a specific example, an administrator may select all themobile devices 104 associated with the staff group designation within the research and development department, and tag all Microsoft Excel files in thesemobile devices 104. - The present disclosure encompasses all changes, substitutions, variations, alterations, and modifications to the example embodiments described herein that a person having ordinary skill in the art would comprehend. Similarly, where appropriate, the appended claims encompass all changes, substitutions, variations, alterations, and modifications to the example embodiments described herein that a person having ordinary skill in the art would comprehend.
Claims (31)
1-22. (canceled)
23. A method, comprising:
storing, in a device management database, group designation information for an enterprise-registered mobile device, the group designation information at least designating the mobile device as employee owned;
selectively logging data from the mobile device in the device management database based at least in part on one or more data logging policies, the data logging policies determined based at least in part on the group designation information; and
providing access to a portion of the logged data determined based at least in part on a group associated with an administrative user.
24. The method of claim 23 , wherein the group associated with an administrative user comprises a role associated with the administrative user.
25. The method of claim 23 , wherein providing access further comprises providing access to the portion of the logged data based at least in part on a role associated with an administrative user, such that a first group of administrative users is provided less restricted access to the logged data than a second group of administrative users.
26. The method of claim 23 , wherein providing access further comprises providing access to the logged data based at least in part on a group associated with an administrative user, such that the group does not have access to at least a portion of the logged data.
27. The method of claim 23 , wherein selectively logging data comprises selectively logging data from the mobile device such that personal data is not logged.
28. The method of claim 23 , wherein selectively logging data further comprises:
determining that at least a portion of the data from the mobile device is personal data; and
selectively logging data from the mobile device based at least in part on the data logging policies such that personal data is not logged.
29. The method of claim 23 , further comprising registering the mobile device with an enterprise by storing registration data for the mobile device in the device management database.
30. The method of claim 29 , wherein:
registering the mobile device comprises creating and storing a device object for the mobile device in the device management database, the device object comprising a device object identifier that uniquely identifies the mobile device; and
storing the group designation information comprises associating the group designation information with the device object.
31. The method of claim 30 , wherein the device management database comprises a plurality of first resources, each first resource comprising a file or other data structure and metadata associated with the file or other data structure, and wherein the mobile device comprises a plurality of second resources stored in the mobile device, each second resource comprising a file or other data structure and metadata associated with the file or other data structure, and wherein selectively logging data comprises:
logging particular second resources stored in the mobile device based on the data logging policies.
32. The method of claim 31 , wherein selectively logging comprises:
creating and storing a new first resource in the device management database, the new first resource corresponding to a particular second resource stored in the mobile device; and
generating and storing a resource link in the device management database, the resource link associating the device object with the new first resource.
33. The method of claim 31 , wherein selectively logging comprises:
generating and storing one or more resource links in the device management database, each resource link associating the device object with one or more first resources stored in the device management database, the one or more first resources corresponding to one or more second resources stored in the mobile device.
34. The method of claim 31 , wherein logging particular second resources comprises one or more of:
logging second resources corresponding to at least one of a particular file type, file folder, and file directory based on the data logging policies;
logging second resources stored or modified at the mobile device within a particular period of time based on the data logging policies; and
logging second resources that have been tagged.
35. The method of claim 23 , wherein selectively logging data comprises:
storing application usage data in the device management database.
36. The method of claim 35 , wherein the application usage data comprises activity data, the activity data comprising one or more of call usage data, email usage data, text messaging usage data, and internet usage data, and wherein only selected activity data is logged based on the one or more data logging policies.
37. The method of claim 36 , wherein the application usage data comprises context data that correlates the activity data based on location data corresponding to the activity data or time data corresponding to the activity data, and wherein only selected context data is logged with corresponding activity data based on the one or more data logging policies.
38. The method of claim 36 , wherein the application usage data comprises enterprise-related content usage data, and wherein only selected content usage data is logged based on the one or more data logging policies.
39. The method of claim 23 , wherein the group designation information includes information at least designating the mobile device as corresponding to an employee owner of a particular enterprise department or a particular enterprise employee class.
