US20140195927A1 - Multi-Persona Devices and Management - Google Patents

Multi-Persona Devices and Management Download PDF

Info

Publication number
US20140195927A1
US20140195927A1 US14/203,836 US201414203836A US2014195927A1 US 20140195927 A1 US20140195927 A1 US 20140195927A1 US 201414203836 A US201414203836 A US 201414203836A US 2014195927 A1 US2014195927 A1 US 2014195927A1
Authority
US
United States
Prior art keywords
persona
user
personas
user device
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/203,836
Inventor
William DeWeese
Jonathan Blake Brannon
Erich Stuntebeck
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SkySocket LLC
Airwatch LLC
Original Assignee
SkySocket LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SkySocket LLC filed Critical SkySocket LLC
Priority to US14/203,836 priority Critical patent/US20140195927A1/en
Assigned to SkySocket, LLC reassignment SkySocket, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BRANNON, JONATHAN BLAKE, DEWEESE, WILLIAM, STUNTEBECK, ERICH
Publication of US20140195927A1 publication Critical patent/US20140195927A1/en
Assigned to AIRWATCH LLC reassignment AIRWATCH LLC MERGER (SEE DOCUMENT FOR DETAILS). Assignors: SKY SOCKET, LLC
Priority to US15/171,411 priority patent/US20160277387A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • G06F9/4451User profiles; Roaming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1637Details related to the display arrangement, including those related to the mounting of the display in the housing
    • G06F1/1647Details related to the display arrangement, including those related to the mounting of the display in the housing including at least an additional display