40. The method of claim 23 , wherein the one or more data logging policies comprise one or more data retention policies.
41. A system, comprising:
a processor; and
a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to:
store, in a device management database, group designation information for an enterprise-registered mobile device, the group designation information at least designating the mobile device as employee owned;
selectively log data from the mobile device in the device management database based at least in part on one or more data logging policies, the data logging policies determined based at least in part on the group designation information; and
provide access to a portion of the logged data determined based at least in part on a group associated with an administrative user.
42. The system of claim 41 , wherein to provide access the processor is to provide access to the portion of the logged data based at least in part on a role associated with an administrative user, such that a first group of administrative users is provided less restricted access to the logged data than a second group of administrative users.
43. The system of claim 41 , wherein the group associated with an administrative user comprises a role associated with the administrative user.
44. The system of claim 41 , to selectively log data the processor is to selectively log data from the mobile device such that personal data is not logged.
45. The system of claim 41 , wherein to provide access the processor is to provide access to the logged data based at least in part on a group associated with an administrative user, such that the group does not have access to at least a portion of the logged data.
46. The system of claim 41 , wherein the group designation information includes information at least designating the mobile device as corresponding to an employee owner of a particular enterprise department or a particular enterprise employee class.
47. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
storing, in a device management database, group designation information for an enterprise-registered mobile device, the group designation information at least designating the mobile device as employee owned;
selectively logging data from the mobile device in the device management database based at least in part on one or more data logging policies, the data logging policies determined based at least in part on the group designation information; and
providing access to a portion of the logged data determined based at least in part on a group associated with an administrative user.
48. The computer program product recited in claim 47 , wherein providing access further comprises providing access to the portion of the logged data based at least in part on a role associated with an administrative user, such that a first group of administrative users is provided less restricted access to the logged data than a second group of administrative users.
49. The computer program product recited in claim 47 , wherein the group associated with an administrative user comprises a role associated with the administrative user.
50. The computer program product recited in claim 47 , wherein selectively logging data comprises selectively logging data from the mobile device such that personal data is not logged.
51. The computer program product recited in claim 47 , further comprising computer instructions for registering the mobile device with the enterprise by storing registration data for the mobile device in the device management database.
52. The computer program product recited in claim 47 , wherein selectively logging data comprises storing application usage data in the device management database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/179,309 US20140164437A1 (en) | 2009-05-20 | 2014-02-12 | Selective management of mobile device data in an enterprise environment |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/469,612 US8695058B2 (en) | 2009-05-20 | 2009-05-20 | Selective management of mobile device data in an enterprise environment |
US14/179,309 US20140164437A1 (en) | 2009-05-20 | 2014-02-12 | Selective management of mobile device data in an enterprise environment |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/469,612 Continuation US8695058B2 (en) | 2009-05-20 | 2009-05-20 | Selective management of mobile device data in an enterprise environment |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140164437A1 true US20140164437A1 (en) | 2014-06-12 |
Family
ID=43125284
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/469,612 Active 2030-07-05 US8695058B2 (en) | 2009-05-20 | 2009-05-20 | Selective management of mobile device data in an enterprise environment |
US14/179,309 Abandoned US20140164437A1 (en) | 2009-05-20 | 2014-02-12 | Selective management of mobile device data in an enterprise environment |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/469,612 Active 2030-07-05 US8695058B2 (en) | 2009-05-20 | 2009-05-20 | Selective management of mobile device data in an enterprise environment |
Country Status (1)
Country | Link |
---|---|
US (2) | US8695058B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150100677A1 (en) * | 2013-10-08 | 2015-04-09 | Canon Kabushiki Kaisha | Managing server system, and control method for the same |
US10868782B2 (en) | 2018-07-12 | 2020-12-15 | Bank Of America Corporation | System for flagging data transmissions for retention of metadata and triggering appropriate transmission placement |
Families Citing this family (135)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1951060B (en) | 2004-04-30 | 2011-11-30 | 捷讯研究有限公司 | System and method for handling data transfers |
US7614082B2 (en) | 2005-06-29 | 2009-11-03 | Research In Motion Limited | System and method for privilege management and revocation |
CA2578515A1 (en) * | 2007-01-12 | 2008-07-12 | Truecontext Corporation | Method and system for real time records from aggregated mobile data |
US20100070466A1 (en) | 2008-09-15 | 2010-03-18 | Anand Prahlad | Data transfer techniques within data storage devices, such as network attached storage performing data migration |
US20100159898A1 (en) | 2008-12-19 | 2010-06-24 | Openpeak, Inc. | Services platform for networked devices that provide telephony and digital media services |
US8615581B2 (en) | 2008-12-19 | 2013-12-24 | Openpeak Inc. | System for managing devices and method of operation of same |
US8650290B2 (en) | 2008-12-19 | 2014-02-11 | Openpeak Inc. | Portable computing device and method of operation of same |
US8745213B2 (en) | 2008-12-19 | 2014-06-03 | Openpeak Inc. | Managed services platform and method of operation of same |
US8713173B2 (en) | 2008-12-19 | 2014-04-29 | Openpeak Inc. | System and method for ensuring compliance with organizational policies |
US8856322B2 (en) | 2008-12-19 | 2014-10-07 | Openpeak Inc. | Supervisory portal systems and methods of operation of same |
US8788655B2 (en) | 2008-12-19 | 2014-07-22 | Openpeak Inc. | Systems for accepting and approving applications and methods of operation of same |
US8612582B2 (en) | 2008-12-19 | 2013-12-17 | Openpeak Inc. | Managed services portals and method of operation of same |
EP2336904A1 (en) * | 2009-12-18 | 2011-06-22 | Siemens Aktiengesellschaft | A method for safeguarding the integrity of a relational database in case of structural transaction execution |
US8522343B2 (en) * | 2009-12-21 | 2013-08-27 | Palm, Inc. | Removing an active application from a remote device |
US20110302215A1 (en) * | 2010-06-04 | 2011-12-08 | Research In Motion Limited | Assembly, and associated method, for controlling disposition of enterprise data at a wireless device |
US20120005152A1 (en) * | 2010-07-01 | 2012-01-05 | Peter Westen | Merged Event Logs |
US8832855B1 (en) | 2010-09-07 | 2014-09-09 | Symantec Corporation | System for the distribution and deployment of applications with provisions for security and policy conformance |
US8955152B1 (en) * | 2010-09-07 | 2015-02-10 | Symantec Corporation | Systems and methods to manage an application |
US9043863B1 (en) | 2010-09-07 | 2015-05-26 | Symantec Corporation | Policy enforcing browser |
US9147085B2 (en) * | 2010-09-24 | 2015-09-29 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US9244779B2 (en) | 2010-09-30 | 2016-01-26 | Commvault Systems, Inc. | Data recovery operations, such as recovery from modified network data management protocol data |