Definitions

  • BYOD programs allow employees to utilize personal mobile user devices to access enterprise resources.
  • BYOD programs gain momentum and popularity amongst employers and employees, the concern and desire to ensure enterprise resources and personal content are kept separate grows as well.
  • an organization's primary concerns relate to worker productivity, specific duties, and availability, while maintaining a secure and manageable user device environment.
  • Employees appreciate the availability and convenience associated with wirelessly accessing enterprise resources and content, but desire assurance that the privacy of their personal content is upheld, even with corporate applications installed on their personal user devices.
  • a device may comprise a housing embedding a display, one or more processors, and one or more memory storages.
  • a first processor and/or memory storage may be dedicated to a first unique user persona and a second processor and/or memory storage may be dedicated to a second unique user persona.
  • the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active.
  • a “persona” generally relates to various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to end user devices to deploy changes to current attributes and/or configurations either by group definition or on an individual basis.
  • multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
  • the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
  • the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
  • one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
  • Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • FIG. 1 is a block diagram illustrating an embodiment of an example environment consisting of multiple personas individually represented, yet simultaneously engaged via a network to a common and unique system.
  • FIG. 2A is an example block diagram of a user device according to one embodiment.
  • FIG. 2B illustrates an embodiment of a single device comprising multiple personas, managed by a persona management module.
  • FIG. 3 is an example block diagram illustrating one embodiment entailing a unitary system comprising multiple personas supervised by a persona management module contemporaneously interacting with a mobile device management system and third party content via a communicatively coupled network.
  • FIG. 4A illustrates an example embodiment of a single user device with a screen attached to either side comprising a dual screen user device.
  • FIG. 4B illustrates an embodiment representing one screen of a dual screen device.
  • FIG. 4C is an illustration of another embodiment of another screen encompassed in a dual screen device.
  • FIG. 4D shows an example embodiment exhibiting multiple personas on a single screen of a user device.
  • FIG. 5 is a flow chart illustrating an example method of multiple personas interfacing with a singular operating system, a persona management module, hardware and the relationship therein.
  • FIG. 6 is a flow chart illustrating an example method for employing persona characteristics and settings on a user device via a management console.
  • FIG. 7 is a flow chart illustrating a method of a user device comprising multiple personas receiving and implementing rules from a management console.
  • FIG. 8 is a flow chart illustrating a method for managing data in connection with toggling personas on a user device in a multiple person environment according to one embodiment of the present disclosure.
  • the technical effects of some example embodiments of this disclosure may include establishing control of access to networks and resources when access lists may not be predefined, and reducing and/or eliminating the burden of predefining access lists to control access to networks and resources. Moreover, the technical effects of some example embodiments may include enhancing network access control by assigning specific access rights based on access lists to client devices authorized to access associated network beacons and resources.
  • Other technical effects of some example embodiments of this disclosure may include offering group management solutions to managing content access and distribution.
  • users of a sales group may have read access to marketing documents and presentations, while users in a marketing group may be able to edit and/or annotate the market documents.
  • users in an accounting or business services group may be the only ones with access to enterprise financial documents.
  • These access controls may be provided by distributing authorization credentials to devices associated with users of the respective group.
  • Each user may then authenticate to their device, such as by inputting a username, password, authentication key, and/or biometric data, before the device may access and/or retrieve the content authorized for distribution to that device.
  • These authentication types are provided as examples only and are not intended to be limiting as many other types of user authentication are in use and/or may be contemplated in the future.
  • aspects of the present disclosure relate to mobile device hardware and/or software or functionality for managing multiple personas on a given mobile device.
  • Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device.
  • a “persona” generally comprises various settings, policies, rules, configurations and/or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously.
  • some embodiments enable remote access to the personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
  • multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
  • the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
  • the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
  • one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
  • Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • Content access may be further limited by policies that enforce other compliance restrictions based on properties of the device such as time, location, device security and/or integrity, presence of another device, software versions, required software, etc.
  • policies may designate student and instructor groups. These groups may be further assigned to specific classes such that only student group members associated with a given class may access content associated with that class. Further, edit access to the content for the class may be restricted to the user(s) in the instructor group and/or student group members may be permitted to add content that only the instructor may view (e.g., homework assignments).
  • the instructor group user(s) may be able to push content to student group user(s) and/or activate temporary control of the students' devices to prevent the devices from accessing non-class related content during class time.
  • an enterprise such as an educational institution and/or a business may implement a “bring your own device” (BYOD) policy to allow an employee to use his/her personal device to access enterprise resources rather than provide the user with an enterprise owned user device for such purpose.
  • BYOD “bring your own device”
  • a user device administrator i.e. IT administrator
  • the user device administrator may enroll user devices into the management system to monitor the user devices for security vulnerabilities and to configure the user devices for secure access to enterprise resources.
  • the user device administrator may create and/or configure at least one configuration profile via a user interface provided by the management system.
  • a configuration profile may comprise a set of instructions and/or settings that configure the operations and/or functions of a user device, which may ensure the security of the accessed resources.
  • the user device administrator may, for instance, configure an enterprise email configuration profile by specifying the network address and access credentials of an enterprise email account that the users of the user devices are authorized to access.
  • configuration policies may include, but are not limited to, hardware, software, application, function, cellular, text message, and data use restrictions, which may be based at least in part on the current time and/or location of the restricted user device.
  • the user device administrator may thereafter deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles.
  • the user devices may also have access to personal configuration profiles that may be created by the users of the user devices.
  • the user devices may, for instance, have access to a personal email configuration profile that was created by a user of the user device to provide access to her personal email account.
  • a user device enrolled in a BYOD management system may have more than one configuration profile for a given use of the user device, such as a personal email configuration profile and an enterprise email configuration profile that are both used for accessing email accounts on the user device.
  • the user devices may be instructed to enable and/or disable certain configuration profiles according to authorization rights specified by the user device administrator, such as location and/or time-based authorization rights.
  • a BYOD policy may specify that user devices enrolled in the BYOD management system are authorized for personal use outside of the workday and are authorized for business use during the workday.
  • a BYOD device may be restricted to enterprise uses while in work locations and/or prohibited from accessing enterprise resources while outside of secure work locations.
  • a user device administrator may instruct the user devices to toggle between personal configuration policies and enterprise configuration policies based on factors such as the current time and/or location associated with the user device.
  • the current time may be based on the current time at the current location of the user device, which may be determined by GPS, Wi-Fi, Cellular Triangulation, etc., or may be based on the current time at a configured primary location associated with the user device, which may be the primary office location of an employee user of the user device.
  • time-based configuration profile toggling may be provided by instructing a user device to enable business configuration profiles and disable personal configuration profiles while the current time is between 9 AM and 5 PM at the current location of the user device, and to disable business configuration profiles and enable personal configuration profiles while the current time is between 5 PM and 9 AM at the current location of the user device.
  • aspects of the present disclosure relate to mobile device hardware and/or associated software or functionality for managing multiple personas on a given mobile device.
  • Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device, thus enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device.
  • a “persona” generally comprises various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously.
  • some embodiments enable remote access to a personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
  • multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
  • the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
  • the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
  • one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
  • Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • Multiple persona device management generally relates to the implementation and management of a plurality of personas on a singular user device to segregate and quarantine a set of attributes relating to a singular persona from other personas accessible on the same user device.
  • a persona may comprise a collection or group of data sets, configurations (assignment of resources, policies, rules, etc.), appearances, particular functionality, branding, billing parameters, physical components, and/or preferences with which a user device or a portion of a user device is associated.
  • An example embodiment of multiple persona device management involves the ability, at an end user's discretion, to toggle between the various personas. Furthermore, the device may autonomously toggle between personas or present the option to toggle between personas based on predetermined triggering events embedded within the multiple persona device management technology.
  • One example of implemented multiple persona device management comprises a family owning a single tablet device consisting of exclusive personas representing each family member. Thereby, each family member retains a unique set of applications, settings, and customizations associated with his or her respective persona.
  • Another example entails a user device enrolled in a BYOD program in a work setting in which a mobile device management system merges multiple personas.
  • the user device can separate an enterprise persona for receiving, accessing, and distributing corporate content and a personal persona for maintaining interaction with personal matters as shown in FIG. 1 .
  • multiple persona management on a mobile device can be divided into at least two broad categories: (1) physical persona separation via either multiple physical components within a single mobile device, and/or (2) virtual persona separation via virtual division of components, data segregation, or the like.
  • physical separation may include a device with multiple screens, multiple processors, multiple memories, etc.
  • the virtual separation embodiments provide a virtual separation of components (e.g., virtual processors), or a data separation coupled with some visual or audible separation designation, or the like.
  • FIG. 1 illustrates an example environment 100 comprising a single user device employing multiple personas (this example exhibits dual personas, but as will be understood and appreciated by one skilled in the art, one may elect to employ any number of personas on a single user device), an end user, and two separate hypothetical end user environments.
  • an example of “two persona” or “dual persona” device management will be used for example purposes in connection with the presented Figures, but as will be understood by one of ordinary skill in the art, the example of dual persona device management is presented for example purposes only and any number of personas may be implemented on a user device 103 .
  • enterprise end user 109 A is capable of accessing and conducting enterprise matters, such as reading and creating corporate email, viewing and editing documents, accessing content via Share Point, and matters of the like, on a persona 2 118 segment of the individual user device 103 .
  • Persona 2 118 exemplifies the corporate partition of a dual persona device 103 with multiple persona device management applied to the user device 103 . This may be the primary active persona during working hours or while a GPS recognizes the end user's location to be in a corporate building or office.
  • a personal persona 1 115 is still active on the back-end of the multiple persona device management system (or on the device 103 itself) and is simultaneously receiving and transmitting data intended for persona 1 115 .
  • the illustrated embodiment represents the same user 109 B utilizing the same user device 103 in a personal environment (e.g., at home, in a restaurant, or other location away from the office).
  • a persona 1 115 relates to the personal end user environment of the user 109 B in which all personal data (e.g., phone calls, text messages, non-enterprise email, personal applications, personal web browsing data, etc.) is distinctly routed and stored.
  • the independent persona 1 115 allows an end user 109 B to maintain user device functionality in accordance with personal settings, characteristics and attributes separately from enterprise-related data and functionality.
  • a data network 154 enables operative connections between persona 2 118 , persona 1 115 , third-party systems and products 124 , and a mobile device management system (MDMS) 121 for routing data amongst the involved entities.
  • a data network 154 may comprise a wireless IEEE 802.b,g,n network, a cellular wireless network, Bluetooth technology, etc.
  • the described mobile device management system (MDMS) 121 empowers enterprises to securely monitor, manage, and support a plurality of devices via wireless deployment of data configurations, applications, settings, permissions, and policies.
  • Enterprises may deploy an MDMS 121 on a plurality of devices, such as mobile phones, smart tablets, laptops, etc., to ensure secure wireless access and distribution of corporate content.
  • enterprises utilize the MDMS 121 for managing third-party content accessibility on enterprise user devices. While these restrictions on enterprise content would not be objectionable to most users, some may object to applying the same restrictions to personal user devices. Therefore, multiple persona device management as described herein supports the notion of segregating managed, secure mobile access to enterprise content to an enterprise persona while personal matter immunity is maintained on personal personas.
  • the shown MDMS 121 comprises a mobile device management (MDM) database 139 and a MDM central module 122 .
  • the MDM database 139 generally contains attributes typically monitored, modified, and manipulated by an administrator, as well as information necessary for the use of the multiple persona functionality.
  • the MDM central module 122 comprises a management module 127 , content server 130 , secure email gateway 133 , and application catalog serving as separate entity portals for pushing and deploying configured attributes to end user devices.
  • the individual modules within the MDM central module 122 are communicatively coupled with the MDM database 139 and the user device 103 , thereby ensuring proper attributes defined by an administrator are effectively enforced on applicable personas.
  • the MDM database 139 and the MDM central module 122 generally represent the enterprise controlled server-side of the of the multiple persona device management application.
  • the management module 127 (also called the admin console) recognizes a plurality of individually assigned personas associated with a plurality of user devices. An administrator can aptly engage the management module 127 , select a persona on a user device or group of personas on different user devices, and define rules and characterizations for the selected user devices. Accordingly, the management module 127 determines which policy is applicable to particular personas and subsequently distributes said policy to the appropriate personas on a given user device. In some embodiments, the management module 127 recognizes and addresses different operating systems embodied on user devices, thereby defining proper enforcement of rules and access to non-native data. (Details regarding the various processes carried out by the management console will be described in greater detail in connection with FIG. 3 .)
  • a content server 130 of the MDM central module 122 serves as an access portal for various enterprise related subject matter parsed in separate partitions for access and distribution by identified personas.
  • the content server 130 integrates and interacts with the management module 127 , which supports persona access, policies, and rules regarding authorization to corporate (or other managed) content.
  • the content server 130 generally, but may not necessarily, comprises one or more local servers, cloud servers, and/or offsite servers.
  • persona 2 118 engages with enterprise subject matter on the user device 103 in the enterprise environment when operated by the end user 109 A.
  • persona 1 115 exhibiting an unmanaged personal persona, may be precluded from accessing to corporate content and subsequently denied rights to the content server 130 .
  • the MDMS 121 has no access to or control over persona 1 115 .
  • the presently-described embodiment includes a secure email gateway 133 that enables secure email access and distribution through the data network 150 within a corporate email exchange.
  • the secure email gateway 133 behaves as a proxy server linking the enterprise email server and the data network.
  • the coupled management module 127 has the ability to push enterprise policies set by an administrator to the secure email gateway 133 to enforce said enterprise policies.
  • the MDM central module 122 comprise an application catalog 136 that is also integrated with the management module 127 .
  • the application catalog 136 supports access to applications both enterprise specific applications and public applications.
  • the enterprise persona 2 118 through the encapsulated rules and policies as set forth by an administrator sends requests to access and download applications to the application catalog 136 .
  • the application catalog 136 serves as a portal governed by enforced policies to allow approved access to applications for a user's benefit.
  • users 109 utilize a variety of third-party systems, applications, and email platforms via their personal user devices 103 . Often access to third party content is not as secure as most enterprise platforms and presents vulnerabilities concerning a device that can also access enterprise content. As illustrated in FIG. 1 , third-party systems and products 124 grant end-user access to third-party content through the data network 154 . In some embodiments, the public application store 145 permits users to access a plurality of third party applications. In some examples, an enterprise may preclude the enterprise persona, persona 2 118 , from accessing all outside applications. In such a scenario, an end user 109 still retains the ability to install and utilize outside applications on the personal persona (persona 1 115 ).
  • Third-party email servers 148 may provide persona 1 115 access to personal emails. Other third-party content is pulled through the third-party content server 142 . In another embodiment, this content may be accessed by the enterprise persona 2 118 and the personal persona 1 115 depending on the current configuration the administrator has implemented on the user's device.
  • FIG. 1 The discussions above in association with FIG. 1 are merely intended to provide an overview of an embodiment of the present system for multiple persona management on a mobile device utilizing a separation of hardware and/or software. Accordingly, it will be understood that the descriptions in this disclosure are not intended to limit in any way the scope of the present disclosure. Various embodiments regarding hardware and software implementations of the present device will be described next in greater detail.
  • FIG. 2A is a block diagram of a user device 103 comprising a processor 209 and a memory 218 .
  • the user device 103 shown in FIG. 2A is a representative “single component” device, i.e., the device does not include multiple hardware components for each respective persona.
  • An example multiple-persona hardware device is shown in FIG. 2B .
  • memory 218 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination.
  • RAM random access memory
  • ROM read-only memory
  • Memory 218 may store executable programs and related data components of various applications and modules for execution by user device 103 .
  • Memory 218 may be coupled to processor 209 for storing configuration data and operational parameters, such as commands that are recognized by processor 209 .
  • Basic functionality of user device 103 may be provided by an operating system 221 contained in memory 218 .
  • One or more programmed software applications may be executed by utilizing the computing resources in user device 103 .
  • Applications stored in memory 218 may be executed by processor 209 (e.g., a central processing unit or digital signal processor) under the auspices of operating system 221 .
  • processor 209 may be configured to execute applications such as web browsing applications, email applications, instant messaging applications, and/or other applications capable of receiving and/or providing data.
  • Data provided as input to and generated as output from the application(s) may be stored in memory 218 and read by processor 209 from memory 218 as needed during the course of application program execution.
  • Input data may be data stored in memory 218 by a secondary application or other source, either internal or external to user device 103 , or possibly anticipated by the application and thus created with the application program at the time it was generated as a software application program.
  • Data may be received via any of a plurality of communication ports 215 of user device 103 .
  • Communication ports 215 may allow user device 103 to communicate with other devices, and may comprise components such as an Ethernet network adapter, a modem, and/or a wireless network connectivity interface.
  • the wireless network connectivity interface may comprise one and/or more of a PCI (Peripheral Component Interconnect) card, USB (Universal Serial Bus) interface, PCMCIA (Personal Computer Memory Card International Association) card, SDIO (Secure Digital Input-Output) card, NewCard, Cardbus, a modem, a wireless radio transceiver, and/or the like.
  • PCI Peripheral Component Interconnect
  • USB Universal Serial Bus
  • PCMCIA Personal Computer Memory Card International Association
  • SDIO Secure Digital Input-Output
  • NewCard NewCard
  • modem a wireless radio transceiver
  • User device 103 may also receive data as user input via an input component 242 , such as a keyboard, a mouse, a pen, a stylus, a sound input device, a touch input device, a capture device, etc.
  • a capture device may be operative to record user(s) and capture spoken words, motions and/or gestures, such as with a camera and/or microphone.
  • the capture device may comprise any speech and/or motion detection device capable of detecting the speech and/or actions of the user(s).
  • Data generated by applications may be stored in memory 218 by the processor 209 during the course of application program execution. Data may be provided to the user during application program execution by means of a display 206 . Consistent with embodiments of this disclosure, display 206 may comprise an integrated display screen and/or an output port coupled to an external display screen.
  • Memory 218 may also comprise a platform library 224 .
  • Platform library 224 may comprise a collection of functionality useful to multiple applications, such as may be provided by an application programming interface (API) to a software development kit (SDK). These utilities may be accessed by applications as necessary so that each application does not have to contain these utilities thus allowing for memory consumption savings and a consistent user interface.
  • API application programming interface
  • SDK software development kit
  • user device 103 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape (not shown).
  • additional data storage devices removable and/or non-removable
  • User device 103 may comprise a desktop computer, a laptop computer, a personal digital assistant, a cellular telephone, a smartphone, a set-top box, a music player, a web pad, a tablet computer system, a game console, a mobile device, and/or any other device with like capability.
  • User device 103 may store in a data store 227 a device profile 230 and a plurality of user preferences 233 .
  • Device profile 230 may comprise an indication of the current position of user device 103 and/or indications of the hardware, software, and security attributes which describe user device 103 .
  • device profile 230 may represent hardware specifications of user device 103 , version and configuration information of various software program and hardware components installed on user device 103 , data transmission protocols enabled on user device 103 , version and usage information of various resources stored on user device 103 , and/or any other attributes associated with the state of user device 103 .
  • the device profile 230 may further comprise data indicating a date of last virus scan of user device 103 , a date of last access by an IT representative, a date of last service by the IT representative, and/or any other data indicating maintenance and usage of user device 103 . Furthermore, the device profile 230 may comprise indications of the past behavior of associated users, such as resources accessed, charges for resource accesses, and the inventory accessed from such resources.
  • User preferences 233 may comprise a listing of factors that may affect the experience of the user. In particular, user preferences 154 may include indications of the user's age, gender, bodily traits, preferred resource types, preferred venue resources, and combinations thereof.
  • FIG. 2B is a block diagram of a user device 103 with multiple personas. As shown, these personas may either be physical (multiple hardware components) or virtual. In some embodiments, the user device 103 is embedded with dual persona device management. According to some embodiments illustrated in FIG. 2 , there are two processors 210 A and 210 B, two wireless modules 213 A and 213 B, two communication ports 220 A and 220 B, two displays 207 A and 207 B, and two memory components 222 A and 222 B. Again, these dual processors can either be physical (e.g., two physical processors) or virtual (e.g., a single processor that is virtually divided via management software).
  • a persona may comprise a “SIM persona” that is managed on a back-end and is portable to other devices.
  • SIM persona may comprise a physical SIM card, it may comprise a virtual SIM card entity, or a virtual entity embedded on a user device 103 .
  • several SIM personas may be implemented on a single device.
  • a SIM card may possess one persona or multiple personas wherein the card is virtually split into separate representative entities containing the attributes and characterizations of the given personas. For the example wherein a SIM card contains one sole persona, an end user may carry multiple SIM cards and exchange them within the user device 103 based on location or time.
  • a user device 103 may have the capability to support more than one SIM card simultaneously, maintaining persona 1 115 on one SIM card and persona 2 118 on another SIM card. In such an embodiment, as information travels through the data network 154 , the information subsequently propagates to the appropriate SIM card inside the user device 103 .
  • an overarching process determines the routing of incoming data to the user device 103 .
  • a persona management module 245 is employed to decide to which persona content should be delivered on the device.
  • the persona management module 245 exercises back-end differentiations between shared and distinct features and/or functionality among personas.
  • an agent resides on the dual persona implemented user device 103 for management of resources in connection with different personas.
  • a hypervisor may serve as a persona management module 245 and embody a centralized means to deliver data to the appropriate persona.
  • the user device 103 hence becomes a host machine on which the hypervisor resides and controls the related functionality in part or completely.
  • the hypervisor creates “guest machines” or virtual machines on the user device 103 enabling the virtual machines to behave as their own separate operating system comprising their own persona.
  • the hypervisor can represent a firmware, software, or hardware implementation wherein the input data and output data is recognized, identified and pushed by the hypervisor to its appropriate destination.
  • persona 1 115 is as shown as personal persona and persona 2 118 is shown as an enterprise persona.
  • the hypervisor recognizes the data as enterprise communication (based on tags or identifiers in the data), and subsequently routes the data to persona 2 118 .
  • policies implemented with multiple persona device management are identified by an administrator and pushed to the hypervisor, allowing the hypervisor to act as the decision-making agent performing actions as the persona management module 245 .
  • a device 103 may contain multiple hardware sets, each set corresponding to one unique persona.
  • the device 103 comprises two components of each hardware portion (e.g., two physical processors 210 A and 210 B, two physical memory sets 222 A and 222 B, two wireless modules 220 A and 220 B, etc.).
  • persona 1 115 transmits its corresponding data through a persona 1 wireless module 213 A, thereby leaving the interpretation and data storage respectively to the persona 1 processor 210 A and the persona 1 memory 222 A.
  • a similar process transpires for persona 2 115 comprising its separate processor 210 B, memory 222 B and wireless module 213 B.
  • a central process encapsulated in the persona management module 245 governs and routes the data and information transmitted to the user device 103 to the appropriate hardware set.
  • Some embodiments comprise a combination of dual components and single components.
  • a user device comprises two processors 210 A and 210 B, two sets of memory 222 A and 222 B, one wireless module 220 , and one communication port.
  • the persona management module 245 integrates the policies and rules set by the administrator through MDMS and precludes access and distribution of data for particular personas. For example, if a policy is set which does not allow third-party email exchange access by persona 2 118 , when a request for access has propagated to the persona management module 245 , the request may be denied and the proper executable steps are initiated.
  • one example embodiment of the device 103 may be constructed such that all hardware sets are entirely independent of each other with no overarching agent software or firmware.
  • the address of the SIM card is coupled with the transmitted data; hence, the persona identified by the address receives the appropriate information.
  • different hardware sets may utilize different operating systems.
  • the personal persona, persona 1 222 A may utilize iOS for its operating system 225 A and the enterprise persona, persona 2 222 B, due to a corporate or enterprise preference, may utilize a version of Android as its operating system 225 B.
  • the persona management module 245 may contain an agent application for communicating and pushing data to the Android operating system 222 B and a separate application programming interface (API) corresponding with the iOS operating system.
  • an independent device profile 231 A and 231 B may be associated with each respective device, and may contain information such as operating system versions, last update of said operating system, serial numbers associated with an operating system, etc.
  • the independent hardware sets may also comprise divergent network carriers integrated on the same user device 203 .
  • FIG. 2B Also illustrated in FIG. 2B is an embodiment comprising dedicated communication ports 220 A and 220 B for each persona.
  • the communication ports could consist of keyboard, mouse, power adapter, Ethernet port, or the like.
  • all components of hardware may be separate, but share a power source or common battery.
  • respective compliance rules 240 A and 240 B serve as the local user device 103 containers for compliance rules which have been pushed and implemented in connection with individual personas.
  • policies and rules incorporated in the enterprise compliance rules 240 B engage with the persona 2 210 B processor, governing incoming data via the persona 2 wireless module 213 B, ensuring the policies and rules set forth by the enterprise maintain consistency and integrity.
  • an embodiment of separated data stores 228 A and 228 B store respective persona characterizations.
  • persona 2 118 may store in its data store 228 B preferences, persona usage details, enterprise branding information, configurations, and assignments of resources accessible to an administrator using MDMS 121 .
  • the stored data within the data store 228 B enables an enterprise to access information to effectively monitor user device operation within the enterprise space.
  • a user device 103 may comprise various combinations of a plurality of components.
  • the user device comprises dual screens that are independently assigned to a persona.
  • the user device 103 may comprise separate controls for each screen or each persona. Each independent set of controls may be embedded and assigned to manipulate actions within their designated persona.
  • Another embodiment comprises a user device housing or form that will fit additional add-on components to expand or further facilitate the persona within the user device.
  • One example comprises a keyboard comprising a toggle button that can engage the desired persona when the button is depressed or moved to a designated position.
  • a user device may comprise a combination of embodiments (e.g., common controls that manipulate dual screens, dual controls dedicated to one screen, etc.).
  • FIG. 3 an example block diagram is shown of a MDMS 121 architecture environment interacting with a data network 154 , third party systems and products 124 , and a user device 103 configured with dual persona device management.
  • a user device 103 involved in a Bring Your Own Device (BYOD) program and coupled with a mobile device management system (MDMS) 121 .
  • BYOD Bring Your Own Device
  • MDMS mobile device management system
  • an enterprise BYOD program is not necessarily the only application with the ability to benefit from multiple persona device management, and the intention of the following example is not intended to necessarily limit or restrict the scope and spirit of the present disclosure in any way.
  • the MDMS 121 enables an administrator to create compliance rules and subsequently distribute those rules to a plurality of user devices to which the rules pertain.
  • the user devices may contain a personal persona, persona 1 115 , and an enterprise persona, persona 2 118 , with (or without) a centralized governing agent, the persona management module 245 .
  • the system illustrated in FIG. 3 promotes a back-end differentiation between shared and distinct functionality amongst a plurality of personas.
  • some embodiments include a resident agent such as the persona management module 245 residing on the multi-persona device 103 .
  • the persona management module 245 manages distinct and shared resources associated with data entering or exiting the user device. For example, as persona 1 115 requests access to the email store 348 within the third-party email gateway 348 , the persona management module 245 acknowledges persona 1 118 as the personal persona and allows access to third-party content such as the third-party email gateway 148 .
  • the management module 127 in the MDMS 121 may push policies to some or all personas, specifying shared resources among personas and setting boundaries regarding the permitted level of communication among the personas. Yet according to another embodiment, the management module 127 may also push personal policies, enterprise policies, and meta-policies between the personas. Generally, meta-policies govern the shared resources, communication, and device-level functionality among the personas.
  • the recently discussed embodiments exemplify different means of creating a native experience for the end user, where data intended for a specific persona is identified either before reaching the user device or upon reaching the user device and transferred to the appropriate persona within the user device.
  • the MDM central module 122 includes the various modules an administrator utilizes to set functionality, configurations, appearances, preferences and various other attributes that are controlled and implemented with a MDMS 121 .
  • the MDM database 139 houses the attributes utilized by the administrator via the MDMS user interface.
  • various modules within the MDM central module 122 engage with the MDM database 139 to retrieve an appropriate attribute(s) selected by the administrator and push said attribute(s) via a data network 154 to the persona management module 245 .
  • the persona management module 245 recognizes the attribute(s) and the persona for which it is intended, thereby pushing that attribute(s) to the appropriate persona.
  • the MDM central module 122 through the management module 127 , pushes appropriate attributes to dedicated SIM cards within a user device embodying multi-persona device management.
  • the server side of the management module 127 enables an administrator to log into the console, select a device or group of devices, compile rules for said device and push the policies and the rules to the user device 103 to control subsequent functionality of those devices.