EP2630749B1 (en) * | 2010-10-22 | 2019-01-30 | Hewlett-Packard Enterprise Development LP | Distributed network instrumentation system |
US9225727B2 (en) | 2010-11-15 | 2015-12-29 | Blackberry Limited | Data source based application sandboxing |
US8589453B2 (en) * | 2010-12-23 | 2013-11-19 | Sap Ag | Mass modification of attribute values of objects |
US10168413B2 (en) | 2011-03-25 | 2019-01-01 | T-Mobile Usa, Inc. | Service enhancements using near field communication |
US20130039266A1 (en) | 2011-08-08 | 2013-02-14 | Research In Motion Limited | System and method to increase link adaptation performance with multi-level feedback |
US9824199B2 (en) | 2011-08-25 | 2017-11-21 | T-Mobile Usa, Inc. | Multi-factor profile and security fingerprint analysis |
US8806570B2 (en) | 2011-10-11 | 2014-08-12 | Citrix Systems, Inc. | Policy-based application management |
US9183380B2 (en) | 2011-10-11 | 2015-11-10 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
US9280377B2 (en) | 2013-03-29 | 2016-03-08 | Citrix Systems, Inc. | Application with multiple operation modes |
US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
US20140053234A1 (en) | 2011-10-11 | 2014-02-20 | Citrix Systems, Inc. | Policy-Based Application Management |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US9497220B2 (en) | 2011-10-17 | 2016-11-15 | Blackberry Limited | Dynamically generating perimeters |
US9161226B2 (en) | 2011-10-17 | 2015-10-13 | Blackberry Limited | Associating services to perimeters |
US9613219B2 (en) | 2011-11-10 | 2017-04-04 | Blackberry Limited | Managing cross perimeter access |
US8799227B2 (en) | 2011-11-11 | 2014-08-05 | Blackberry Limited | Presenting metadata from multiple perimeters |
US8713646B2 (en) | 2011-12-09 | 2014-04-29 | Erich Stuntebeck | Controlling access to resources on a network |
US10404615B2 (en) | 2012-02-14 | 2019-09-03 | Airwatch, Llc | Controlling distribution of resources on a network |
US10257194B2 (en) | 2012-02-14 | 2019-04-09 | Airwatch Llc | Distribution of variably secure resources in a networked environment |
US9680763B2 (en) | 2012-02-14 | 2017-06-13 | Airwatch, Llc | Controlling distribution of resources in a network |
US9705813B2 (en) | 2012-02-14 | 2017-07-11 | Airwatch, Llc | Controlling distribution of resources on a network |
WO2013148096A1 (en) * | 2012-03-30 | 2013-10-03 | Commvault Systems, Inc. | Informaton management of mobile device data |
US9665576B2 (en) | 2012-05-14 | 2017-05-30 | International Business Machines Corporation | Controlling enterprise data on mobile device via the use of a tag index |
US9369466B2 (en) | 2012-06-21 | 2016-06-14 | Blackberry Limited | Managing use of network resources |
GB2503441A (en) | 2012-06-26 | 2014-01-01 | Ibm | Managing mobile devices using other mobile devices based on loation |
US9053340B2 (en) | 2012-10-12 | 2015-06-09 | Citrix Systems, Inc. | Enterprise application store for an orchestration framework for connected devices |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US20140109171A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
US20140109176A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
US8910239B2 (en) | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
WO2014062804A1 (en) | 2012-10-16 | 2014-04-24 | Citrix Systems, Inc. | Application wrapping for application management framework |
US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
US9247432B2 (en) | 2012-10-19 | 2016-01-26 | Airwatch Llc | Systems and methods for controlling network access |
US9075955B2 (en) | 2012-10-24 | 2015-07-07 | Blackberry Limited | Managing permission settings applied to applications |
US8656016B1 (en) | 2012-10-24 | 2014-02-18 | Blackberry Limited | Managing application execution and data access on a device |
US8832785B2 (en) | 2012-12-06 | 2014-09-09 | Airwatch, Llc | Systems and methods for controlling email access |
US8862868B2 (en) | 2012-12-06 | 2014-10-14 | Airwatch, Llc | Systems and methods for controlling email access |
US9021037B2 (en) | 2012-12-06 | 2015-04-28 | Airwatch Llc | Systems and methods for controlling email access |
US8978110B2 (en) | 2012-12-06 | 2015-03-10 | Airwatch Llc | Systems and methods for controlling email access |
US8826432B2 (en) | 2012-12-06 | 2014-09-02 | Airwatch, Llc | Systems and methods for controlling email access |
US9069799B2 (en) | 2012-12-27 | 2015-06-30 | Commvault Systems, Inc. | Restoration of centralized data storage manager, such as data storage manager in a hierarchical data storage system |
US9003480B2 (en) * | 2013-03-13 | 2015-04-07 | International Business Machines Corporation | Classifying files on a mobile computer device |
US20140280955A1 (en) | 2013-03-14 | 2014-09-18 | Sky Socket, Llc | Controlling Electronically Communicated Resources |
US9549316B2 (en) | 2013-03-14 | 2017-01-17 | Mce-Sys Ltd. | Host device coupled to a mobile phone and method of operating the same |
US9473417B2 (en) | 2013-03-14 | 2016-10-18 | Airwatch Llc | Controlling resources used by computing devices |
US9819682B2 (en) | 2013-03-15 | 2017-11-14 | Airwatch Llc | Certificate based profile confirmation |
US9275245B2 (en) | 2013-03-15 | 2016-03-01 | Airwatch Llc | Data access sharing |
US9148416B2 (en) | 2013-03-15 | 2015-09-29 | Airwatch Llc | Controlling physical access to secure areas via client devices in a networked environment |
US9378350B2 (en) | 2013-03-15 | 2016-06-28 | Airwatch Llc | Facial capture managing access to resources by a device |
US8997187B2 (en) | 2013-03-15 | 2015-03-31 | Airwatch Llc | Delegating authorization to applications on a client device in a networked environment |
US10652242B2 (en) | 2013-03-15 | 2020-05-12 | Airwatch, Llc | Incremental compliance remediation |
US9401915B2 (en) | 2013-03-15 | 2016-07-26 | Airwatch Llc | Secondary device as key for authorizing access to resources |
US9280660B2 (en) | 2013-03-15 | 2016-03-08 | Cognizant Business Services Limited | Mobile information management methods and systems |
US9203820B2 (en) | 2013-03-15 | 2015-12-01 | Airwatch Llc | Application program as key for authorizing access to resources |
US8850049B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing mobile device management functionalities for a managed browser |
US8813179B1 (en) | 2013-03-29 | 2014-08-19 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9413736B2 (en) | 2013-03-29 | 2016-08-09 | Citrix Systems, Inc. | Providing an enterprise application store |
US20140297840A1 (en) | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US9355223B2 (en) | 2013-03-29 | 2016-05-31 | Citrix Systems, Inc. | Providing a managed browser |
US9787686B2 (en) | 2013-04-12 | 2017-10-10 | Airwatch Llc | On-demand security policy activation |
US10754966B2 (en) | 2013-04-13 | 2020-08-25 | Airwatch Llc | Time-based functionality restrictions |
US8914013B2 (en) | 2013-04-25 | 2014-12-16 | Airwatch Llc | Device management macros |
US9123031B2 (en) | 2013-04-26 | 2015-09-01 | Airwatch Llc | Attendance tracking via device presence |
US9426162B2 (en) | 2013-05-02 | 2016-08-23 | Airwatch Llc | Location-based configuration policy toggling |
US9064125B2 (en) | 2013-05-03 | 2015-06-23 | Citrix Systems, Inc. | Image analysis and management |
KR101337208B1 (en) * | 2013-05-07 | 2013-12-05 | 주식회사 안랩 | Method and apparatus for managing data of application in portable device |
US9246918B2 (en) | 2013-05-10 | 2016-01-26 | Airwatch Llc | Secure application leveraging of web filter proxy services |
US9058495B2 (en) | 2013-05-16 | 2015-06-16 | Airwatch Llc | Rights management services integration with mobile device management |
US9584437B2 (en) | 2013-06-02 | 2017-02-28 | Airwatch Llc | Resource watermarking and management |
US9900261B2 (en) | 2013-06-02 | 2018-02-20 | Airwatch Llc | Shared resource watermarking and management |
US20140358703A1 (en) | 2013-06-04 | 2014-12-04 | SkySocket, LLC | Item Delivery Optimization |
US9270777B2 (en) | 2013-06-06 | 2016-02-23 | Airwatch Llc | Social media and data sharing controls for data security purposes |
US9535857B2 (en) | 2013-06-25 | 2017-01-03 | Airwatch Llc | Autonomous device interaction |
US8924608B2 (en) | 2013-06-25 | 2014-12-30 | Airwatch Llc | Peripheral device management |
US8756426B2 (en) | 2013-07-03 | 2014-06-17 | Sky Socket, Llc | Functionality watermarking and management |
US8806217B2 (en) | 2013-07-03 | 2014-08-12 | Sky Socket, Llc | Functionality watermarking and management |
US8775815B2 (en) | 2013-07-03 | 2014-07-08 | Sky Socket, Llc | Enterprise-specific functionality watermarking and management |