  • the management module 127 may authenticate data by verifying the credentials of the user device 103 , interpret said data and push commands back to the user device 103 in response to the commands received from the user device.
  • the device side of the management module 127 enables a user device to request enrollment into a mobile device management system, receive compiled rules and policies, take actions in conjunction with receiving data from the management module 127 , and toggle among active personas within the user device 103 .
  • the management module 127 also contains a self-service application that is available for utilization by device users.
  • the self-service application comprises a user interface that is a pared-down version of the administrator management console interface. Users may log into the self-service application and view specific information about the enterprise persona, persona 2 118 , of the device and/or the personal persona, persona 1 115 . In another embodiment, users may only access the enterprise persona, while being unable to view the content of the personal persona.
  • the self-service application comprises a limited set of mobile device management options available to the user.
  • users may acquire the GPS location of the user device 103 , lock the user device 103 , perform an enterprise wipe or wipe the entire user device 103 , send messages to said device, etc.
  • the enterprise wipe may de-partition the user device 103 and leave the personal persona as the only remaining persona.
  • An enterprise wipe is a function wherein all enterprise data, characterizations, enterprise attributes, preferences, and settings are remotely erased from the enterprise persona.
  • an entire device wipe remotely erases all data on both persona 1 115 and persona 2 118 , reverting the device to its original OEM state.
  • the self-service feature offers users the ability to track user content or their user device and minimally manage the user device.
  • another embodiment of the self-service application enables the management module 127 to configure a pre-defined limited set of options relating to multiple virtual hardware sets.
  • the management module 127 transmits commands to the user device 103 to create multiple virtual hardware sets
  • an end-user may log into the self-service section of the management console and access the pre-defined functionalities related to the multiple virtual hardware sets.
  • the self-service component of the management module 127 enables users to access an interface and view specific data concerning their user device 103 and respective personas 115 and 118 .
  • the management module 127 compiles rules and policies via the compliance rule store 330 and pushes those rules and policies to a user device 103 to create a determined number of virtual hardware sets.
  • each hardware set comprises separate displays 207 A and 207 B, separate processors 201 A and 201 B, and separate memories 222 A and 222 B.
  • each memory 222 A and 222 B comprises storage functionality that contains data respective to the persona with which it belongs.
  • each display 207 A and 207 B is the respective user interface that a user 109 would use to access and perform operations pertaining to the respective persona.
  • displays may be interchangeable and a user has the ability to toggle between displays according to the persona the user wishes to engage. For example, a user wishing to perform a function regarding persona 1 115 would toggle to display 1 207 A, access contents in memory 1 222 A through processor 1 210 A and execute some desired actions. After the desired actions are complete, the end-user may keep persona 1 115 active or toggle to another persona.
  • the management module 127 directs configuration policies and compliance rules via the compliance rules store 330 to each of the represented personas.
  • the management module 127 queries virtual machine characteristics and operating systems of each persona, compiles the rules and policies, and pushes the compiled rules and policies to the user devices based on the results of query.
  • the policies and rules are stored in their respective persona rules stores 305 A and 305 B.
  • the persona rules stores 305 A and 305 B manage their respective personas regarding implemented mobile device management policies set to monitor and regulate the user device 103 .
  • a personal persona may not receive any compliance rules, data, or the like if that given persona is not managed or controlled by the MDMS 121 or MDM central module 122 . Additionally, with a lack of compliance rules and policies, persona 1 115 maintains the ability to access third-party data, uninhibited usage, and freedom of functionality as desired by end users enrolled in BYOD programs. In this way, true segregations between personas can occur in a way not previously contemplated. Further, persona 2 118 may store enterprise compliance policies in the persona 2 rule store 305 B, enforcing consistent enterprise persona functionality and maintaining secure access and distribution of enterprise content.
  • some embodiments of the management module 127 send configuration policies and compliance rules to an overarching agent, the persona management module 245 , which configures the virtual machines based on those rules and policies.
  • the persona management module 245 one function of the persona management module 245 is to delegate policies, rules, data access, and persona functionality to the subordinate personas.
  • content assigned to personas is stored either in the personal content repository 333 or in the enterprise content repository 336 and both may be accessed through the content server 130 .
  • personal content on the user device 103 is not accessible by the MDMS 121 .
  • an administrator can distribute documents through the content server 130 coupled to the management module 127 to the content repositories.
  • Rules and policies assigned to personas dictate persona interaction with content repositories, including third-party content repositories.
  • communication is generally sent through the content server 130 ; hence, the content server 130 verifies whether the communication transmitted to a given persona is permissible.
  • the content store 345 included an enterprise Share Point site
  • the enterprise persona may possess policies granting access to the third-party content server 142 and the enterprise content 336 repository.
  • Persona 2 (the enterprise persona), may initially “shake hands” with the content server 142 and the content server may authenticate the credentials of persona 2 118 . Consequently, persona 2 118 may fetch a document from the content store 345 , save said document in memory 2 222 B, and/or in the persona 2 content store 311 B, modify said document, and transfer it to the enterprise content 336 repository.
  • a secure email gateway 133 may be incorporated in the MDM central module 122 and may comprise a proxy server between the enterprise email server (e.g. Microsoft Exchange) and the data network.
  • an enterprise persona may retrieve email from the enterprise email through the secure email gateway 133 .
  • the secure email gateway 133 may be configured to perform compliance checks against entities wishing to access enterprise email.
  • the management module 127 is also integrated with the secure email gateway 133 .
  • An administrator through the management console can push compliance rules to the secure email gateway 133 to change authentication requirements; thereby, storing said compliance rules in the compliance rule check 339 .
  • the secure email gateway can determine whether a user device 103 is “jail broken”.
  • An enterprise persona may retain appropriate compliance rules permitting access to the enterprise email, but the secure email gateway 133 will still restrict access to that persona if the user device 103 is jail broken. Further, an enterprise may allow access to predetermined third-party email gateways 148 , whereby the secure email gateway 133 will assess a persona's compliance rules, allow secure access to a third-party email gateway 148 , and subsequently permit admittance to a third-party email store 348 .
  • the MDM central module 122 include an application catalog 136 for managing the applications of end users 109 .
  • a graphical user interface 342 enables interaction with the application catalog 136 and provides an interface, such as a website or the like, presenting users with a list of authorized applications for chosen personas.
  • an application portal resident on a user device 103 comprises a host of authorized downloadable apps.
  • the application catalog 136 receives compliance rules and policies set by an administrator via the management module 127 .
  • the application catalog 136 may provide access to public application stores 145 such as Google Play or the Apple Store.
  • the application catalog 136 may contain links to public apps recommended for employee productivity.
  • the enterprise persona may have policies permitting retention of all public apps or retention of specifically designated public applications.
  • the application catalog 136 may comprise enterprise applications developed specifically for a company and may preclude access to such enterprise applications by a personal persona 115.
  • the application catalog authenticates a persona's credentials before permitting a download of enterprise apps.
  • a user can pull enterprise content 336 through the content server 130 and modify it using annotation features within a secure content application.
  • the persona app stores 309 A and 309 B comprise applications downloaded from the application store 351 for their respective personas.
  • one example embodiment of the present device may provide a lost device persona.
  • a user device 103 may switch to a lost persona if the device moves outside of a recognized pattern as determined by GPS, or the user device 103 recognizes a period of inactivity, or exhibits some other atypical behavior.
  • the GPS system will actively track and keep a dynamic record of each user's travel routine and, in the event of an identified deviation, automatically toggle to the lost persona.
  • the lost persona may, for example, comprise settings and/or configuration information that may facilitate locating the device. For example, toggling the lost persona may cause one or more location services on the user device 103 to be engaged, such as a GPS coordinate transmission mode or the like.
  • authentication may be required to toggle back to a managed user persona. For example, authentication may occur by inputting biometric metadata, a PIN or password, a programmable swipe gesture, or any similar authentication means.
  • the device may also toggle to the lost device persona if initiated by the user or an administrator via the self-service application of the management module 127 (i.e., the user identifies the device as lost and sends instructions to the device indicating the same).
  • the self-service application of the management module 127 may contain a map add-on or a map software application in which the user and/or the administrator may utilize to find lost user devices.
  • the lost device persona offers additional security for enterprises and users who wish to keep access, devices, and content secure.
  • the user device 103 may contain multiple physical hardware sets within the user device. Each hardware set generally represents a separate and independent persona.
  • the embodiment comprising multiple physical hardware sets within a single user device 103 generally functions in a similar manner as embodiments of the device embedded with virtual machines. Further descriptions regarding functionality of both embodiments will be described in connection with FIGS. 6 , 7 , and 8 .
  • a dual persona device 103 having two screens 118 and 115 is shown.
  • a different display/screen is assigned to each persona and generally comprises the active display while a user interacts with the corresponding persona.
  • the enterprise screen 118 will be illuminated and active while the personal persona 115 will be dim and visibly inactive.
  • a user device 103 may comprise two separate screens 118 , 115 on one user device 103 ; hence, the given screen a user is utilizing dictates the presently active persona.
  • an enterprise persona 118 is active on one screen 409 A, and is presented on one side of user device 103 .
  • a personal persona 115 is presented on the opposing side of the user device 103 .
  • a user depending on which persona he or she wishes to engage, utilizes the side and screen 409 B of the user device 103 embodying the desired persona.
  • the dual displays may optionally comprise dual cameras on the user device 103 and may be used to present an augmented reality experience.
  • one screen may display what the camera on the opposing side views.
  • the screen may show the inside of the user's hand or images of the environment he/she is in, lending the impression there is no user device or the user device 103 is see-through.
  • the camera may incorporate technology that will automatically dim or turn off the backlight of the persona not in use based on identifiable features, such as the palm of a user's hand or recognizing a face in front of the camera. The cameras may recognize the lack of light and dim the screens such as when the user device 103 is in a pocket or handbag.
  • FIG. 4D illustrates another embodiment of the present dual persona device 103 .
  • the embodiment shown includes one display possessing the ability to express one persona at a time or multiple personas simultaneously. As shown, a single display may be divided into halves representing a different persona on either side. In another embodiment, a border of the screen may be an alternative color representing a second screen, which may change and become active when the personas toggle.
  • the device may indicate the active persona by displaying a persona identifier in small font at the top of the screen. In another embodiment, if the inactive persona receives a call, the screen may divide in half as shown in FIG. 4D , indicating a trigger event. The personas may be exchanged by touching or acknowledging the portion of the screen that represents the incoming persona.
  • personas may be identified and/or delineated in a variety of ways.
  • each persona may have a distinct and distinguishable ringtone.
  • Persona display backgrounds may also change when toggling personas.
  • an enterprise persona may display a company logo as a background, while a personal persona may display a personal picture of the user.
  • all of the disclosed embodiments may be incorporated on the user device 103 or some combination of embodiments thereof. Further, the described examples are not intended to limit the spirit or scope of the present disclosure. As will be understood and appreciated by one of ordinary skill in the art, other embodiments may be implemented to distinguish between multiple personas on a single user device 103 .
  • a persona generally relates to a collection of settings implemented in software and/or hardware that can be switched in and/or on a user device 103 based on a trigger event. As shown in FIG. 5 , a plurality of personas interact with a persona management module 245 and various incorporated hardware components, either via the operating system (or excluding the operating system) to communicate and execute commands.
  • the central module (management module) 122 enables personas to be selected, communication rules and policies to be assigned to the personas within the user device 103 , and personas to interact within the limits of the selected rules and policies.
  • the personas are able to interact with each other (e.g. share data, share contacts, etc.). Conversely, in another embodiment, the personas remain segregated with no communication between the two (or multiple). While personas may incorporate individual contact lists, in some embodiments, it may possible for a communal contact list accessible to any persona embedded on the user device 103 .
  • toggling between personas may be executed via physical gestures that are recognized by the assimilated hardware and software in the user device 103 .
  • flipping the user device 103 over creates an identical replica of the user device 103 with a second display on the other side.
  • consecutive flipping of the user device 103 may cycle through embedded personas.
  • An accelerometer or some other user device position detecting mechanism integrated in the hardware may be used to sense the rotation of the user device 103 .
  • the hardware communicating via the operating system to a persona management module 245 expresses that the user has initiated a change in persona and the persona management module will activate another persona.
  • initiating a change in persona may be executed by flipping or rotating the user device 103 a set number of multiple rotations for each toggle.
  • a user with persona 1 501 active may shake the user device 103 a preset number of times. The shakes are recognized by the hardware and the hardware communicates with the persona management module 245 thereby switching the active persona to persona 2 503 (or some other persona).
  • a plurality of gestures or actions may toggle between multiple personas. Toggling of personas may occur by holding down a button one the user device 103 for a set period of time, or depressing said button a number of times.
  • the device may have a specifically designated button that may be used exclusively for the purpose of toggling personas.
  • Another example embodiment utilizes swiping gestures at the top or bottom of the screen on the user device 103 to toggle through personas.
  • persona 1 501 may be geolocation-based, such that persona 1 501 is active when a user device 103 is within a given distance of a designated location.
  • a user device 103 switches virtual or physical SIMs assigned to different personas. Further, when the user is traveling abroad, a user device 103 may switch to a SIM appropriate for the visiting region, thereby receiving cheaper rates based on local service.
  • persona 2 may be active during an established window of time on given days.
  • persona 2 502 an enterprise persona
  • persona 1 501 a personal persona
  • User selection is also an option for selecting a persona, wherein the user device 103 prompts a user 109 to specify which persona is requested, followed by a PIN or password input into the device and processed by the persona management module 245 to access the requested persona.
  • the persona management module 245 may require biometric data such as a fingerprint or a user's voice to toggle personas, or may use an electronic fob or watch (e.g., electronic timepiece) having near field communication (NFC) capability or other similar communication capability to toggle personas.
  • biometric data such as a fingerprint or a user's voice
  • electronic fob or watch e.g., electronic timepiece
  • NFC near field communication
  • the persona management module 245 may utilize signals from a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device, to toggle personas.
  • a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device
  • different fingers may be used to toggle to, or switch between, different personas.
  • a right thumbprint may correspond to a trigger actuation of a work persona
  • a left thumbprint may correspond to and trigger actuation of a personal persona.
  • a work-related electronic fob may correspond to and trigger actuation of a work persona
  • a digital watch may correspond to and trigger actuation of a personal persona, for example upon removal of the work-related fob from proximity of the device, such that the personal persona triggering device remains within the operative proximity.
  • a trigger or triggering event may cause a switch or toggle through represented personas.
  • a trigger forces or prompts a user to choose an active persona (e.g., an incoming phone call designated for an inactive persona wherein a user can choose to ignore or accept the call).
  • a default persona may be set to receive all phone calls. However, a user may also be prompted to select which persona will be used to accept an incoming call.
  • personas may be associated with different phone numbers recognized by the persona management module 245 , which directs incoming calls to the appropriate persona either persona based on the recognized number.
  • an administrator may decide and implement via the MDMS 121 the most secure persona to accept an incoming call.
  • FIG. 6 is a flow chart setting forth the general steps involved in a policy creation and deployment method 600 consistent with embodiments of this disclosure for providing assignment of compliance rules and policies to a user device and/or persona(s) by an administrator.
  • method 600 may be implemented using a MDMS 121 , the management module 127 within a MDM central module 122 , a data network 154 , persona rules stores 305 A and 305 B, and a user device 103 , and various other components and modules as described above. Ways to implement the steps of method 600 will be described in greater detail below.
  • method 600 may begin at block 605 , where an administrator logs into the MDMS 121 console and accesses the compliance rules store 330 through the management module 127 , and queries or selects group of personas to which the given rules or policies will apply.
  • the persona or groups of personas queried may be selected according to different roles and responsibilities or due to enrolling a new employee into the BYOD program etc.
  • an administrator may query personas implemented on virtual machines, hardware sets, or operating systems. After the desired persona(s) are found, method 600 moves to step 607 , at which point the desired persona(s) are selected.
  • the administrator defines the rules to be implemented for the selected personas.
  • rules might include access to secure email gateways 133 , content servers 130 , application catalogs 136 , etc. In other embodiments, default rules will apply.
  • the administrator initiates the process of deploying the rules to the respective personas.
  • rules defined by the administrator are compiled within the management module 127 based on operating systems of given personas.
  • the management module 127 interacts with the MDM database 139 to assemble definitions representing the administrator defined rules and policies. After compiling the rules, the compiled rules and policies are deployed to the selected personas (step 613 ).
  • data is received from the user device at step 615 . This data may include authentication checks, acknowledgement of enrollment, a server ping, etc.
  • the management module 127 may receive data from the user device comprising acknowledgment of deployed rules and policies, a request for further instructions, etc.
  • method 600 moves to the next step 617 and pushes commands back to the user devices and personas based on the received data and/or rules.
  • FIG. 7 is a flow chart setting forth the general steps involved in a persona initiation process 700 from a user device 103 perspective.
  • method 700 follows the steps of process 600 , but from a persona perspective on a user device 103 .
  • method 700 may be implemented using a persona management module 245 , a data network 154 , a mobile device management system 121 , a MDM database 139 , a MDM central module, a compliance rules store 330 embedded in a management module 127 , and other systems described herein. Ways to implement method 700 will be described in greater detail below.
  • method 700 may begin at step 705 , wherein a user requests enrollment into a mobile device management system. The enrollment request generally leaves the user device 103 and the request is sent over the data network 154 and is received and accepted by the management module 127 .
  • the management module 127 deploys the already compiled rules via the data network 154 to the user device 103 . Successively, the compiled rules and policies are received at the user device 103 . Method 700 progresses to the next step 709 , where the compiled rules and policies are implemented on the user device 103 in association with the appropriate persona. In some embodiments, various rules are associated with respective personas.
  • the user device 103 containing multiple embedded personas is able to toggle between personas.
  • the device identifies and acknowledges data based on the compiled rules and policies designated for the individual persona (step 715 ).
  • the persona/device can utilize one or both of two different paths; it can relay necessary data back to the console (step 713 ) or take some action based on the rules and/or data (step 717 ). This data could be an acknowledgement of receipt sent over the data network 154 back to the management module 127 and thereby ending the process.
  • the persona can take a specific action based on the rules or data applied to the persona (step 717 ).
  • FIG. 8 is a flow chart setting forth the general steps involved in a method 800 consistent with embodiments of this disclosure of toggling personas by either user initiation or an event trigger.
  • method 800 may be implemented utilizing a user device 103 , a persona management module 245 , a data network 154 , one or more processors one a device, one or more displays on a device, and other components as described above. Ways to implement the steps of method 800 will be described in greater detail below.
  • method 800 begins at a state in which the user device is in a steady state within a given persona.
  • a user desires to access a persona or an event trigger occurs to access a given persona.
  • an overarching entity such as embedded software, firmware, or a persona management module 245 performs an initial compliance check regarding the forthcoming persona, ensuring the persona is a managed persona.
  • the persona is not a managed persona, and the user device 103 stays in its initial state.
  • the device is in a managed persona and method 800 progresses to step 809 .
  • Step 809 optionally requires user device 103 authentication to proceed to the next stage.
  • authentication can be performed utilizing a plurality of processes such as a fingerprint scan, entering a PIN or password, swiping a specific pattern on the screen, a biometric access functionality, or the device may be configured for an automatic authorization without user input. If the authentication fails, method 800 propagates to step 810 , wherein a deny access or error message is displayed and the user device returns to the start state. If user authentication is successful, method 800 proceeds to step 811 and allows access to the managed and requested persona.
  • the newly activated persona may require actions to be taken based on predetermined rules or receiving a set of data. For example, email communications may need to be sent to the persona at issue from the MDMS 121 . If so, then an indicator or identifier may be associated at the MDM database 139 with the data to be sent to the mobile device persona, and subsequently the data will be sent to the device.
  • the persona waits for a trigger event to change personas. If a trigger event does not occur, the device will return to step 813 and repeat steps 813 - 817 as necessary. If a trigger is received, the device will propagate to step 819 , which is analogous to step 807 .
  • the device checks if the trigger is from a managed persona. If the trigger is from a managed persona, method 800 advances to step 809 . In another embodiment, if the trigger is not from another managed persona, the device will move to step 821 , may cease monitoring the managed persona, and may disable communication, ending method 800 .
  • the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active.
  • a persona encompasses various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to deploy changes to current attributes and configurations either by group definition or on an individual basis.
  • multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
  • the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
  • the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
  • one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
  • Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • the embodiments and functionalities described herein may operate via a multitude of computing systems, including wired and wireless computing systems, mobile computing systems (e.g., mobile telephones, tablet or slate type computers, laptop computers, etc.).
  • the embodiments and functionalities described herein may operate over distributed systems, where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet.
  • User interfaces and information of various types may be displayed via on-board computing device displays or via remote display units associated with one or more computing devices. For example, user interfaces and information of various types may be displayed and interacted with on a wall surface onto which user interfaces and information of various types are projected.
  • Computer readable media may include computer storage media.
  • Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • System memory, removable storage, and non-removable storage are all computer storage media examples (i.e., memory storage.)
  • Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium, which can be used to store.
  • Computer readable media may also include communication media.
  • Communication media may be embodied by computer readable instructions, data structures, program modules, non-transitory media, and/or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media.
  • modulated data signal may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal.
  • communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
  • RF radio frequency
  • a number of applications and data files may be used to perform processes and/or methods as described above.
  • the aforementioned processes are examples, and a processing unit may perform other processes.
  • Other programming modules that may be used in accordance with embodiments of this disclosure may include electronic mail, calendar, and contacts applications, data processing applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
  • program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types.
  • embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like.
  • Embodiments of this disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote memory storage devices.
  • embodiments of this disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors.
  • Embodiments of this disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies.
  • embodiments of the disclosure may be practiced within a general-purpose computer or in any other circuits or systems.
  • Embodiments of this disclosure may, for example, be implemented as a computer process and/or method, a computing system, an apparatus, device, or appliance, and/or as an article of manufacture, such as a computer program product or computer readable media.
  • the computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process.
  • the computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process. Accordingly, the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.).
  • embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system.
  • a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • the computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM).
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • CD-ROM portable compact disc read-only memory
  • the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
  • Embodiments of this disclosure may be practiced via a system-on-a-chip (SOC) where each and/or many of the elements described above may be integrated onto a single integrated circuit.
  • SOC system-on-a-chip
  • Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionalities, all of which may be integrated (or “burned”) onto the chip substrate as a single integrated circuit.
  • the functionality, described herein, with respect to training and/or interacting with any element may operate via application-specific logic integrated with other components of the computing device/system on the single integrated circuit (chip).
  • Embodiments of this disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure.
  • the functions/acts noted in the blocks may occur out of the order as shown in any flowchart.
  • two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
  • Embodiments of the present disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure.
  • the functions/acts noted in the blocks may occur out of the order as shown in any flowchart.
  • two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)
  • Human Computer Interaction (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Apparatuses and devices configured with multiple user personas may be provided. For example, a device may comprise a housing embedding a display, one or more processors, and one or more memory storages. A first processor and/or memory storage may be dedicated to a first unique user persona and a second processor and/or memory storage may be dedicated to a second unique user persona.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • This application claims benefit under 35 U.S.C. §119(e) of U.S. Provisional Patent Application No. 61/878,521, filed Sep. 16, 2013, and entitled “Multiple Persona Mobile Devices and Methods for Managing Same”, which is incorporated herein by reference as if set forth herein in its entirety.
  • This application is related to co-pending U.S. patent application Ser. No. 14/074,110, filed Nov. 7, 2013, and entitled “Multi-Persona Management,” which is incorporated herein by reference as if set forth herein in its entirety.
  • BACKGROUND
  • Many individuals and employers utilize mobile devices, such as personal digital assistants, smart phones, tablets, laptops, etc., to conduct business and personal related endeavors. Today's business obligations routinely require individuals to travel, attend various meetings, and perform tasks that frequently require individuals to be out of offices and away from their computers and other devices. It is becoming increasingly important for working individuals to have a means of connecting to various enterprise resources (e.g., corporate email, Share Point sites, work documents, etc.), regardless of the person's location. Corporations want to maximize productivity while enabling workers to leave the office during business hours and maintain their necessary responsibilities. Accordingly, many companies implement solutions (e.g., providing corporate user devices to their employees, utilizing mobile device management (MDM) applications, and incorporating Bring Your Own Device (BYOD) programs, etc.) that enable employee access to corporate content on mobile user devices. Further, the proliferation of mobile devices in every aspect of life, including home and personal use, is ever present.
  • Companies that allow workers to access corporate networks and resources need to ensure such access is secure and sensitive material is protected from external intrusion. Providing corporate mobile devices with secure access to enterprise servers creates an efficient means of monitoring and regulating security, but this option is typically more costly for the employer with regards to wireless plans and employing sufficient IT personnel to monitor devices and server access attained by user devices. Thus, device management becomes a priority, responsibility, and obligation for the corporation. For example, if a problem occurs with a device, either hardware or software related, it is the duty of the employer to rectify the employee's need, thereby creating additional responsibilities for IT administrators and possibly a need for more IT personnel.
  • BYOD programs allow employees to utilize personal mobile user devices to access enterprise resources. As BYOD programs gain momentum and popularity amongst employers and employees, the concern and desire to ensure enterprise resources and personal content are kept separate grows as well. Generally, an organization's primary concerns relate to worker productivity, specific duties, and availability, while maintaining a secure and manageable user device environment. Employees appreciate the availability and convenience associated with wirelessly accessing enterprise resources and content, but desire assurance that the privacy of their personal content is upheld, even with corporate applications installed on their personal user devices.
  • Further, many households share personal user devices between some or all of the members of a household. Different users within the household may want personalized settings and attributes applied to the device while that particular individual utilizes the personal user device. Generally, with regards to most personal user devices, the active settings, characterizations, and attributes remain active on the personal user device until a user modifies them. Furthermore, there does not exist a mechanism to separate and containerize multiple individual internal compartments to serve as a unique repository, each exclusively assigned to one user. Therefore, in the scenario concerning multiple members of a family utilizing the same device, each time a new user engages the device, said user will be required to change the settings to their preferred configuration. Often, such actions are highly undesirable and time consuming, and leave individual users dissatisfied with the operation or configuration of the shared personal user device.
  • Due to the aforementioned concerns, many users retain multiple devices to maintain a separation of entities. This approach provides a complete separation of personal and enterprise matters, ensuring a company cannot access personal content. The multiple device methodology also presents a clear visual and physical indication of separation. Additionally, many families own multiple identical user devices offering the various members of the household a unique user experience. While this presents a clear separation of entities and promotes individualism, this also proves to be more costly for the family. Other conventional approaches address this problem by utilizing a containerized application on personal user devices, wherein the enterprise or alternate environment is only accessible via user initiation of the application. This approach does not offer the user an autonomous notification of incoming data in the alternate environment, nor does it present an obvious physical and visual distinction of separation.
  • Therefore, there is a long-felt but unresolved need to create and implement a plurality of separate entities or personas on an individual user device to preserve individualized attributes and present a clear distinction between the multiple entities. Likewise, multiple separate entities may be implemented on one individual user device ensuring enterprise data is separately, yet securely managed and preserving user's personal privacy.
  • SUMMARY
  • This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter. Neither is this Summary intended to be used to limit the claimed subject matter's scope.
  • Apparatuses and devices configured with multiple user personas may be provided. For example, a device may comprise a housing embedding a display, one or more processors, and one or more memory storages. A first processor and/or memory storage may be dedicated to a first unique user persona and a second processor and/or memory storage may be dedicated to a second unique user persona.
  • Briefly described, and according to some embodiments, the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active. As referred to herein, a “persona” generally relates to various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to end user devices to deploy changes to current attributes and/or configurations either by group definition or on an individual basis.
  • According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • It is to be understood that both the foregoing general description and the following detailed description are examples and explanatory only, and should not be considered to restrict the disclosure's scope, as described and claimed. Further, features and/or variations may be provided in addition to those set forth herein. For example, embodiments of the disclosure may be directed to various feature combinations and sub-combinations described in the detailed description.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Many aspects of the present disclosure can be better understood with reference to the following diagrams. The drawings are not necessarily to scale. Instead, emphasis is placed upon clearly illustrating certain features of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views. In the drawings:
  • FIG. 1 is a block diagram illustrating an embodiment of an example environment consisting of multiple personas individually represented, yet simultaneously engaged via a network to a common and unique system.
  • FIG. 2A is an example block diagram of a user device according to one embodiment.
  • FIG. 2B illustrates an embodiment of a single device comprising multiple personas, managed by a persona management module.
  • FIG. 3 is an example block diagram illustrating one embodiment entailing a unitary system comprising multiple personas supervised by a persona management module contemporaneously interacting with a mobile device management system and third party content via a communicatively coupled network.
  • FIG. 4A illustrates an example embodiment of a single user device with a screen attached to either side comprising a dual screen user device.
  • FIG. 4B illustrates an embodiment representing one screen of a dual screen device.
  • FIG. 4C is an illustration of another embodiment of another screen encompassed in a dual screen device.
  • FIG. 4D shows an example embodiment exhibiting multiple personas on a single screen of a user device.
  • FIG. 5 is a flow chart illustrating an example method of multiple personas interfacing with a singular operating system, a persona management module, hardware and the relationship therein.
  • FIG. 6 is a flow chart illustrating an example method for employing persona characteristics and settings on a user device via a management console.
  • FIG. 7 is a flow chart illustrating a method of a user device comprising multiple personas receiving and implementing rules from a management console.
  • FIG. 8 is a flow chart illustrating a method for managing data in connection with toggling personas on a user device in a multiple person environment according to one embodiment of the present disclosure.
  • DETAILED DESCRIPTION
  • The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar elements. While example embodiments of the disclosure may be described, modifications, adaptations, and other implementations are possible. For example, substitutions, additions, or modifications may be made to the elements illustrated in the drawings, and the methods described herein may be modified by substituting, reordering, or adding stages to the disclosed methods. Accordingly, the following detailed description does not limit the disclosure. Instead, the proper scope of the disclosure is defined by the appended claims.
  • Overview
  • The technical effects of some example embodiments of this disclosure may include establishing control of access to networks and resources when access lists may not be predefined, and reducing and/or eliminating the burden of predefining access lists to control access to networks and resources. Moreover, the technical effects of some example embodiments may include enhancing network access control by assigning specific access rights based on access lists to client devices authorized to access associated network beacons and resources.
  • Other technical effects of some example embodiments of this disclosure may include offering group management solutions to managing content access and distribution. For example, users of a sales group may have read access to marketing documents and presentations, while users in a marketing group may be able to edit and/or annotate the market documents. Similarly, users in an accounting or business services group may be the only ones with access to enterprise financial documents. These access controls may be provided by distributing authorization credentials to devices associated with users of the respective group. Each user may then authenticate to their device, such as by inputting a username, password, authentication key, and/or biometric data, before the device may access and/or retrieve the content authorized for distribution to that device. These authentication types are provided as examples only and are not intended to be limiting as many other types of user authentication are in use and/or may be contemplated in the future.
  • According to one example embodiment, aspects of the present disclosure relate to mobile device hardware and/or software or functionality for managing multiple personas on a given mobile device. Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device. Thus, enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device. As referred to herein, a “persona” generally comprises various settings, policies, rules, configurations and/or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously. Furthermore, some embodiments enable remote access to the personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
  • According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • Content access may be further limited by policies that enforce other compliance restrictions based on properties of the device such as time, location, device security and/or integrity, presence of another device, software versions, required software, etc. For example, educational settings may designate student and instructor groups. These groups may be further assigned to specific classes such that only student group members associated with a given class may access content associated with that class. Further, edit access to the content for the class may be restricted to the user(s) in the instructor group and/or student group members may be permitted to add content that only the instructor may view (e.g., homework assignments). In some embodiments, the instructor group user(s) may be able to push content to student group user(s) and/or activate temporary control of the students' devices to prevent the devices from accessing non-class related content during class time.
  • To reduce the cost of ownership of user devices and cellular and/or data service charges associated with use of such user devices, an enterprise such as an educational institution and/or a business may implement a “bring your own device” (BYOD) policy to allow an employee to use his/her personal device to access enterprise resources rather than provide the user with an enterprise owned user device for such purpose. To support such a BYOD policy, a user device administrator (i.e. IT administrator) may manage a group of personally owned user devices, via a management application executed by a management server in communication with the user devices over a network, to provide the user devices with secure access to enterprise resources.
  • The user device administrator may enroll user devices into the management system to monitor the user devices for security vulnerabilities and to configure the user devices for secure access to enterprise resources. The user device administrator may create and/or configure at least one configuration profile via a user interface provided by the management system. A configuration profile may comprise a set of instructions and/or settings that configure the operations and/or functions of a user device, which may ensure the security of the accessed resources. The user device administrator may, for instance, configure an enterprise email configuration profile by specifying the network address and access credentials of an enterprise email account that the users of the user devices are authorized to access. Other configuration policies may include, but are not limited to, hardware, software, application, function, cellular, text message, and data use restrictions, which may be based at least in part on the current time and/or location of the restricted user device. The user device administrator may thereafter deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles.
  • The user devices may also have access to personal configuration profiles that may be created by the users of the user devices. The user devices may, for instance, have access to a personal email configuration profile that was created by a user of the user device to provide access to her personal email account. Thus, a user device enrolled in a BYOD management system may have more than one configuration profile for a given use of the user device, such as a personal email configuration profile and an enterprise email configuration profile that are both used for accessing email accounts on the user device.
  • The user devices may be instructed to enable and/or disable certain configuration profiles according to authorization rights specified by the user device administrator, such as location and/or time-based authorization rights. For example, a BYOD policy may specify that user devices enrolled in the BYOD management system are authorized for personal use outside of the workday and are authorized for business use during the workday. Similarly, a BYOD device may be restricted to enterprise uses while in work locations and/or prohibited from accessing enterprise resources while outside of secure work locations. To implement such a policy, a user device administrator may instruct the user devices to toggle between personal configuration policies and enterprise configuration policies based on factors such as the current time and/or location associated with the user device.
  • The current time may be based on the current time at the current location of the user device, which may be determined by GPS, Wi-Fi, Cellular Triangulation, etc., or may be based on the current time at a configured primary location associated with the user device, which may be the primary office location of an employee user of the user device. As an example, time-based configuration profile toggling may be provided by instructing a user device to enable business configuration profiles and disable personal configuration profiles while the current time is between 9 AM and 5 PM at the current location of the user device, and to disable business configuration profiles and enable personal configuration profiles while the current time is between 5 PM and 9 AM at the current location of the user device.
  • According to one example embodiment, aspects of the present disclosure relate to mobile device hardware and/or associated software or functionality for managing multiple personas on a given mobile device. Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device, thus enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device. As referred to herein, a “persona” generally comprises various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously. Furthermore, some embodiments enable remote access to a personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
  • According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • Multiple persona device management generally relates to the implementation and management of a plurality of personas on a singular user device to segregate and quarantine a set of attributes relating to a singular persona from other personas accessible on the same user device. A persona may comprise a collection or group of data sets, configurations (assignment of resources, policies, rules, etc.), appearances, particular functionality, branding, billing parameters, physical components, and/or preferences with which a user device or a portion of a user device is associated. There exists a plurality of embodiments regarding multiple persona device management implementations, which may be executed on an individual user device, offering different mechanisms for a user possessing the desire to access divergent sets of attributes while maintaining a separation of said attributes. An example embodiment of multiple persona device management involves the ability, at an end user's discretion, to toggle between the various personas. Furthermore, the device may autonomously toggle between personas or present the option to toggle between personas based on predetermined triggering events embedded within the multiple persona device management technology.
  • One example of implemented multiple persona device management comprises a family owning a single tablet device consisting of exclusive personas representing each family member. Thereby, each family member retains a unique set of applications, settings, and customizations associated with his or her respective persona. Another example entails a user device enrolled in a BYOD program in a work setting in which a mobile device management system merges multiple personas. The user device can separate an enterprise persona for receiving, accessing, and distributing corporate content and a personal persona for maintaining interaction with personal matters as shown in FIG. 1.
  • Example Embodiments
  • Generally, multiple persona management on a mobile device, according to aspects of the present disclosure, can be divided into at least two broad categories: (1) physical persona separation via either multiple physical components within a single mobile device, and/or (2) virtual persona separation via virtual division of components, data segregation, or the like. As described in greater detail below, physical separation may include a device with multiple screens, multiple processors, multiple memories, etc. Generally, the virtual separation embodiments provide a virtual separation of components (e.g., virtual processors), or a data separation coupled with some visual or audible separation designation, or the like. These aspects and others will be described in greater detail below.
  • FIG. 1 illustrates an example environment 100 comprising a single user device employing multiple personas (this example exhibits dual personas, but as will be understood and appreciated by one skilled in the art, one may elect to employ any number of personas on a single user device), an end user, and two separate hypothetical end user environments. Throughout this disclosure, an example of “two persona” or “dual persona” device management will be used for example purposes in connection with the presented Figures, but as will be understood by one of ordinary skill in the art, the example of dual persona device management is presented for example purposes only and any number of personas may be implemented on a user device 103. As shown, enterprise end user 109A is capable of accessing and conducting enterprise matters, such as reading and creating corporate email, viewing and editing documents, accessing content via Share Point, and matters of the like, on a persona 2 118 segment of the individual user device 103. Persona 2 118 exemplifies the corporate partition of a dual persona device 103 with multiple persona device management applied to the user device 103. This may be the primary active persona during working hours or while a GPS recognizes the end user's location to be in a corporate building or office. In some embodiments, although the enterprise workspace is the primary active persona, a personal persona 1 115 is still active on the back-end of the multiple persona device management system (or on the device 103 itself) and is simultaneously receiving and transmitting data intended for persona 1 115.
  • Alternatively, as seen in FIG. 1, the illustrated embodiment represents the same user 109B utilizing the same user device 103 in a personal environment (e.g., at home, in a restaurant, or other location away from the office). Generally, a persona 1 115 relates to the personal end user environment of the user 109B in which all personal data (e.g., phone calls, text messages, non-enterprise email, personal applications, personal web browsing data, etc.) is distinctly routed and stored. The independent persona 1 115 allows an end user 109B to maintain user device functionality in accordance with personal settings, characteristics and attributes separately from enterprise-related data and functionality.
  • In one embodiment shown in FIG. 1, a data network 154 enables operative connections between persona 2 118, persona 1 115, third-party systems and products 124, and a mobile device management system (MDMS) 121 for routing data amongst the involved entities. A data network 154 may comprise a wireless IEEE 802.b,g,n network, a cellular wireless network, Bluetooth technology, etc. Although the aforementioned represent typical communication systems, it will be understood by one of ordinary skill in the art that other signal carrying data propagation mechanisms could be utilized for communication between the different entities.
  • The described mobile device management system (MDMS) 121 empowers enterprises to securely monitor, manage, and support a plurality of devices via wireless deployment of data configurations, applications, settings, permissions, and policies. Enterprises may deploy an MDMS 121 on a plurality of devices, such as mobile phones, smart tablets, laptops, etc., to ensure secure wireless access and distribution of corporate content. Further, enterprises utilize the MDMS 121 for managing third-party content accessibility on enterprise user devices. While these restrictions on enterprise content would not be objectionable to most users, some may object to applying the same restrictions to personal user devices. Therefore, multiple persona device management as described herein supports the notion of segregating managed, secure mobile access to enterprise content to an enterprise persona while personal matter immunity is maintained on personal personas.
  • Still referring to FIG. 1, the shown MDMS 121 comprises a mobile device management (MDM) database 139 and a MDM central module 122. The MDM database 139 generally contains attributes typically monitored, modified, and manipulated by an administrator, as well as information necessary for the use of the multiple persona functionality. The MDM central module 122 comprises a management module 127, content server 130, secure email gateway 133, and application catalog serving as separate entity portals for pushing and deploying configured attributes to end user devices. The individual modules within the MDM central module 122 are communicatively coupled with the MDM database 139 and the user device 103, thereby ensuring proper attributes defined by an administrator are effectively enforced on applicable personas. Further, the MDM database 139 and the MDM central module 122 generally represent the enterprise controlled server-side of the of the multiple persona device management application.
  • In one example embodiment of the present system, the management module 127 (also called the admin console) recognizes a plurality of individually assigned personas associated with a plurality of user devices. An administrator can aptly engage the management module 127, select a persona on a user device or group of personas on different user devices, and define rules and characterizations for the selected user devices. Accordingly, the management module 127 determines which policy is applicable to particular personas and subsequently distributes said policy to the appropriate personas on a given user device. In some embodiments, the management module 127 recognizes and addresses different operating systems embodied on user devices, thereby defining proper enforcement of rules and access to non-native data. (Details regarding the various processes carried out by the management console will be described in greater detail in connection with FIG. 3.)
  • According to one embodiment illustrated in FIG. 1, a content server 130 of the MDM central module 122 serves as an access portal for various enterprise related subject matter parsed in separate partitions for access and distribution by identified personas. The content server 130 integrates and interacts with the management module 127, which supports persona access, policies, and rules regarding authorization to corporate (or other managed) content. The content server 130 generally, but may not necessarily, comprises one or more local servers, cloud servers, and/or offsite servers. In the embodiment shown, persona 2 118 engages with enterprise subject matter on the user device 103 in the enterprise environment when operated by the end user 109A. Alternatively, persona 1 115, exhibiting an unmanaged personal persona, may be precluded from accessing to corporate content and subsequently denied rights to the content server 130. Further, in some embodiments, the MDMS 121 has no access to or control over persona 1 115.
  • It is well known and understood by those of ordinary skill in the art that many corporate entities utilize enterprise dedicated electronic mail systems whereby traffic is regulated through a managed email portal (e.g., Microsoft Exchange). Accordingly, the presently-described embodiment includes a secure email gateway 133 that enables secure email access and distribution through the data network 150 within a corporate email exchange. In one example embodiment, the secure email gateway 133 behaves as a proxy server linking the enterprise email server and the data network. The coupled management module 127 has the ability to push enterprise policies set by an administrator to the secure email gateway 133 to enforce said enterprise policies.
  • Further, some embodiments of the MDM central module 122 comprise an application catalog 136 that is also integrated with the management module 127. The application catalog 136 supports access to applications both enterprise specific applications and public applications. The enterprise persona 2 118 through the encapsulated rules and policies as set forth by an administrator sends requests to access and download applications to the application catalog 136. To increase mobile productivity, the application catalog 136 serves as a portal governed by enforced policies to allow approved access to applications for a user's benefit.
  • Generally, users 109 utilize a variety of third-party systems, applications, and email platforms via their personal user devices 103. Often access to third party content is not as secure as most enterprise platforms and presents vulnerabilities concerning a device that can also access enterprise content. As illustrated in FIG. 1, third-party systems and products 124 grant end-user access to third-party content through the data network 154. In some embodiments, the public application store 145 permits users to access a plurality of third party applications. In some examples, an enterprise may preclude the enterprise persona, persona 2 118, from accessing all outside applications. In such a scenario, an end user 109 still retains the ability to install and utilize outside applications on the personal persona (persona 1 115). Third-party email servers 148 may provide persona 1 115 access to personal emails. Other third-party content is pulled through the third-party content server 142. In another embodiment, this content may be accessed by the enterprise persona 2 118 and the personal persona 1 115 depending on the current configuration the administrator has implemented on the user's device.
  • The discussions above in association with FIG. 1 are merely intended to provide an overview of an embodiment of the present system for multiple persona management on a mobile device utilizing a separation of hardware and/or software. Accordingly, it will be understood that the descriptions in this disclosure are not intended to limit in any way the scope of the present disclosure. Various embodiments regarding hardware and software implementations of the present device will be described next in greater detail.
  • FIG. 2A is a block diagram of a user device 103 comprising a processor 209 and a memory 218. The user device 103 shown in FIG. 2A is a representative “single component” device, i.e., the device does not include multiple hardware components for each respective persona. An example multiple-persona hardware device is shown in FIG. 2B. Depending on the configuration and type of device, memory 218 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination. Memory 218 may store executable programs and related data components of various applications and modules for execution by user device 103. Memory 218 may be coupled to processor 209 for storing configuration data and operational parameters, such as commands that are recognized by processor 209.
  • Basic functionality of user device 103 may be provided by an operating system 221 contained in memory 218. One or more programmed software applications may be executed by utilizing the computing resources in user device 103. Applications stored in memory 218 may be executed by processor 209 (e.g., a central processing unit or digital signal processor) under the auspices of operating system 221. For example, processor 209 may be configured to execute applications such as web browsing applications, email applications, instant messaging applications, and/or other applications capable of receiving and/or providing data.
  • Data provided as input to and generated as output from the application(s) may be stored in memory 218 and read by processor 209 from memory 218 as needed during the course of application program execution. Input data may be data stored in memory 218 by a secondary application or other source, either internal or external to user device 103, or possibly anticipated by the application and thus created with the application program at the time it was generated as a software application program. Data may be received via any of a plurality of communication ports 215 of user device 103. Communication ports 215 may allow user device 103 to communicate with other devices, and may comprise components such as an Ethernet network adapter, a modem, and/or a wireless network connectivity interface. For example, the wireless network connectivity interface may comprise one and/or more of a PCI (Peripheral Component Interconnect) card, USB (Universal Serial Bus) interface, PCMCIA (Personal Computer Memory Card International Association) card, SDIO (Secure Digital Input-Output) card, NewCard, Cardbus, a modem, a wireless radio transceiver, and/or the like.
  • User device 103 may also receive data as user input via an input component 242, such as a keyboard, a mouse, a pen, a stylus, a sound input device, a touch input device, a capture device, etc. A capture device may be operative to record user(s) and capture spoken words, motions and/or gestures, such as with a camera and/or microphone. The capture device may comprise any speech and/or motion detection device capable of detecting the speech and/or actions of the user(s).
  • Data generated by applications may be stored in memory 218 by the processor 209 during the course of application program execution. Data may be provided to the user during application program execution by means of a display 206. Consistent with embodiments of this disclosure, display 206 may comprise an integrated display screen and/or an output port coupled to an external display screen.
  • Memory 218 may also comprise a platform library 224. Platform library 224 may comprise a collection of functionality useful to multiple applications, such as may be provided by an application programming interface (API) to a software development kit (SDK). These utilities may be accessed by applications as necessary so that each application does not have to contain these utilities thus allowing for memory consumption savings and a consistent user interface.
  • Furthermore, embodiments of this disclosure may be practiced in conjunction with a graphics library, other operating systems, or any other application program and is not limited to any particular application or system. The devices described with respect to the Figures may have additional features or functionality. For example, user device 103 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape (not shown).
  • User device 103 may comprise a desktop computer, a laptop computer, a personal digital assistant, a cellular telephone, a smartphone, a set-top box, a music player, a web pad, a tablet computer system, a game console, a mobile device, and/or any other device with like capability.
  • User device 103 may store in a data store 227 a device profile 230 and a plurality of user preferences 233. Device profile 230 may comprise an indication of the current position of user device 103 and/or indications of the hardware, software, and security attributes which describe user device 103. For instance, device profile 230 may represent hardware specifications of user device 103, version and configuration information of various software program and hardware components installed on user device 103, data transmission protocols enabled on user device 103, version and usage information of various resources stored on user device 103, and/or any other attributes associated with the state of user device 103. The device profile 230 may further comprise data indicating a date of last virus scan of user device 103, a date of last access by an IT representative, a date of last service by the IT representative, and/or any other data indicating maintenance and usage of user device 103. Furthermore, the device profile 230 may comprise indications of the past behavior of associated users, such as resources accessed, charges for resource accesses, and the inventory accessed from such resources. User preferences 233 may comprise a listing of factors that may affect the experience of the user. In particular, user preferences 154 may include indications of the user's age, gender, bodily traits, preferred resource types, preferred venue resources, and combinations thereof.
  • FIG. 2B is a block diagram of a user device 103 with multiple personas. As shown, these personas may either be physical (multiple hardware components) or virtual. In some embodiments, the user device 103 is embedded with dual persona device management. According to some embodiments illustrated in FIG. 2, there are two processors 210A and 210B, two wireless modules 213A and 213B, two communication ports 220A and 220B, two displays 207A and 207B, and two memory components 222A and 222B. Again, these dual processors can either be physical (e.g., two physical processors) or virtual (e.g., a single processor that is virtually divided via management software).
  • In some embodiments, a persona may comprise a “SIM persona” that is managed on a back-end and is portable to other devices. A “SIM persona” may comprise a physical SIM card, it may comprise a virtual SIM card entity, or a virtual entity embedded on a user device 103. In another embodiment, several SIM personas may be implemented on a single device. A SIM card may possess one persona or multiple personas wherein the card is virtually split into separate representative entities containing the attributes and characterizations of the given personas. For the example wherein a SIM card contains one sole persona, an end user may carry multiple SIM cards and exchange them within the user device 103 based on location or time. In another embodiment, a user device 103 may have the capability to support more than one SIM card simultaneously, maintaining persona 1 115 on one SIM card and persona 2 118 on another SIM card. In such an embodiment, as information travels through the data network 154, the information subsequently propagates to the appropriate SIM card inside the user device 103.
  • In some embodiments, an overarching process determines the routing of incoming data to the user device 103. According to some embodiments of dual persona device management, a persona management module 245 is employed to decide to which persona content should be delivered on the device. The persona management module 245 exercises back-end differentiations between shared and distinct features and/or functionality among personas. In some embodiments, an agent resides on the dual persona implemented user device 103 for management of resources in connection with different personas. For example, a hypervisor may serve as a persona management module 245 and embody a centralized means to deliver data to the appropriate persona. The user device 103 hence becomes a host machine on which the hypervisor resides and controls the related functionality in part or completely. The hypervisor creates “guest machines” or virtual machines on the user device 103 enabling the virtual machines to behave as their own separate operating system comprising their own persona. The hypervisor can represent a firmware, software, or hardware implementation wherein the input data and output data is recognized, identified and pushed by the hypervisor to its appropriate destination.
  • For example purposes and as illustrated in this disclosure, persona 1 115 is as shown as personal persona and persona 2 118 is shown as an enterprise persona. Thus, as a corporate email transmits to the user device 103, the hypervisor recognizes the data as enterprise communication (based on tags or identifiers in the data), and subsequently routes the data to persona 2 118. In some embodiments, policies implemented with multiple persona device management are identified by an administrator and pushed to the hypervisor, allowing the hypervisor to act as the decision-making agent performing actions as the persona management module 245.
  • According to the embodiment illustrated in FIG. 2B, a device 103 may contain multiple hardware sets, each set corresponding to one unique persona. In the example comprising dual persona device management, the device 103 comprises two components of each hardware portion (e.g., two physical processors 210A and 210B, two physical memory sets 222A and 222B, two wireless modules 220A and 220B, etc.). Generally, persona 1 115 transmits its corresponding data through a persona 1 wireless module 213A, thereby leaving the interpretation and data storage respectively to the persona 1 processor 210A and the persona 1 memory 222A. Likewise, a similar process transpires for persona 2 115 comprising its separate processor 210B, memory 222B and wireless module 213B. In some embodiments, a central process encapsulated in the persona management module 245 governs and routes the data and information transmitted to the user device 103 to the appropriate hardware set. Some embodiments comprise a combination of dual components and single components. For example, in some embodiments, a user device comprises two processors 210A and 210B, two sets of memory 222A and 222B, one wireless module 220, and one communication port.
  • In some embodiments, the persona management module 245 integrates the policies and rules set by the administrator through MDMS and precludes access and distribution of data for particular personas. For example, if a policy is set which does not allow third-party email exchange access by persona 2 118, when a request for access has propagated to the persona management module 245, the request may be denied and the proper executable steps are initiated.
  • Further, as shown in FIG. 2B, one example embodiment of the device 103 may be constructed such that all hardware sets are entirely independent of each other with no overarching agent software or firmware. In this embodiment, there may exist two independent SIM cards, each associated individually with each hardware set therefore containing the appropriate SIM card address for each persona. The address of the SIM card is coupled with the transmitted data; hence, the persona identified by the address receives the appropriate information. According to one example embodiment, different hardware sets may utilize different operating systems. For example, the personal persona, persona 1 222A, may utilize iOS for its operating system 225A and the enterprise persona, persona 2 222B, due to a corporate or enterprise preference, may utilize a version of Android as its operating system 225B. In an application with dual, independent operating systems, the persona management module 245 may contain an agent application for communicating and pushing data to the Android operating system 222B and a separate application programming interface (API) corresponding with the iOS operating system. Associated with the independent operating systems, an independent device profile 231A and 231B may be associated with each respective device, and may contain information such as operating system versions, last update of said operating system, serial numbers associated with an operating system, etc. Further, the independent hardware sets may also comprise divergent network carriers integrated on the same user device 203.
  • Also illustrated in FIG. 2B is an embodiment comprising dedicated communication ports 220A and 220B for each persona. The communication ports could consist of keyboard, mouse, power adapter, Ethernet port, or the like. Alternatively, in some embodiments, all components of hardware may be separate, but share a power source or common battery.
  • In some embodiments of the present disclosure wherein multiple hardware sets are implemented on the user device 103 and as illustrated in FIG. 2B, respective compliance rules 240A and 240B serve as the local user device 103 containers for compliance rules which have been pushed and implemented in connection with individual personas. In some embodiments, policies and rules incorporated in the enterprise compliance rules 240B engage with the persona 2 210B processor, governing incoming data via the persona 2 wireless module 213B, ensuring the policies and rules set forth by the enterprise maintain consistency and integrity. Also, within the quarantined memories of persona 1 222A and persona 2 222B, an embodiment of separated data stores 228A and 228B store respective persona characterizations. For example, persona 2 118 may store in its data store 228B preferences, persona usage details, enterprise branding information, configurations, and assignments of resources accessible to an administrator using MDMS 121. The stored data within the data store 228B enables an enterprise to access information to effectively monitor user device operation within the enterprise space.
  • According to some embodiments, a user device 103 may comprise various combinations of a plurality of components. For example, in some embodiments the user device comprises dual screens that are independently assigned to a persona. In some embodiments of the present disclosure, the user device 103 may comprise separate controls for each screen or each persona. Each independent set of controls may be embedded and assigned to manipulate actions within their designated persona. Another embodiment comprises a user device housing or form that will fit additional add-on components to expand or further facilitate the persona within the user device. One example comprises a keyboard comprising a toggle button that can engage the desired persona when the button is depressed or moved to a designated position. Further, a user device may comprise a combination of embodiments (e.g., common controls that manipulate dual screens, dual controls dedicated to one screen, etc.).
  • Referring now to FIG. 3, an example block diagram is shown of a MDMS 121 architecture environment interacting with a data network 154, third party systems and products 124, and a user device 103 configured with dual persona device management. For discussion purposes, it can be assumed that the illustrations in FIG. 3 relate to a user device 103 involved in a Bring Your Own Device (BYOD) program and coupled with a mobile device management system (MDMS) 121. As will be generally understood and appreciated by one of ordinary skill in the art, an enterprise BYOD program is not necessarily the only application with the ability to benefit from multiple persona device management, and the intention of the following example is not intended to necessarily limit or restrict the scope and spirit of the present disclosure in any way. As previously described, the MDMS 121 enables an administrator to create compliance rules and subsequently distribute those rules to a plurality of user devices to which the rules pertain. Further, the user devices may contain a personal persona, persona 1 115, and an enterprise persona, persona 2 118, with (or without) a centralized governing agent, the persona management module 245.
  • In some embodiments, the system illustrated in FIG. 3 promotes a back-end differentiation between shared and distinct functionality amongst a plurality of personas. In connection with the back-end differentiation, some embodiments include a resident agent such as the persona management module 245 residing on the multi-persona device 103. As previously described, the persona management module 245 manages distinct and shared resources associated with data entering or exiting the user device. For example, as persona 1 115 requests access to the email store 348 within the third-party email gateway 348, the persona management module 245 acknowledges persona 1 118 as the personal persona and allows access to third-party content such as the third-party email gateway 148.