US20150032874A1 (en) * | 2013-07-25 | 2015-01-29 | Wal-Mart Stores, Inc | Computer data volume tracker system and method |
US9665723B2 (en) | 2013-08-15 | 2017-05-30 | Airwatch, Llc | Watermarking detection and management |
US9516005B2 (en) | 2013-08-20 | 2016-12-06 | Airwatch Llc | Individual-specific content management |
US10129242B2 (en) | 2013-09-16 | 2018-11-13 | Airwatch Llc | Multi-persona devices and management |
KR20150047831A (en) * | 2013-10-25 | 2015-05-06 | 한국전자통신연구원 | Apparatus and method for transmitting data of collected from smart device |
US9544306B2 (en) | 2013-10-29 | 2017-01-10 | Airwatch Llc | Attempted security breach remediation |
US9258301B2 (en) | 2013-10-29 | 2016-02-09 | Airwatch Llc | Advanced authentication techniques |
US10742520B2 (en) | 2013-12-31 | 2020-08-11 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US10116701B2 (en) | 2014-04-01 | 2018-10-30 | Ent. Services Development Corporation Lp | Device-type based content management |
KR102277772B1 (en) * | 2014-04-30 | 2021-07-14 | 삼성전자주식회사 | Apparatus and method for integrated management of data in mobile device, and the mobile device |
WO2015187865A1 (en) | 2014-06-03 | 2015-12-10 | Kaprica Security, Inc. | High-speed application for installation on mobile devices for permitting remote configuration of such mobile devices |
US20150358353A1 (en) * | 2014-06-06 | 2015-12-10 | Microsoft Corporation | Enhanced selective wipe for compromised devices |
US11301799B1 (en) | 2014-10-09 | 2022-04-12 | Aeris Communications, Inc. | Tracking physical delivery of products through a fulfillment system |
US9584964B2 (en) | 2014-12-22 | 2017-02-28 | Airwatch Llc | Enforcement of proximity based policies |
US9413754B2 (en) | 2014-12-23 | 2016-08-09 | Airwatch Llc | Authenticator device facilitating file security |
US9727378B2 (en) | 2015-01-21 | 2017-08-08 | Microsoft Technology Licensing, Llc | Persistent unenrollment for devices under management |
US9928144B2 (en) | 2015-03-30 | 2018-03-27 | Commvault Systems, Inc. | Storage management of data using an open-archive architecture, including streamlined access to primary data originally stored on network-attached storage and archived to secondary storage |
WO2016175761A1 (en) | 2015-04-28 | 2016-11-03 | Hewlett-Packard Development Company, L.P. | Acquisition of a device fingerprint from an instance of a client application |
US9966073B2 (en) | 2015-05-27 | 2018-05-08 | Google Llc | Context-sensitive dynamic update of voice to text model in a voice-enabled electronic device |
US9870196B2 (en) * | 2015-05-27 | 2018-01-16 | Google Llc | Selective aborting of online processing of voice inputs in a voice-enabled electronic device |
US10083697B2 (en) * | 2015-05-27 | 2018-09-25 | Google Llc | Local persisting of data for selectively offline capable voice action in a voice-enabled electronic device |
US10148826B2 (en) | 2015-08-28 | 2018-12-04 | At&T Intellectual Property I, L.P. | Methods and apparatus to interface with different service provider information technology systems supporting service ordering |
US10101913B2 (en) | 2015-09-02 | 2018-10-16 | Commvault Systems, Inc. | Migrating data to disk without interrupting running backup operations |
US10079796B2 (en) | 2016-02-05 | 2018-09-18 | Vaultcast, Inc. | Method and system for secure private multi-party electronic communication |
US9917862B2 (en) | 2016-04-14 | 2018-03-13 | Airwatch Llc | Integrated application scanning and mobile enterprise computing management system |
US9916446B2 (en) | 2016-04-14 | 2018-03-13 | Airwatch Llc | Anonymized application scanning for mobile devices |
WO2017218154A1 (en) | 2016-06-17 | 2017-12-21 | MobileIron, Inc. | Leveraging and extending mobile operating system mdm protocol |
US10270784B1 (en) | 2017-03-20 | 2019-04-23 | Cruzeiro Associates, Inc. | Systems, devices, software, and methods for location based device and application management |
US10200837B1 (en) | 2017-07-27 | 2019-02-05 | Cisco Technology, Inc. | Remote provisioning of SIMs for enterprises |
US10742735B2 (en) | 2017-12-12 | 2020-08-11 | Commvault Systems, Inc. | Enhanced network attached storage (NAS) services interfacing to cloud storage |