  • In some embodiments, the management module 127 in the MDMS 121 may push policies to some or all personas, specifying shared resources among personas and setting boundaries regarding the permitted level of communication among the personas. Yet according to another embodiment, the management module 127 may also push personal policies, enterprise policies, and meta-policies between the personas. Generally, meta-policies govern the shared resources, communication, and device-level functionality among the personas. The recently discussed embodiments exemplify different means of creating a native experience for the end user, where data intended for a specific persona is identified either before reaching the user device or upon reaching the user device and transferred to the appropriate persona within the user device.
  • In some embodiments illustrated in FIG. 3, the MDM central module 122 includes the various modules an administrator utilizes to set functionality, configurations, appearances, preferences and various other attributes that are controlled and implemented with a MDMS 121. According to an embodiment of the present disclosure, the MDM database 139 houses the attributes utilized by the administrator via the MDMS user interface. In other embodiments, various modules within the MDM central module 122 engage with the MDM database 139 to retrieve an appropriate attribute(s) selected by the administrator and push said attribute(s) via a data network 154 to the persona management module 245. The persona management module 245 recognizes the attribute(s) and the persona for which it is intended, thereby pushing that attribute(s) to the appropriate persona. In another embodiment, the MDM central module 122, through the management module 127, pushes appropriate attributes to dedicated SIM cards within a user device embodying multi-persona device management.
  • Generally, in connection with the functionality of the management module 127, operations may be broken into two different spaces—a server side and a device side. As will be discussed later in the present disclosure in connection with FIG. 6, the server side of the management module 127 enables an administrator to log into the console, select a device or group of devices, compile rules for said device and push the policies and the rules to the user device 103 to control subsequent functionality of those devices. In another embodiment, the management module 127 may authenticate data by verifying the credentials of the user device 103, interpret said data and push commands back to the user device 103 in response to the commands received from the user device. The device side of the management module 127 enables a user device to request enrollment into a mobile device management system, receive compiled rules and policies, take actions in conjunction with receiving data from the management module 127, and toggle among active personas within the user device 103.
  • In some embodiments (not shown), the management module 127 also contains a self-service application that is available for utilization by device users. In some embodiments, the self-service application comprises a user interface that is a pared-down version of the administrator management console interface. Users may log into the self-service application and view specific information about the enterprise persona, persona 2 118, of the device and/or the personal persona, persona 1 115. In another embodiment, users may only access the enterprise persona, while being unable to view the content of the personal persona. In some embodiments, the self-service application comprises a limited set of mobile device management options available to the user. For example, users may acquire the GPS location of the user device 103, lock the user device 103, perform an enterprise wipe or wipe the entire user device 103, send messages to said device, etc. In another embodiment, the enterprise wipe may de-partition the user device 103 and leave the personal persona as the only remaining persona. An enterprise wipe is a function wherein all enterprise data, characterizations, enterprise attributes, preferences, and settings are remotely erased from the enterprise persona. Likewise, an entire device wipe remotely erases all data on both persona 1 115 and persona 2 118, reverting the device to its original OEM state. In the self-service application of the management module 127, a user does not have the ability to assign or change rules and policies with respect to any managed persona. In some embodiments, the self-service feature offers users the ability to track user content or their user device and minimally manage the user device.
  • Further, another embodiment of the self-service application enables the management module 127 to configure a pre-defined limited set of options relating to multiple virtual hardware sets. In the instance where the management module 127 transmits commands to the user device 103 to create multiple virtual hardware sets, an end-user may log into the self-service section of the management console and access the pre-defined functionalities related to the multiple virtual hardware sets. As previously described, the self-service component of the management module 127 enables users to access an interface and view specific data concerning their user device 103 and respective personas 115 and 118.
  • According to one embodiment shown in FIG. 3, the management module 127 compiles rules and policies via the compliance rule store 330 and pushes those rules and policies to a user device 103 to create a determined number of virtual hardware sets. In some embodiments, there are two hardware sets corresponding to two personas. In the example shown in FIG. 3, each hardware set comprises separate displays 207A and 207B, separate processors 201A and 201B, and separate memories 222A and 222B. In some embodiments, each memory 222A and 222B comprises storage functionality that contains data respective to the persona with which it belongs. Generally, each display 207A and 207B is the respective user interface that a user 109 would use to access and perform operations pertaining to the respective persona. In some embodiments, displays may be interchangeable and a user has the ability to toggle between displays according to the persona the user wishes to engage. For example, a user wishing to perform a function regarding persona 1 115 would toggle to display 1 207A, access contents in memory 1 222A through processor 1 210A and execute some desired actions. After the desired actions are complete, the end-user may keep persona 1 115 active or toggle to another persona.
  • Still referring to FIG. 3, in some embodiments, the management module 127 directs configuration policies and compliance rules via the compliance rules store 330 to each of the represented personas. The management module 127 queries virtual machine characteristics and operating systems of each persona, compiles the rules and policies, and pushes the compiled rules and policies to the user devices based on the results of query. The policies and rules are stored in their respective persona rules stores 305A and 305B. The persona rules stores 305A and 305B manage their respective personas regarding implemented mobile device management policies set to monitor and regulate the user device 103. In some embodiments, a personal persona may not receive any compliance rules, data, or the like if that given persona is not managed or controlled by the MDMS 121 or MDM central module 122. Additionally, with a lack of compliance rules and policies, persona 1 115 maintains the ability to access third-party data, uninhibited usage, and freedom of functionality as desired by end users enrolled in BYOD programs. In this way, true segregations between personas can occur in a way not previously contemplated. Further, persona 2 118 may store enterprise compliance policies in the persona 2 rule store 305B, enforcing consistent enterprise persona functionality and maintaining secure access and distribution of enterprise content.
  • Also illustrated in FIG. 3, some embodiments of the management module 127 send configuration policies and compliance rules to an overarching agent, the persona management module 245, which configures the virtual machines based on those rules and policies. As previously discussed, one function of the persona management module 245 is to delegate policies, rules, data access, and persona functionality to the subordinate personas.
  • Still referring to FIG. 3, in some embodiments shown, content assigned to personas is stored either in the personal content repository 333 or in the enterprise content repository 336 and both may be accessed through the content server 130. In an alternate embodiment, personal content on the user device 103 is not accessible by the MDMS 121. According to another embodiment, an administrator can distribute documents through the content server 130 coupled to the management module 127 to the content repositories.
  • Rules and policies assigned to personas dictate persona interaction with content repositories, including third-party content repositories. In some embodiments, communication is generally sent through the content server 130; hence, the content server 130 verifies whether the communication transmitted to a given persona is permissible. For example, if the content store 345 included an enterprise Share Point site, the enterprise persona may possess policies granting access to the third-party content server 142 and the enterprise content 336 repository. Persona 2 (the enterprise persona), may initially “shake hands” with the content server 142 and the content server may authenticate the credentials of persona 2 118. Consequently, persona 2 118 may fetch a document from the content store 345, save said document in memory 2 222B, and/or in the persona 2 content store 311B, modify said document, and transfer it to the enterprise content 336 repository.
  • Still referring to FIG. 3, in some embodiments a secure email gateway 133 may be incorporated in the MDM central module 122 and may comprise a proxy server between the enterprise email server (e.g. Microsoft Exchange) and the data network. According to compliance rules and policies, an enterprise persona may retrieve email from the enterprise email through the secure email gateway 133. The secure email gateway 133 may be configured to perform compliance checks against entities wishing to access enterprise email. The management module 127 is also integrated with the secure email gateway 133. An administrator through the management console can push compliance rules to the secure email gateway 133 to change authentication requirements; thereby, storing said compliance rules in the compliance rule check 339. In another example embodiment, the secure email gateway can determine whether a user device 103 is “jail broken”. An enterprise persona may retain appropriate compliance rules permitting access to the enterprise email, but the secure email gateway 133 will still restrict access to that persona if the user device 103 is jail broken. Further, an enterprise may allow access to predetermined third-party email gateways 148, whereby the secure email gateway 133 will assess a persona's compliance rules, allow secure access to a third-party email gateway 148, and subsequently permit admittance to a third-party email store 348.
  • Many companies enable employees to utilize productivity applications (apps) to facilitate work demands. Some embodiments of the MDM central module 122 include an application catalog 136 for managing the applications of end users 109. In some embodiments, a graphical user interface 342 enables interaction with the application catalog 136 and provides an interface, such as a website or the like, presenting users with a list of authorized applications for chosen personas. In another embodiment, an application portal resident on a user device 103 comprises a host of authorized downloadable apps. In some embodiments, the application catalog 136 receives compliance rules and policies set by an administrator via the management module 127. The application catalog 136 may provide access to public application stores 145 such as Google Play or the Apple Store. In some embodiments, the application catalog 136 may contain links to public apps recommended for employee productivity. Alternatively, the enterprise persona may have policies permitting retention of all public apps or retention of specifically designated public applications.
  • In some embodiments, the application catalog 136 may comprise enterprise applications developed specifically for a company and may preclude access to such enterprise applications by a personal persona 115. In some embodiments, the application catalog authenticates a persona's credentials before permitting a download of enterprise apps. In another embodiment, a user can pull enterprise content 336 through the content server 130 and modify it using annotation features within a secure content application. In some embodiments, the persona app stores 309A and 309B comprise applications downloaded from the application store 351 for their respective personas.
  • Furthermore, one example embodiment of the present device may provide a lost device persona. A user device 103 may switch to a lost persona if the device moves outside of a recognized pattern as determined by GPS, or the user device 103 recognizes a period of inactivity, or exhibits some other atypical behavior. In some embodiments, the GPS system will actively track and keep a dynamic record of each user's travel routine and, in the event of an identified deviation, automatically toggle to the lost persona. The lost persona may, for example, comprise settings and/or configuration information that may facilitate locating the device. For example, toggling the lost persona may cause one or more location services on the user device 103 to be engaged, such as a GPS coordinate transmission mode or the like. In some embodiments, if the user device 103 is in the lost device persona, authentication may be required to toggle back to a managed user persona. For example, authentication may occur by inputting biometric metadata, a PIN or password, a programmable swipe gesture, or any similar authentication means. In another embodiment, the device may also toggle to the lost device persona if initiated by the user or an administrator via the self-service application of the management module 127 (i.e., the user identifies the device as lost and sends instructions to the device indicating the same). The self-service application of the management module 127 may contain a map add-on or a map software application in which the user and/or the administrator may utilize to find lost user devices. The lost device persona offers additional security for enterprises and users who wish to keep access, devices, and content secure.
  • As described previously, in one example embodiment, the user device 103 may contain multiple physical hardware sets within the user device. Each hardware set generally represents a separate and independent persona. The embodiment comprising multiple physical hardware sets within a single user device 103 generally functions in a similar manner as embodiments of the device embedded with virtual machines. Further descriptions regarding functionality of both embodiments will be described in connection with FIGS. 6, 7, and 8.
  • Referring to FIGS. 4A, 4B, and 4C an embodiment of a dual persona device 103 having two screens 118 and 115 is shown. In one embodiment shown, a different display/screen is assigned to each persona and generally comprises the active display while a user interacts with the corresponding persona. For example, when using enterprise persona 118, the enterprise screen 118 will be illuminated and active while the personal persona 115 will be dim and visibly inactive. In some embodiments, a user device 103 may comprise two separate screens 118, 115 on one user device 103; hence, the given screen a user is utilizing dictates the presently active persona. In an example illustrated in FIGS. 4A and 4B, an enterprise persona 118 is active on one screen 409A, and is presented on one side of user device 103. Likewise illustrated in FIGS. 4A and 4C, a personal persona 115 is presented on the opposing side of the user device 103. A user, depending on which persona he or she wishes to engage, utilizes the side and screen 409B of the user device 103 embodying the desired persona.
  • In some embodiments, the dual displays may optionally comprise dual cameras on the user device 103 and may be used to present an augmented reality experience. Using the dual cameras on either side of the device, one screen may display what the camera on the opposing side views. For example, the screen may show the inside of the user's hand or images of the environment he/she is in, lending the impression there is no user device or the user device 103 is see-through. Further, the camera may incorporate technology that will automatically dim or turn off the backlight of the persona not in use based on identifiable features, such as the palm of a user's hand or recognizing a face in front of the camera. The cameras may recognize the lack of light and dim the screens such as when the user device 103 is in a pocket or handbag.
  • FIG. 4D illustrates another embodiment of the present dual persona device 103. The embodiment shown includes one display possessing the ability to express one persona at a time or multiple personas simultaneously. As shown, a single display may be divided into halves representing a different persona on either side. In another embodiment, a border of the screen may be an alternative color representing a second screen, which may change and become active when the personas toggle. The device may indicate the active persona by displaying a persona identifier in small font at the top of the screen. In another embodiment, if the inactive persona receives a call, the screen may divide in half as shown in FIG. 4D, indicating a trigger event. The personas may be exchanged by touching or acknowledging the portion of the screen that represents the incoming persona.
  • In various embodiments, personas may be identified and/or delineated in a variety of ways. For example, according to some embodiments of the present disclosure, each persona may have a distinct and distinguishable ringtone. Persona display backgrounds may also change when toggling personas. For example, an enterprise persona may display a company logo as a background, while a personal persona may display a personal picture of the user. Within multiple persona device management, all of the disclosed embodiments may be incorporated on the user device 103 or some combination of embodiments thereof. Further, the described examples are not intended to limit the spirit or scope of the present disclosure. As will be understood and appreciated by one of ordinary skill in the art, other embodiments may be implemented to distinguish between multiple personas on a single user device 103.
  • As previously described, a persona generally relates to a collection of settings implemented in software and/or hardware that can be switched in and/or on a user device 103 based on a trigger event. As shown in FIG. 5, a plurality of personas interact with a persona management module 245 and various incorporated hardware components, either via the operating system (or excluding the operating system) to communicate and execute commands.
  • The central module (management module) 122 enables personas to be selected, communication rules and policies to be assigned to the personas within the user device 103, and personas to interact within the limits of the selected rules and policies. In some embodiments, the personas are able to interact with each other (e.g. share data, share contacts, etc.). Conversely, in another embodiment, the personas remain segregated with no communication between the two (or multiple). While personas may incorporate individual contact lists, in some embodiments, it may possible for a communal contact list accessible to any persona embedded on the user device 103.
  • In some embodiments, toggling between personas may be executed via physical gestures that are recognized by the assimilated hardware and software in the user device 103. In some embodiments, flipping the user device 103 over creates an identical replica of the user device 103 with a second display on the other side. In another embodiment, consecutive flipping of the user device 103 may cycle through embedded personas. An accelerometer or some other user device position detecting mechanism integrated in the hardware may be used to sense the rotation of the user device 103. The hardware communicating via the operating system to a persona management module 245 expresses that the user has initiated a change in persona and the persona management module will activate another persona. Likewise, initiating a change in persona may be executed by flipping or rotating the user device 103 a set number of multiple rotations for each toggle. In another embodiment, a user with persona 1 501 active may shake the user device 103 a preset number of times. The shakes are recognized by the hardware and the hardware communicates with the persona management module 245 thereby switching the active persona to persona 2 503 (or some other persona).
  • According to various other embodiments, a plurality of gestures or actions may toggle between multiple personas. Toggling of personas may occur by holding down a button one the user device 103 for a set period of time, or depressing said button a number of times. The device may have a specifically designated button that may be used exclusively for the purpose of toggling personas. Another example embodiment utilizes swiping gestures at the top or bottom of the screen on the user device 103 to toggle through personas.
  • As generally understood by one of ordinary skill in the art, many user devices 103 feature embedded GPS components in the device hardware that are used to identify the position of a user device 103 whenever the device is powered on. According to some embodiments, persona 1 501 may be geolocation-based, such that persona 1 501 is active when a user device 103 is within a given distance of a designated location. In one aspect, a user device 103 switches virtual or physical SIMs assigned to different personas. Further, when the user is traveling abroad, a user device 103 may switch to a SIM appropriate for the visiting region, thereby receiving cheaper rates based on local service.
  • In another embodiment, persona 2 may be active during an established window of time on given days. For example, persona 2 502 (an enterprise persona) may be active Monday through Friday during normal business hours and persona 1 501 (a personal persona) maybe the active persona otherwise. User selection is also an option for selecting a persona, wherein the user device 103 prompts a user 109 to specify which persona is requested, followed by a PIN or password input into the device and processed by the persona management module 245 to access the requested persona. In another embodiment, the persona management module 245 may require biometric data such as a fingerprint or a user's voice to toggle personas, or may use an electronic fob or watch (e.g., electronic timepiece) having near field communication (NFC) capability or other similar communication capability to toggle personas.
  • According to another aspect in this regard, the persona management module 245 may utilize signals from a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device, to toggle personas. For example, different fingers may be used to toggle to, or switch between, different personas. A right thumbprint may correspond to a trigger actuation of a work persona, while a left thumbprint may correspond to and trigger actuation of a personal persona. Likewise, a work-related electronic fob may correspond to and trigger actuation of a work persona, and a digital watch may correspond to and trigger actuation of a personal persona, for example upon removal of the work-related fob from proximity of the device, such that the personal persona triggering device remains within the operative proximity.
  • Still referring to FIG. 5 and according to some embodiments, a trigger or triggering event may cause a switch or toggle through represented personas. In some embodiments, a trigger forces or prompts a user to choose an active persona (e.g., an incoming phone call designated for an inactive persona wherein a user can choose to ignore or accept the call). In some embodiments, a default persona may be set to receive all phone calls. However, a user may also be prompted to select which persona will be used to accept an incoming call. In another embodiment, personas may be associated with different phone numbers recognized by the persona management module 245, which directs incoming calls to the appropriate persona either persona based on the recognized number. In yet another embodiment, an administrator may decide and implement via the MDMS 121 the most secure persona to accept an incoming call.
  • FIG. 6 is a flow chart setting forth the general steps involved in a policy creation and deployment method 600 consistent with embodiments of this disclosure for providing assignment of compliance rules and policies to a user device and/or persona(s) by an administrator. As will be understood and appreciated, method 600 may be implemented using a MDMS 121, the management module 127 within a MDM central module 122, a data network 154, persona rules stores 305A and 305B, and a user device 103, and various other components and modules as described above. Ways to implement the steps of method 600 will be described in greater detail below. According to some embodiments, method 600 may begin at block 605, where an administrator logs into the MDMS 121 console and accesses the compliance rules store 330 through the management module 127, and queries or selects group of personas to which the given rules or policies will apply. The persona or groups of personas queried may be selected according to different roles and responsibilities or due to enrolling a new employee into the BYOD program etc. In some embodiments, an administrator may query personas implemented on virtual machines, hardware sets, or operating systems. After the desired persona(s) are found, method 600 moves to step 607, at which point the desired persona(s) are selected.
  • According to some embodiments, at step 609, the administrator defines the rules to be implemented for the selected personas. For example, rules might include access to secure email gateways 133, content servers 130, application catalogs 136, etc. In other embodiments, default rules will apply. Once rules and policies have been designated, the administrator initiates the process of deploying the rules to the respective personas.
  • At step 611 of process 600, rules defined by the administrator are compiled within the management module 127 based on operating systems of given personas. In some embodiments, the management module 127 interacts with the MDM database 139 to assemble definitions representing the administrator defined rules and policies. After compiling the rules, the compiled rules and policies are deployed to the selected personas (step 613). In some embodiments, data is received from the user device at step 615. This data may include authentication checks, acknowledgement of enrollment, a server ping, etc. In certain embodiments, the management module 127 may receive data from the user device comprising acknowledgment of deployed rules and policies, a request for further instructions, etc. In some embodiments, method 600 moves to the next step 617 and pushes commands back to the user devices and personas based on the received data and/or rules.
  • FIG. 7 is a flow chart setting forth the general steps involved in a persona initiation process 700 from a user device 103 perspective. Generally, method 700 follows the steps of process 600, but from a persona perspective on a user device 103. In some embodiments, method 700 may be implemented using a persona management module 245, a data network 154, a mobile device management system 121, a MDM database 139, a MDM central module, a compliance rules store 330 embedded in a management module 127, and other systems described herein. Ways to implement method 700 will be described in greater detail below. In some embodiments, method 700 may begin at step 705, wherein a user requests enrollment into a mobile device management system. The enrollment request generally leaves the user device 103 and the request is sent over the data network 154 and is received and accepted by the management module 127.
  • According to some embodiments, the management module 127 deploys the already compiled rules via the data network 154 to the user device 103. Successively, the compiled rules and policies are received at the user device 103. Method 700 progresses to the next step 709, where the compiled rules and policies are implemented on the user device 103 in association with the appropriate persona. In some embodiments, various rules are associated with respective personas.
  • At step 711, after the given rules and policies have been implemented on each respective persona, the user device 103 containing multiple embedded personas is able to toggle between personas. As data is received at the given device 103 during operation, the device identifies and acknowledges data based on the compiled rules and policies designated for the individual persona (step 715). In some embodiments at step 715, the persona/device can utilize one or both of two different paths; it can relay necessary data back to the console (step 713) or take some action based on the rules and/or data (step 717). This data could be an acknowledgement of receipt sent over the data network 154 back to the management module 127 and thereby ending the process. As described, the persona can take a specific action based on the rules or data applied to the persona (step 717).
  • FIG. 8 is a flow chart setting forth the general steps involved in a method 800 consistent with embodiments of this disclosure of toggling personas by either user initiation or an event trigger. In some embodiments, method 800 may be implemented utilizing a user device 103, a persona management module 245, a data network 154, one or more processors one a device, one or more displays on a device, and other components as described above. Ways to implement the steps of method 800 will be described in greater detail below. According to some embodiments, method 800 begins at a state in which the user device is in a steady state within a given persona. At step 805, a user desires to access a persona or an event trigger occurs to access a given persona. Moving to step 807, an overarching entity such as embedded software, firmware, or a persona management module 245 performs an initial compliance check regarding the forthcoming persona, ensuring the persona is a managed persona. In some embodiments, the persona is not a managed persona, and the user device 103 stays in its initial state. In another embodiment, the device is in a managed persona and method 800 progresses to step 809.
  • Step 809 optionally requires user device 103 authentication to proceed to the next stage. According to various embodiments, authentication can be performed utilizing a plurality of processes such as a fingerprint scan, entering a PIN or password, swiping a specific pattern on the screen, a biometric access functionality, or the device may be configured for an automatic authorization without user input. If the authentication fails, method 800 propagates to step 810, wherein a deny access or error message is displayed and the user device returns to the start state. If user authentication is successful, method 800 proceeds to step 811 and allows access to the managed and requested persona.
  • According to some embodiments at stage 813, the newly activated persona may require actions to be taken based on predetermined rules or receiving a set of data. For example, email communications may need to be sent to the persona at issue from the MDMS 121. If so, then an indicator or identifier may be associated at the MDM database 139 with the data to be sent to the mobile device persona, and subsequently the data will be sent to the device. At step 817, the persona waits for a trigger event to change personas. If a trigger event does not occur, the device will return to step 813 and repeat steps 813-817 as necessary. If a trigger is received, the device will propagate to step 819, which is analogous to step 807.
  • In some embodiments at step 819, the device checks if the trigger is from a managed persona. If the trigger is from a managed persona, method 800 advances to step 809. In another embodiment, if the trigger is not from another managed persona, the device will move to step 821, may cease monitoring the managed persona, and may disable communication, ending method 800.
  • As has been described, and according to some embodiments, the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active. As will be generally understood, a persona encompasses various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to deploy changes to current attributes and configurations either by group definition or on an individual basis.
  • According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
  • It is to be understood that both the foregoing general description and the following detailed description are examples and explanatory only, and should not be considered to restrict the disclosure's scope, as described and claimed. Further, features and/or variations may be provided in addition to those set forth herein. For example, embodiments of the disclosure may be directed to various feature combinations and sub-combinations described in the detailed description.
  • The embodiments and functionalities described herein may operate via a multitude of computing systems, including wired and wireless computing systems, mobile computing systems (e.g., mobile telephones, tablet or slate type computers, laptop computers, etc.). In addition, the embodiments and functionalities described herein may operate over distributed systems, where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet. User interfaces and information of various types may be displayed via on-board computing device displays or via remote display units associated with one or more computing devices. For example, user interfaces and information of various types may be displayed and interacted with on a wall surface onto which user interfaces and information of various types are projected. Interaction with the multitude of computing systems with which embodiments of this disclosure may be practiced include, keystroke entry, touch screen entry, voice or other audio entry, gesture entry where an associated computing device is equipped with detection (e.g., camera) functionality for capturing and interpreting user gestures for controlling the functionality of the computing device, and the like. The Figures above and their associated descriptions provide a discussion of a variety of operating environments in which embodiments of this disclosure may be practiced. However, the devices and systems illustrated and discussed with respect to the Figures are for purposes of example and illustration and are not limiting of a vast number of computing device configurations that may be utilized for practicing embodiments of this disclosure as described herein.
  • The term computer readable media as used herein may include computer storage media. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. System memory, removable storage, and non-removable storage are all computer storage media examples (i.e., memory storage.) Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium, which can be used to store.
  • The term computer readable media as used herein may also include communication media. Communication media may be embodied by computer readable instructions, data structures, program modules, non-transitory media, and/or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term “modulated data signal” may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
  • A number of applications and data files may be used to perform processes and/or methods as described above. The aforementioned processes are examples, and a processing unit may perform other processes. Other programming modules that may be used in accordance with embodiments of this disclosure may include electronic mail, calendar, and contacts applications, data processing applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
  • Generally, consistent with embodiments of this disclosure, program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types. Moreover, embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like. Embodiments of this disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
  • Furthermore, embodiments of this disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. Embodiments of this disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, embodiments of the disclosure may be practiced within a general-purpose computer or in any other circuits or systems.
  • Embodiments of this disclosure may, for example, be implemented as a computer process and/or method, a computing system, an apparatus, device, or appliance, and/or as an article of manufacture, such as a computer program product or computer readable media. The computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process. The computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process. Accordingly, the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). In other words, embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. A computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM). Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
  • Embodiments of this disclosure may be practiced via a system-on-a-chip (SOC) where each and/or many of the elements described above may be integrated onto a single integrated circuit. Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionalities, all of which may be integrated (or “burned”) onto the chip substrate as a single integrated circuit. When operating via an SOC, the functionality, described herein, with respect to training and/or interacting with any element may operate via application-specific logic integrated with other components of the computing device/system on the single integrated circuit (chip).
  • Embodiments of this disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
  • While certain embodiments have been described, other embodiments may exist. Furthermore, although embodiments of the present disclosure have been described as being associated with data stored in memory and other storage mediums, data can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or a CD-ROM, a carrier wave from the Internet, or other forms of RAM or ROM. Further, the disclosed methods' stages may be modified in any manner, including by reordering stages and/or inserting or deleting stages, without departing from the disclosure.
  • Embodiments of the present disclosure, for example, are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
  • While certain embodiments of the disclosure have been described, other embodiments may exist. Furthermore, although embodiments of the present disclosure have been described as being associated with data stored in memory and other storage mediums, data can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or a CD-ROM, a carrier wave from the Internet, or other forms of RAM or ROM. Further, the disclosed methods' stages may be modified in any manner, including by reordering stages and/or inserting or deleting stages, without departing from the disclosure.
  • All rights including copyrights in the code included herein are vested in and the property of the Assignee. The Assignee retains and reserves all rights in the code included herein, and grants permission to reproduce the material only in connection with reproduction of the granted patent and for no other purpose.
  • While the specification includes examples, the disclosure's scope is indicated by the following claims. Furthermore, while the specification has been described in language specific to structural features and/or methodological acts, the claims are not limited to the features or acts described above. Rather, the specific features and acts described above are disclosed as example for embodiments of the disclosure.

Claims (20)

What is claimed is:
1. An apparatus comprising:
a housing;
a display visible on a surface of the housing;
a processor embedded within the housing; and
a plurality of memory storages embedded within the housing coupled to the processor, wherein at least one first memory storage is dedicated to a first unique user persona and at least one second memory storage is dedicated to a second unique user persona.
2. The apparatus of claim 1, wherein the at least one first memory storage comprises a non-volatile memory storage.
3. The apparatus of claim 1, wherein the first memory storage and the second memory storage are each communicably coupled to a wireless carrier network.
4. The apparatus of claim 1, wherein the processor is operative to output a user interface associated with the first unique user persona to the display.
5. The apparatus of claim 4, further comprising a second display.
6. The apparatus of claim 5, wherein the processor is operative to output a second user interface associated with the second unique user persona to the second display.
7. The apparatus of claim 5, wherein the user interface and second user interface are respectively located on opposing sides of the mobile device housing.
8. The apparatus of claim 4, wherein the processor is operative to toggle between output of the user interface associated with the first unique user interface to the display and output of a second user interface associated with the second unique user persona to the display.
9. The apparatus of claim 8, wherein the processor is further operative to output an on-screen identifier associated with a respective unique user persona being accessed via the display.
10. An apparatus comprising:
a wireless communication module;
a display;
a memory storage, wherein the memory storage is segmented into a plurality of virtual partitions each associated with a unique user persona; and
a processor coupled to the memory storage, the processor configured to output a user interface associated with at least one of the plurality of virtual partitions to the display, wherein the user interface is configured to control a plurality of functions associated with the wireless communication module.
11. The apparatus of claim 10, wherein the user interface comprises a partitioned on-screen display, wherein each partition corresponds to a respective unique user persona.
12. The apparatus of claim 10, wherein each of the plurality of virtual partitions of the memory storage is associated with a unique respective operating system.
13. The apparatus of claim 10, wherein each of the plurality of virtual partitions of the memory storage is communicably coupled to a unique respective wireless carrier network.
14. A mobile device comprising:
a mobile device housing;
at least one wireless communication module embedded within the device housing;
a memory storage embedded within the device housing, wherein the memory storage comprises data associated with a plurality of unique user personas; and
a processor embedded within the mobile device housing configured to:
provide a plurality of user interfaces accessible by a user of the mobile device, wherein each of the plurality of user interfaces is associated with a respective one of the plurality of unique user personas,
provide an indication associated with each of the plurality of unique user personas identifying the respective one of the plurality of unique user personas currently being provided, and
toggle between a first user interface associated with a first respective unique user persona and a second user interface associated with a second respective unique user persona in response to a toggle indication.
15. The mobile device of claim 14, wherein the toggle indication comprises an interaction with the first user interface.
16. The mobile device of claim 14, wherein the toggle indication comprises an operation of a physical toggle button retained in a housing of the apparatus.
17. The mobile device of claim 14, wherein the toggle indication comprises an instruction received via the wireless communication module.
18. The mobile device of claim 14, wherein each of the plurality of unique user personas is associated with a subscriber identity module (SIM).
19. The mobile device of claim 18, wherein at least one first subscriber identity module (SIM) comprises a physical SIM and at least one second SIM comprises a virtual SIM.
20. The mobile device of claim 14, further comprising at least one second processor, wherein each respective processor is operatively dedicated to a respective unique user persona of the plurality of unique user personas.
US14/203,836 2013-09-16 2014-03-11 Multi-Persona Devices and Management Abandoned US20140195927A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US14/203,836 US20140195927A1 (en) 2013-09-16 2014-03-11 Multi-Persona Devices and Management
US15/171,411 US20160277387A1 (en) 2013-09-16 2016-06-02 Multi-persona management and devices