US20190215380A1 (en) * | 2018-01-09 | 2019-07-11 | Vmware, Inc. | Data driven user interfaces for device management |
US10841342B2 (en) | 2018-01-09 | 2020-11-17 | Vmware, Inc. | Data driven user interfaces for device management |
US11412013B2 (en) * | 2019-08-07 | 2022-08-09 | Jpmorgan Chase Bank, N.A. | System and method for implementing video soft phone applications |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020107701A1 (en) * | 2001-02-02 | 2002-08-08 | Batty Robert L. | Systems and methods for metering content on the internet |
US20050282559A1 (en) * | 2003-02-25 | 2005-12-22 | Boston Communications Group, Inc. | Method and system for providing supervisory control over wireless phone data usage |
US7363330B1 (en) * | 1999-06-07 | 2008-04-22 | Symantec Corporation | Work monitor with file synchronization |
US20080126431A1 (en) * | 2006-11-24 | 2008-05-29 | Stefan Walliser | Method and Device for Data Backup |
US20090164588A1 (en) * | 2007-12-22 | 2009-06-25 | D Amato Paul | Email categorization methods, coding, and tools |
US8611928B1 (en) * | 2006-08-23 | 2013-12-17 | Aol Inc. | Location-based parental controls |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6151606A (en) * | 1998-01-16 | 2000-11-21 | Visto Corporation | System and method for using a workspace data manager to access, manipulate and synchronize network data |
US6725444B2 (en) * | 2000-12-14 | 2004-04-20 | Communication Technologies, Inc. | System and method for programmable removal of sensitive information from computing systems |
FI20002812A0 (en) * | 2000-12-21 | 2000-12-21 | Nokia Mobile Phones Ltd | Contextual data collection and monitoring arrangement and contextual reminder |
EP2955896B1 (en) * | 2002-08-09 | 2017-10-18 | Good Technology Holdings Limited | System and method for preventing access to data on a compromised remote device |
US7437752B2 (en) * | 2002-09-23 | 2008-10-14 | Credant Technologies, Inc. | Client architecture for portable device with security policies |
US7793355B2 (en) * | 2002-12-12 | 2010-09-07 | Reasearch In Motion Limited | System and method of owner control of electronic devices |
US8020192B2 (en) * | 2003-02-28 | 2011-09-13 | Michael Wright | Administration of protection of data accessible by a mobile device |
US20080312941A1 (en) * | 2007-06-14 | 2008-12-18 | Qualcomm Incorporated | Separable billing for personal data services |
US7239877B2 (en) * | 2003-10-07 | 2007-07-03 | Accenture Global Services Gmbh | Mobile provisioning tool system |
US8073427B2 (en) * | 2004-06-30 | 2011-12-06 | At&T Intellectual Property I, L.P. | Remotely requesting an alert from a lost or stolen wireless device |
US8005913B1 (en) * | 2005-01-20 | 2011-08-23 | Network Protection Sciences, LLC | Controlling, filtering, and monitoring of mobile device access to the internet, data, voice, and applications |
US7218924B2 (en) * | 2005-04-14 | 2007-05-15 | International Business Machines Corporation | Method for restricting calls to a cell phone |
US7970386B2 (en) * | 2005-06-03 | 2011-06-28 | Good Technology, Inc. | System and method for monitoring and maintaining a wireless device |
US8010997B2 (en) * | 2005-06-30 | 2011-08-30 | Microsoft Corporation | Enforcing device settings for mobile devices |
US7584201B2 (en) * | 2005-08-10 | 2009-09-01 | Qwest Communications International, Inc | Management of mobile-device data |
US7702322B1 (en) * | 2006-02-27 | 2010-04-20 | Good Technology, Llc | Method and system for distributing and updating software in wireless devices |
US8218015B2 (en) * | 2006-09-01 | 2012-07-10 | Research In Motion Limited | Method for monitoring and controlling photographs taken in a proprietary area |
US7721156B2 (en) * | 2006-09-27 | 2010-05-18 | International Business Machines Corporation | Selective logging of computer activity |
US7730179B2 (en) * | 2007-06-26 | 2010-06-01 | Novell, Inc. | System and method for policy-based registration of client devices |
US8060074B2 (en) * | 2007-07-30 | 2011-11-15 | Mobile Iron, Inc. | Virtual instance architecture for mobile device management systems |
US20090049518A1 (en) * | 2007-08-08 | 2009-02-19 | Innopath Software, Inc. | Managing and Enforcing Policies on Mobile Devices |
US20090280795A1 (en) * | 2008-05-08 | 2009-11-12 | O'shaughnessy John | System and Method for the Management of the Mobile Device Life Cycle |
US20100277326A1 (en) * | 2009-05-01 | 2010-11-04 | BoxTone, Inc. | Method and system for monitoring portable communication devices |
-
2009
- 2009-05-20 US US12/469,612 patent/US8695058B2/en active Active
-
2014
- 2014-02-12 US US14/179,309 patent/US20140164437A1/en not_active Abandoned
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7363330B1 (en) * | 1999-06-07 | 2008-04-22 | Symantec Corporation | Work monitor with file synchronization |
US20020107701A1 (en) * | 2001-02-02 | 2002-08-08 | Batty Robert L. | Systems and methods for metering content on the internet |
US20050282559A1 (en) * | 2003-02-25 | 2005-12-22 | Boston Communications Group, Inc. | Method and system for providing supervisory control over wireless phone data usage |
US8611928B1 (en) * | 2006-08-23 | 2013-12-17 | Aol Inc. | Location-based parental controls |
US20080126431A1 (en) * | 2006-11-24 | 2008-05-29 | Stefan Walliser | Method and Device for Data Backup |
US20090164588A1 (en) * | 2007-12-22 | 2009-06-25 | D Amato Paul | Email categorization methods, coding, and tools |
Non-Patent Citations (3)
Title |
---|
Article entitled "Access Rights to Business Data on Personally-Owned Computers", by Montana, dated October 2004 * |
Article entitled "Is it Time for Employee-Provisioned Hardware Programs?", by Overby, dated 28 August 2008 * |
Article entitled "Who Owns Business Data on Personally Owned Computers", by Montana, dated June 2005 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150100677A1 (en) * | 2013-10-08 | 2015-04-09 | Canon Kabushiki Kaisha | Managing server system, and control method for the same |
US10868782B2 (en) | 2018-07-12 | 2020-12-15 | Bank Of America Corporation | System for flagging data transmissions for retention of metadata and triggering appropriate transmission placement |
Also Published As
Publication number | Publication date |
---|---|
US8695058B2 (en) | 2014-04-08 |
US20100299376A1 (en) | 2010-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8695058B2 (en) | Selective management of mobile device data in an enterprise environment | |
US20100299152A1 (en) | Selective Management of Mobile Devices in an Enterprise Environment | |
US20120149339A1 (en) | Archiving Text Messages | |
US10171648B2 (en) | Mobile posture-based policy, remediation and access control for enterprise resources | |
US8862105B2 (en) | Management of mobile applications | |
US9917698B2 (en) | Management of certificates for mobile devices | |
US9203698B2 (en) | Remote verification for configuration updates | |
US8526929B1 (en) | Mobile communication device provisioning and management | |
US20160226972A1 (en) | Mechanism for facilitating dynamic storage management for mobile computing devices | |
CN103891242A (en) | System and method for profile based filtering of outgoing information in a mobile environment | |
WO2012047273A1 (en) | Service design center for device assisted services | |
CA2952108A1 (en) | Enforcing policies based on information received from external systems | |
CN106550032A (en) | A kind of data back up method, apparatus and system | |
KR20200022936A (en) | Method for providing virtual working environment by using user context-aware and virtual desktop infrastructure server using the same | |
JP2017502408A (en) | How to provide file aging service | |
KR20140011068A (en) | System for mobile device management in place of business | |
US8959656B1 (en) | Segmented architecture method and system | |
Cavoukian | Wi-Fi positioning systems: Beware of unintended consequences issues involving the unforeseen uses of pre-existing architecture | |
CN106713488A (en) | Data transmission method and system | |
EP3165013A1 (en) | Enforcing policies based on information received from external systems | |
Kumar et al. | Mobile information catalog surveillance | |
KR20150055993A (en) | Method of providing commercial register notification service | |
Guan | Hardening the security of Apple mobile devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: IVANTI, INC., UTAH Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOBILEIRON, INC.;REEL/FRAME:061327/0751 Effective date: 20220801 |