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201361878521P 2013-09-16 2013-09-16
US14/203,836 US20140195927A1 (en) 2013-09-16 2014-03-11 Multi-Persona Devices and Management

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/171,411 Continuation US20160277387A1 (en) 2013-09-16 2016-06-02 Multi-persona management and devices

Publications (1)

Publication Number Publication Date
US20140195927A1 true US20140195927A1 (en) 2014-07-10

Family

ID=51061988

Family Applications (4)

Application Number Title Priority Date Filing Date
US14/074,110 Active 2033-12-19 US10129242B2 (en) 2013-09-16 2013-11-07 Multi-persona devices and management
US14/203,836 Abandoned US20140195927A1 (en) 2013-09-16 2014-03-11 Multi-Persona Devices and Management
US15/171,411 Abandoned US20160277387A1 (en) 2013-09-16 2016-06-02 Multi-persona management and devices
US16/158,880 Active US11070543B2 (en) 2013-09-16 2018-10-12 Multi-persona management and devices

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/074,110 Active 2033-12-19 US10129242B2 (en) 2013-09-16 2013-11-07 Multi-persona devices and management

Family Applications After (2)

Application Number Title Priority Date Filing Date
US15/171,411 Abandoned US20160277387A1 (en) 2013-09-16 2016-06-02 Multi-persona management and devices
US16/158,880 Active US11070543B2 (en) 2013-09-16 2018-10-12 Multi-persona management and devices

Country Status (1)

Country Link
US (4) US10129242B2 (en)

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150046839A1 (en) * 2013-08-09 2015-02-12 Canon Kabushiki Kaisha Information processing apparatus, information processing method and computer-readable medium
US20150074834A1 (en) * 2013-09-06 2015-03-12 Getac Technology Corporation Electronic device and protection method thereof
US20150179045A1 (en) * 2013-12-20 2015-06-25 International Business Machines Corporation Mobile device loss prevention
US9354841B2 (en) * 2014-08-13 2016-05-31 Smart Technologies Ulc Wirelessly communicating configuration data for interactive display devices
DE102014018891A1 (en) * 2014-12-17 2016-06-23 Giesecke & Devrient Gmbh Methods and apparatus for managing subscriptions on a security element
CN105847524A (en) * 2015-01-15 2016-08-10 宇龙计算机通信科技(深圳)有限公司 Dual-system-based communication method and terminal
US20160330611A1 (en) * 2014-01-09 2016-11-10 Huawei Technologies Co., Ltd. Methods for sending and receiving user data and terminal devices
US9536072B2 (en) * 2015-04-09 2017-01-03 Qualcomm Incorporated Machine-learning behavioral analysis to detect device theft and unauthorized device usage
EP3073773A3 (en) * 2015-03-23 2017-01-11 STMicroelectronics Srl Methods for performing a remote management of a multi-subscription sim module, and corresponding sim module and computer program product
US9600465B2 (en) 2014-01-10 2017-03-21 Qualcomm Incorporated Methods and apparatuses for quantifying the holistic value of an existing network of devices by measuring the complexity of a generated grammar
US20170177844A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Hidden separation and access to data on a device
WO2017042733A3 (en) * 2015-09-09 2017-07-06 Cell Buddy Network Ltd. Alias communication
US20170278206A1 (en) * 2016-03-24 2017-09-28 Adobe Systems Incorporated Digital Rights Management and Updates
US20170288959A1 (en) * 2016-03-30 2017-10-05 Airwatch Llc Configuring enterprise workspaces
US20170329979A1 (en) * 2016-05-10 2017-11-16 International Business Machines Corporation Protecting enterprise data at each system layer
EP3182682A4 (en) * 2014-11-21 2018-03-07 Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. Processing method and processing device for communication information about terminal and terminal
US9980165B2 (en) * 2016-02-10 2018-05-22 Airwatch Llc Visual privacy systems for enterprise mobility management
US10025548B2 (en) 2016-08-09 2018-07-17 International Business Machines Corporation Automated display configuration
US10037374B2 (en) 2015-01-30 2018-07-31 Qualcomm Incorporated Measuring semantic and syntactic similarity between grammars according to distance metrics for clustered data
US10089476B1 (en) * 2014-06-03 2018-10-02 Amazon Technologies, Inc. Compartments
RU2671249C2 (en) * 2015-11-10 2018-10-30 ДжиТи ГЕТТАКСИ ЛИМИТЕД Graphic user interface for implementation of control elements for geographical transportation
US20190089595A1 (en) * 2017-09-18 2019-03-21 Cyber 2.0 (2015) LTD Automatic security configuration
WO2019089247A1 (en) * 2017-10-31 2019-05-09 Microsoft Technology Licensing, Llc Remote locking a multi-user device to a set of users
US20190158500A1 (en) * 2017-11-21 2019-05-23 Vmware, Inc. Adaptive device enrollment
US10366243B2 (en) * 2016-02-04 2019-07-30 Airwatch, Llc Preventing restricted content from being presented to unauthorized individuals
US10382612B2 (en) * 2016-03-31 2019-08-13 Nec Corporation Business support system, business support method, information processing apparatus, communication device, and control methods and control programs of information processing apparatus and communication device
US20190253455A1 (en) * 2018-02-09 2019-08-15 Vmware, Inc. Policy strength of managed devices
US10516667B1 (en) 2014-06-03 2019-12-24 Amazon Technologies, Inc. Hidden compartments
US10558472B1 (en) * 2015-02-10 2020-02-11 Open Invention Network Llc Security-based message management
US20200050469A1 (en) * 2017-02-21 2020-02-13 Privacy Software Solutions Ltd. A method and system for creating multi mobilephone environments and numbers on a single handset with single sim-card
US20200220945A1 (en) * 2017-09-18 2020-07-09 Privacy Software Solutions Ltd. A method for creating a pre-defined virtual mobilephone profile environment
US10749870B2 (en) 2017-11-21 2020-08-18 Vmware, Inc. Adaptive device enrollment
US10798103B2 (en) 2017-11-21 2020-10-06 VWware, Inc. Adaptive device enrollment
US10873511B2 (en) * 2016-11-22 2020-12-22 Airwatch Llc Management service migration for managed devices
US10924557B2 (en) 2016-11-22 2021-02-16 Airwatch Llc Management service migration using managed devices
US10986078B2 (en) 2017-11-21 2021-04-20 Vmware, Inc. Adaptive device enrollment
US11005852B2 (en) * 2016-10-25 2021-05-11 Michael Ratiner System and method for securing electronic devices
US11012535B2 (en) 2016-11-22 2021-05-18 Airwatch Llc Management service migration using web applications
US11075900B2 (en) 2016-03-30 2021-07-27 Airwatch Llc Associating user accounts with enterprise workspaces
US20210344664A1 (en) * 2020-04-29 2021-11-04 Motorola Mobility Llc Methods, Systems, and Electronic Devices for Selective Locational Preclusion of Access to Content
EP4013087A1 (en) * 2020-12-14 2022-06-15 Sandvine Corporation System and method for 5g mobile network management
US11468488B2 (en) * 2016-07-08 2022-10-11 Ubii Llc Virtual, location-based connection tool for service providers and users
US20240086135A1 (en) * 2015-02-02 2024-03-14 Samsung Electronics Co., Ltd. Multi-display based device

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8713173B2 (en) 2008-12-19 2014-04-29 Openpeak Inc. System and method for ensuring compliance with organizational policies
US9560469B2 (en) * 2013-04-04 2017-01-31 Winston Henderson System and method for adapting an electronic device for different desired persona
CN104090886B (en) * 2013-12-09 2015-09-09 深圳市腾讯计算机系统有限公司 The method that structure user draws a portrait in real time and device
WO2015128684A2 (en) * 2014-02-25 2015-09-03 Pasztor Lénard Zoltan Process and schematic for operating electronic devices by remote control and for collecting, utilising, and transmitting the operating parameters of such devices for the purposes of analysis
DE102015205664A1 (en) * 2015-03-30 2016-10-06 Tobias Rückert System and method for processing electronic messages
US10169553B2 (en) * 2015-06-29 2019-01-01 Airwatch, Llc Managing grouped student devices with timed locks
CN105574436B (en) * 2015-12-23 2019-11-26 Tcl移动通信科技(宁波)有限公司 A kind of personal information protecting method based on mobile terminal, system and mobile terminal
US10628580B2 (en) 2016-01-10 2020-04-21 Apple Inc. Containers shared by multiple users of a device
US9769131B1 (en) * 2016-08-02 2017-09-19 Architecture Technology Corporation Fast reconfiguring environment for mobile computing devices
US20180061222A1 (en) * 2016-08-25 2018-03-01 Lénard Zoltan PASZTOR Process and Schematic for Operating Electronic Devices By Remote Control and for Collecting, Utilising and Transmitting the Operating Parameters of Such Devices for the Purposes of Analysis
US10601877B2 (en) 2017-12-21 2020-03-24 At&T Intellectual Property I, L.P. High-definition voice for fixed mobile convergence on mobile and wireline networks
US20200028879A1 (en) * 2018-07-17 2020-01-23 Microsoft Technology Licensing, Llc Queryless device configuration determination-based techniques for mobile device management
US11184223B2 (en) 2018-07-31 2021-11-23 Microsoft Technology Licensing, Llc Implementation of compliance settings by a mobile device for compliance with a configuration scenario
US11336645B2 (en) * 2018-10-10 2022-05-17 Citrix Systems, Inc. Computing system providing SaaS application access with different capabilities based upon user personas
US11159531B2 (en) * 2019-02-01 2021-10-26 Citrix Systems, Inc. Computer system providing anonymous remote access to shared computing sessions and related methods
US11308201B2 (en) * 2019-02-05 2022-04-19 Sennco Solutions, Inc. MDM-based persistent security monitoring
US11182800B2 (en) 2019-04-08 2021-11-23 Bank Of America Corporation Controlling enterprise software policy compliance assessment processes based on quantum combinations of assessment elements
US11368373B2 (en) * 2020-06-16 2022-06-21 Citrix Systems, Inc. Invoking microapp actions from user applications
US11568408B1 (en) * 2020-08-05 2023-01-31 Anonyome Labs, Inc. Apparatus and method for processing virtual credit cards for digital identities
EP4196868A4 (en) * 2021-01-21 2024-02-21 Samsung Electronics Co., Ltd. Methods and systems for customizing devices in an iot environment using self-adaptive mechanism
US12058138B2 (en) * 2021-08-31 2024-08-06 At&T Intellectual Property I, L.P. Securing corporate assets in the home
US11861048B2 (en) 2022-03-31 2024-01-02 Motorola Solutions, Inc. Operation mode selection and synchronization for converged devices

Citations (69)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778060A (en) * 1996-04-19 1998-07-07 At&T Corp Work at home ACD agent network with cooperative control
US5857021A (en) * 1995-11-07 1999-01-05 Fujitsu Ltd. Security system for protecting information stored in portable storage media
US5889845A (en) * 1995-11-15 1999-03-30 Data Race, Inc. System and method for providing a remote user with a virtual presence to an office
US5974424A (en) * 1997-07-11 1999-10-26 International Business Machines Corporation Parallel file system and method with a metadata node
US20020147801A1 (en) * 2001-01-29 2002-10-10 Gullotta Tony J. System and method for provisioning resources to users based on policies, roles, organizational information, and attributes
US20020156904A1 (en) * 2001-01-29 2002-10-24 Gullotta Tony J. System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations
US20030120717A1 (en) * 2001-12-21 2003-06-26 Callaway Jeri L. Method for managing personal and work-related matters
US20040123150A1 (en) * 2002-12-18 2004-06-24 Michael Wright Protection of data accessible by a mobile device
US20050033722A1 (en) * 2003-08-08 2005-02-10 International Business Machines Corporation Personality switch hard drive shim
US20050108297A1 (en) * 2003-11-17 2005-05-19 Microsoft Corporation Transfer of user profiles using portable storage devices
US20060112416A1 (en) * 2004-11-08 2006-05-25 Ntt Docomo, Inc. Device management apparatus, device, and device management method
US20060236363A1 (en) * 2002-09-23 2006-10-19 Credant Technologies, Inc. Client architecture for portable device with security policies
US20060288229A1 (en) * 2000-07-25 2006-12-21 Activcard Ireland Limited Flexible method of user authentication
US20070089111A1 (en) * 2004-12-17 2007-04-19 Robinson Scott H Virtual environment manager
US20070198834A1 (en) * 2003-11-27 2007-08-23 Rached Ksontini Method For The Authentication Of Applications
US20080032668A1 (en) * 2003-12-23 2008-02-07 Cuihtlauac Alvarado Telecommunication Terminal Comprising Two Execution Spaces
US20080194296A1 (en) * 2007-02-14 2008-08-14 Brian Roundtree System and method for securely managing data stored on mobile devices, such as enterprise mobility data
US20090125632A1 (en) * 2007-11-12 2009-05-14 Purpura Robert J Method and system for controlling client access to a server application
US20100192212A1 (en) * 2009-01-28 2010-07-29 Gregory G. Raleigh Automated device provisioning and activation
US20100235881A1 (en) * 2009-03-11 2010-09-16 Microsoft Corporation Enabling Sharing of Mobile Communication Device
US20100330961A1 (en) * 2009-06-26 2010-12-30 Vmware, Inc. Providing security in virtualized mobile devices
US20120054853A1 (en) * 2010-08-24 2012-03-01 International Business Machines Corporation Systems and methods to control device endpoint behavior using personae and policies
US20120108207A1 (en) * 2010-10-28 2012-05-03 Schell Stephan V Methods and apparatus for delivering electronic identification components over a wireless network
US20120159567A1 (en) * 2010-12-21 2012-06-21 Enterproid Hk Ltd Contextual role awareness
US20120157165A1 (en) * 2010-12-21 2012-06-21 Dongwoo Kim Mobile terminal and method of controlling a mode switching therein
US20120167162A1 (en) * 2009-01-28 2012-06-28 Raleigh Gregory G Security, fraud detection, and fraud mitigation in device-assisted services systems
US20120260086A1 (en) * 2011-04-05 2012-10-11 Haggerty David T Apparatus and methods for distributing and storing electronic access clients
US20130007245A1 (en) * 2011-07-01 2013-01-03 Fiberlink Communications Corporation Rules based actions for mobile device management
US20130103816A1 (en) * 2011-10-24 2013-04-25 Research In Motion Limited Multiplatform management system and method for mobile devices
US20130117742A1 (en) * 2011-08-05 2013-05-09 Vmware, Inc. Sharing work environment information sources with personal environment applications
US20130122864A1 (en) * 2011-05-06 2013-05-16 David T. Haggerty Methods and apparatus for providing management capabilities for access control clients
US20130130653A1 (en) * 2011-11-22 2013-05-23 Vmware, Inc. User interface for controlling use of a business environment on a mobile device
US20130145448A1 (en) * 2011-08-05 2013-06-06 Vmware, Inc. Lock screens to access work environments on a personal mobile device
US20130227636A1 (en) * 2012-02-24 2013-08-29 Appthority, Inc. Off-device anti-malware protection for mobile devices
US20130254831A1 (en) * 2012-03-23 2013-09-26 Lockheed Martin Corporation Method and apparatus for context aware mobile security
US20130290426A1 (en) * 2013-06-06 2013-10-31 Sky Socket, Llc Social Media and Data Sharing Controls
US20130297700A1 (en) * 2012-05-07 2013-11-07 Citrix Systems, Inc. Enterprise managed systems with collaborative application support
US20130298201A1 (en) * 2012-05-05 2013-11-07 Citrix Systems, Inc. Systems and methods for network filtering in vpn
US20130305392A1 (en) * 2012-05-08 2013-11-14 Hagai Bar-El System, device, and method of secure entry and handling of passwords
US20130339517A1 (en) * 2012-06-15 2013-12-19 Symantec Corporation Techniques for providing dynamic account and device management
US20130347094A1 (en) * 2012-06-25 2013-12-26 Appthority, Inc. In-line filtering of insecure or unwanted mobile device software components or communications
US20140007222A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Secure execution of enterprise applications on mobile devices
US20140043136A1 (en) * 2012-08-09 2014-02-13 Herbert Ristock System and method for communication spread across multiple physical layer channels
US20140075518A1 (en) * 2012-09-13 2014-03-13 Alephcloud Systems, Inc. Operator provisioning of a trustworthy workspace to a subscriber
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
US20140096215A1 (en) * 2012-09-28 2014-04-03 Christian J. Hessler Method for mobile security context authentication
US20140101734A1 (en) * 2011-06-10 2014-04-10 Securekey Technologies Inc. Credential authentication methods and systems
US20140108792A1 (en) * 2012-10-12 2014-04-17 Citrix Systems, Inc. Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices
US20140122720A1 (en) * 2012-10-31 2014-05-01 Elwha Llc Methods and systems for managing device data
US20140129714A1 (en) * 2012-11-07 2014-05-08 Dell Products L.P. Application aware network virtualization
US20140173700A1 (en) * 2012-12-16 2014-06-19 Aruba Networks, Inc. System and method for application usage controls through policy enforcement
US20140181801A1 (en) * 2012-12-25 2014-06-26 Kaspersky Lab Zao System and method for deploying preconfigured software
US20140237621A1 (en) * 2011-10-07 2014-08-21 Trustonic Limited Microprocessor system with secured runtime environment
US20140259178A1 (en) * 2013-03-06 2014-09-11 Microsoft Corporation Limiting enterprise applications and settings on devices
US20140259007A1 (en) * 2013-03-06 2014-09-11 Microsoft Corporation Enterprise management for devices
US20140278640A1 (en) * 2013-03-15 2014-09-18 Companyons, Inc. Business workflow management systems and methods
US20140280817A1 (en) * 2013-03-13 2014-09-18 Dell Products L.P. Systems and methods for managing connections in an orchestrated network
US20140279454A1 (en) * 2013-03-15 2014-09-18 Verizon Patent And Licensing Inc. Persona based billing
US20140297825A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Data management for an application with multiple operation modes
US20140298403A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Providing mobile device management functionalities
US20140330945A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Location-based Configuration Policy Toggling
US20140330990A1 (en) * 2013-03-29 2014-11-06 Citrix Systems, Inc. Application with Multiple Operation Modes
US20140331297A1 (en) * 2013-05-03 2014-11-06 Citrix Systems, Inc. Secured access to resources using a proxy
US20140344420A1 (en) * 2013-05-20 2014-11-20 Citrix Systems, Inc. Proximity and context aware mobile workspaces in enterprise systems
US20140344922A1 (en) * 2013-05-17 2014-11-20 Fixmo, Inc. Multi-profile mobile device interface for same user
US20150032867A1 (en) * 2013-07-25 2015-01-29 T-Mobil Usa, Inc. Device Management Service
US9225799B1 (en) * 2013-05-21 2015-12-29 Trend Micro Incorporated Client-side rendering for virtual mobile infrastructure
US9258295B1 (en) * 2012-08-31 2016-02-09 Cisco Technology, Inc. Secure over-the-air provisioning for handheld and desktop devices and services
US9300720B1 (en) * 2013-05-21 2016-03-29 Trend Micro Incorporated Systems and methods for providing user inputs to remote mobile operating systems

Family Cites Families (114)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6618668B1 (en) 2000-04-26 2003-09-09 Arrivalstar, Inc. System and method for obtaining vehicle schedule information in an advance notification system
US6278936B1 (en) 1993-05-18 2001-08-21 Global Research Systems, Inc. System and method for an advance notification system for monitoring and reporting proximity of a vehicle
US6748318B1 (en) 1993-05-18 2004-06-08 Arrivalstar, Inc. Advanced notification systems and methods utilizing a computer network
US6226622B1 (en) 1995-11-27 2001-05-01 Alan James Dabbiere Methods and devices utilizing a GPS tracking system
US6023708A (en) 1997-05-29 2000-02-08 Visto Corporation System and method for using a global translator to synchronize workspace elements across a network
US7287271B1 (en) 1997-04-08 2007-10-23 Visto Corporation System and method for enabling secure access to services in a computer network
US20060195595A1 (en) 2003-12-19 2006-08-31 Mendez Daniel J System and method for globally and securely accessing unified information in a computer network
US6131116A (en) 1996-12-13 2000-10-10 Visto Corporation System and method for globally accessing computer services
US6708221B1 (en) 1996-12-13 2004-03-16 Visto Corporation System and method for globally and securely accessing unified information in a computer network
US6085192A (en) 1997-04-11 2000-07-04 Roampage, Inc. System and method for securely synchronizing multiple copies of a workspace element in a network
US6766454B1 (en) 1997-04-08 2004-07-20 Visto Corporation System and method for using an authentication applet to identify and authenticate a user in a computer network
US6327623B2 (en) * 1997-05-30 2001-12-04 Texas Instruments Incorporated Computer system with environmental detection
US6151606A (en) 1998-01-16 2000-11-21 Visto Corporation System and method for using a workspace data manager to access, manipulate and synchronize network data
US20030110084A1 (en) 1998-03-04 2003-06-12 Martin Forest Eberhard Secure content distribution system
US7792297B1 (en) 1998-03-31 2010-09-07 Piccionelli Greg A System and process for limiting distribution of information on a communication network based on geographic location
US6779118B1 (en) 1998-05-04 2004-08-17 Auriq Systems, Inc. User specific automatic data redirection system
US6233341B1 (en) 1998-05-19 2001-05-15 Visto Corporation System and method for installing and using a temporary certificate at a remote site
US6131096A (en) 1998-10-05 2000-10-10 Visto Corporation System and method for updating a remote database in a network
US7373517B1 (en) 1999-08-19 2008-05-13 Visto Corporation System and method for encrypting and decrypting files
KR100348249B1 (en) 1999-10-08 2002-08-09 엘지전자 주식회사 Data architecture of VCT and method for transmit/receiving service information
US6560772B1 (en) 1999-10-15 2003-05-06 International Business Machines Corporation Method, system, and program for accessing data in different environments
US7363361B2 (en) 2000-08-18 2008-04-22 Akamai Technologies, Inc. Secure content delivery system
WO2001046833A2 (en) 1999-12-23 2001-06-28 Logistics.Com, Inc. Bid positioning system
US7739334B1 (en) 2000-03-17 2010-06-15 Visto Corporation System and method for automatically forwarding email and email events via a computer network to a server computer
EP1287473A2 (en) 2000-05-22 2003-03-05 Manhattan Associates System, method and apparatus for integrated supply chain management
US7225231B2 (en) 2000-09-20 2007-05-29 Visto Corporation System and method for transmitting workspace elements across a network
US7660902B2 (en) 2000-11-20 2010-02-09 Rsa Security, Inc. Dynamic file access control and management
US7702785B2 (en) 2001-01-31 2010-04-20 International Business Machines Corporation Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources
US7603703B2 (en) 2001-04-12 2009-10-13 International Business Machines Corporation Method and system for controlled distribution of application code and content data within a computer network
US7228383B2 (en) 2001-06-01 2007-06-05 Visto Corporation System and method for progressive and hierarchical caching
US7284045B1 (en) 2001-06-01 2007-10-16 Visto Corporation Method and system for determining information to access an electronic mail account
US7444375B2 (en) 2001-06-19 2008-10-28 Visto Corporation Interactive voice and text message system
US7064688B2 (en) 2001-07-09 2006-06-20 Good Technology, Inc. System and method for compressing data on a bandwidth-limited network
US20030009595A1 (en) 2001-07-09 2003-01-09 Roger Collins System and method for compressing data using field-based code word generation
US7539665B2 (en) 2001-10-23 2009-05-26 Visto Corporation System and method for merging remote and local data in a single user interface
JP2005509979A (en) 2001-11-15 2005-04-14 ヴィスト・コーポレーション Asynchronous synchronization system and method
US6741232B1 (en) 2002-01-23 2004-05-25 Good Technology, Inc. User interface for a data processing apparatus
US7092943B2 (en) 2002-03-01 2006-08-15 Enterasys Networks, Inc. Location based data
US8094591B1 (en) 2002-03-19 2012-01-10 Good Technology, Inc. Data carrier detector for a packet-switched communication network
US7788382B1 (en) 2002-03-26 2010-08-31 Good Technology, Inc. Server initiated synchronization
US7447506B1 (en) 2002-03-29 2008-11-04 Good Technology, Inc. Apparatus and method for reducing network congestion
US7310535B1 (en) 2002-03-29 2007-12-18 Good Technology, Inc. Apparatus and method for reducing power consumption in a wireless device
US6726106B1 (en) 2002-04-02 2004-04-27 Good Technology, Inc. Power management and device illumination mechanisms for a personal digital assistant
US7447799B2 (en) 2002-04-24 2008-11-04 Good Technology, Inc. System and method for automatically updating a wireless device
US20030204716A1 (en) 2002-04-24 2003-10-30 Rockwood Troy Dean System and methods for digital content distribution
US6727856B1 (en) 2002-06-06 2004-04-27 Good Technology, Inc. Antenna system for a wireless device
US7032181B1 (en) 2002-06-18 2006-04-18 Good Technology, Inc. Optimized user interface for small screen devices
CA2391717A1 (en) 2002-06-26 2003-12-26 Ibm Canada Limited-Ibm Canada Limitee Transferring data and storing metadata across a network
EP1535159B1 (en) 2002-08-09 2016-03-02 Good Technology Corporation System and method for preventing access to data on a compromised remote device
US7665118B2 (en) 2002-09-23 2010-02-16 Credant Technologies, Inc. Server, computer memory, and method to support security policy maintenance and distribution
US7665125B2 (en) 2002-09-23 2010-02-16 Heard Robert W System and method for distribution of security policies for mobile devices
US20060190984A1 (en) 2002-09-23 2006-08-24 Credant Technologies, Inc. Gatekeeper architecture/features to support security policy maintenance and distribution
US7353533B2 (en) 2002-12-18 2008-04-01 Novell, Inc. Administration of protection of data accessible by a mobile device
ES2409936T3 (en) 2003-01-31 2013-06-28 Good Technology Corporation Asynchronous real-time data recovery
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
US6995749B2 (en) 2003-03-28 2006-02-07 Good Technology, Inc. Auto font magnification mechanism
GB0308991D0 (en) 2003-04-17 2003-05-28 Psion Digital Ltd A data access replication or communication system comprising a distributed software application
US7275073B2 (en) 2003-05-07 2007-09-25 Good Technology, Inc. System and method for notifying mobile devices based on device type and network capabilities
US7890091B2 (en) 2003-05-08 2011-02-15 Good Technology, Inc. Collaborative data and intelligent synchronization for mobile devices
US20040224703A1 (en) 2003-05-09 2004-11-11 Takaki Steven M. Method and system for enhancing venue participation by venue participants
US7840631B2 (en) 2003-05-09 2010-11-23 Good Technology, Inc. Multimedia control with one-click device selection
US7184801B2 (en) 2003-05-12 2007-02-27 Good Technology, Inc. Mobile application builder
US7515717B2 (en) 2003-07-31 2009-04-07 International Business Machines Corporation Security containers for document components
US7735122B1 (en) 2003-08-29 2010-06-08 Novell, Inc. Credential mapping
US20050060532A1 (en) * 2003-09-15 2005-03-17 Motorola, Inc. Method and apparatus for automated persona switching for electronic mobile devices
US7603547B2 (en) 2003-10-10 2009-10-13 Bea Systems, Inc. Security control module
WO2005043802A1 (en) 2003-10-20 2005-05-12 Drm Technologies, Llc Securing digital content system and method
US7039394B2 (en) 2003-11-25 2006-05-02 Good Technology, Inc. Communication system and method for compressing information sent by a communication device to a target portable communication device
CA2560271A1 (en) 2004-03-18 2005-09-29 Francisco Jauffred Transportation management system and method for shipment planning optimization
US7475152B2 (en) 2004-09-20 2009-01-06 International Business Machines Corporation Approach to provide self-protection function to web content at client side
US7620001B2 (en) 2004-10-13 2009-11-17 Good Technology, Inc. Communication system and method with mobile devices
US8001082B1 (en) 2004-10-28 2011-08-16 Good Technology, Inc. System and method of data security in synchronizing data with a wireless device
US7970386B2 (en) 2005-06-03 2011-06-28 Good Technology, Inc. System and method for monitoring and maintaining a wireless device
US7590403B1 (en) 2005-06-07 2009-09-15 Good Technology, Inc. Wireless device dormancy override
US20070136492A1 (en) 2005-12-08 2007-06-14 Good Technology, Inc. Method and system for compressing/decompressing data for communication with wireless devices
US8006289B2 (en) 2005-12-16 2011-08-23 International Business Machines Corporation Method and system for extending authentication methods
US8621549B2 (en) 2005-12-29 2013-12-31 Nextlabs, Inc. Enforcing control policies in an information management system
US7702322B1 (en) 2006-02-27 2010-04-20 Good Technology, Llc Method and system for distributing and updating software in wireless devices
US7620392B1 (en) 2006-02-27 2009-11-17 Good Technology, Inc. Method and system for distributing and updating software in wireless devices
US7917641B2 (en) 2006-03-14 2011-03-29 Tangoe, Inc. Apparatus and method for provisioning wireless data communication devices
US8555403B1 (en) * 2006-03-30 2013-10-08 Emc Corporation Privileged access to managed content
JP2009532785A (en) 2006-03-31 2009-09-10 ヴィスト コーポレーション System and method for searching different data stores via a remote device
US8745227B2 (en) 2006-06-07 2014-06-03 Apple Inc. Distributed secure content delivery
US8046823B1 (en) 2006-10-03 2011-10-25 Stamps.Com Inc. Secure application bridge server
US8538028B2 (en) 2006-11-20 2013-09-17 Toposis Corporation System and method for secure electronic communication services
WO2008103608A2 (en) 2007-02-19 2008-08-28 Ondeego, Inc. Methods and system to create applications and distribute applications to a remote device
US8060074B2 (en) 2007-07-30 2011-11-15 Mobile Iron, Inc. Virtual instance architecture for mobile device management systems
CN101965563A (en) 2007-11-05 2011-02-02 维斯托公司 Service management system & associated methodology of providing service related message prioritization in a mobile client
US9185554B2 (en) 2008-02-15 2015-11-10 Appcentral, Inc. System and methods to store, retrieve, manage, augment and monitor applications on appliances
WO2009129337A1 (en) 2008-04-15 2009-10-22 Problem Resolution Enterprise, Llc Method and process for registering a device to verify transactions
US8910255B2 (en) 2008-05-27 2014-12-09 Microsoft Corporation Authentication for distributed secure content management system
US8763071B2 (en) 2008-07-24 2014-06-24 Zscaler, Inc. Systems and methods for mobile application security classification and enforcement
US8942675B2 (en) 2008-09-05 2015-01-27 Good Technology Corporation System, apparatus and associated methodology for enriching contact of a remote client
US8260320B2 (en) 2008-11-13 2012-09-04 Apple Inc. Location specific content
US8909925B2 (en) 2008-11-17 2014-12-09 Prakash Baskaran System to secure electronic content, enforce usage policies and provide configurable functionalities
US8275415B2 (en) * 2009-02-13 2012-09-25 At&T Intellectual Property I, Lp Systems and methods for multi-device wireless SIM management
US8695058B2 (en) 2009-05-20 2014-04-08 Mobile Iron, Inc. Selective management of mobile device data in an enterprise environment
US20100299152A1 (en) 2009-05-20 2010-11-25 Mobile Iron, Inc. Selective Management of Mobile Devices in an Enterprise Environment
US8898748B2 (en) 2009-05-21 2014-11-25 Mobile Iron, Inc. Remote verification for configuration updates
US20100299362A1 (en) 2009-05-24 2010-11-25 Roger Frederick Osmond Method for controlling access to data containers in a computer system
US8984657B2 (en) 2009-09-08 2015-03-17 Appcentral, Inc. System and method for remote management of applications downloaded to a personal portable wireless appliance
JP5370131B2 (en) 2009-12-22 2013-12-18 セイコーエプソン株式会社 Image display apparatus and control method
US20110202269A1 (en) * 2010-02-15 2011-08-18 Avaya Inc. Mobile gaming, hospitality and communications appliance
EP2537102A4 (en) 2010-02-15 2017-08-23 Unwired Planet International Limited Scripting/proxy systems, methods and circuit arrangements
US9135434B2 (en) 2010-04-19 2015-09-15 Appcentral, Inc. System and method for third party creation of applications for mobile appliances
US9350708B2 (en) 2010-06-01 2016-05-24 Good Technology Corporation System and method for providing secured access to services
US9558476B2 (en) 2010-07-01 2017-01-31 Good Technology Holdings Limited Method and device for editing workspace data objects
US9576068B2 (en) 2010-10-26 2017-02-21 Good Technology Holdings Limited Displaying selected portions of data sets on display devices
US8566923B2 (en) 2011-02-01 2013-10-22 Rockwell Automation Technologies, Inc. Enhanced organization and automatic navigation of display screens facilitating automation control
US20130013727A1 (en) * 2011-07-05 2013-01-10 Robin Edward Walker System and method for providing a mobile persona environment
US8806639B2 (en) * 2011-09-30 2014-08-12 Avaya Inc. Contextual virtual machines for application quarantine and assessment method and system
US8713646B2 (en) 2011-12-09 2014-04-29 Erich Stuntebeck Controlling access to resources on a network
US9361473B2 (en) * 2012-09-14 2016-06-07 Google Inc. Correcting access rights of files in electronic communications
US9166796B2 (en) * 2013-06-24 2015-10-20 Prince Sattam Bin Abdulaziz University Secure biometric cloud storage system

Patent Citations (80)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5857021A (en) * 1995-11-07 1999-01-05 Fujitsu Ltd. Security system for protecting information stored in portable storage media
US5889845A (en) * 1995-11-15 1999-03-30 Data Race, Inc. System and method for providing a remote user with a virtual presence to an office
US5778060A (en) * 1996-04-19 1998-07-07 At&T Corp Work at home ACD agent network with cooperative control
US5974424A (en) * 1997-07-11 1999-10-26 International Business Machines Corporation Parallel file system and method with a metadata node
US20060288229A1 (en) * 2000-07-25 2006-12-21 Activcard Ireland Limited Flexible method of user authentication
US20020147801A1 (en) * 2001-01-29 2002-10-10 Gullotta Tony J. System and method for provisioning resources to users based on policies, roles, organizational information, and attributes
US20020156904A1 (en) * 2001-01-29 2002-10-24 Gullotta Tony J. System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations
US20030120717A1 (en) * 2001-12-21 2003-06-26 Callaway Jeri L. Method for managing personal and work-related matters
US20060236363A1 (en) * 2002-09-23 2006-10-19 Credant Technologies, Inc. Client architecture for portable device with security policies
US20040123150A1 (en) * 2002-12-18 2004-06-24 Michael Wright Protection of data accessible by a mobile device
US20050033722A1 (en) * 2003-08-08 2005-02-10 International Business Machines Corporation Personality switch hard drive shim
US20050108297A1 (en) * 2003-11-17 2005-05-19 Microsoft Corporation Transfer of user profiles using portable storage devices
US20070198834A1 (en) * 2003-11-27 2007-08-23 Rached Ksontini Method For The Authentication Of Applications
US20080032668A1 (en) * 2003-12-23 2008-02-07 Cuihtlauac Alvarado Telecommunication Terminal Comprising Two Execution Spaces
US20060112416A1 (en) * 2004-11-08 2006-05-25 Ntt Docomo, Inc. Device management apparatus, device, and device management method
US20070089111A1 (en) * 2004-12-17 2007-04-19 Robinson Scott H Virtual environment manager
US20080194296A1 (en) * 2007-02-14 2008-08-14 Brian Roundtree System and method for securely managing data stored on mobile devices, such as enterprise mobility data
US20090125632A1 (en) * 2007-11-12 2009-05-14 Purpura Robert J Method and system for controlling client access to a server application
US20100192212A1 (en) * 2009-01-28 2010-07-29 Gregory G. Raleigh Automated device provisioning and activation
US20120167162A1 (en) * 2009-01-28 2012-06-28 Raleigh Gregory G Security, fraud detection, and fraud mitigation in device-assisted services systems
US20100235881A1 (en) * 2009-03-11 2010-09-16 Microsoft Corporation Enabling Sharing of Mobile Communication Device
US20100330961A1 (en) * 2009-06-26 2010-12-30 Vmware, Inc. Providing security in virtualized mobile devices
US20120054853A1 (en) * 2010-08-24 2012-03-01 International Business Machines Corporation Systems and methods to control device endpoint behavior using personae and policies
US20120108207A1 (en) * 2010-10-28 2012-05-03 Schell Stephan V Methods and apparatus for delivering electronic identification components over a wireless network
US20120159567A1 (en) * 2010-12-21 2012-06-21 Enterproid Hk Ltd Contextual role awareness
US20120157165A1 (en) * 2010-12-21 2012-06-21 Dongwoo Kim Mobile terminal and method of controlling a mode switching therein
US20120260086A1 (en) * 2011-04-05 2012-10-11 Haggerty David T Apparatus and methods for distributing and storing electronic access clients
US20130122864A1 (en) * 2011-05-06 2013-05-16 David T. Haggerty Methods and apparatus for providing management capabilities for access control clients
US20140101734A1 (en) * 2011-06-10 2014-04-10 Securekey Technologies Inc. Credential authentication methods and systems
US20130007245A1 (en) * 2011-07-01 2013-01-03 Fiberlink Communications Corporation Rules based actions for mobile device management
US20130117742A1 (en) * 2011-08-05 2013-05-09 Vmware, Inc. Sharing work environment information sources with personal environment applications
US20130145448A1 (en) * 2011-08-05 2013-06-06 Vmware, Inc. Lock screens to access work environments on a personal mobile device
US20140237621A1 (en) * 2011-10-07 2014-08-21 Trustonic Limited Microprocessor system with secured runtime environment
US8869235B2 (en) * 2011-10-11 2014-10-21 Citrix Systems, Inc. Secure mobile browser for protecting enterprise data
US8886925B2 (en) * 2011-10-11 2014-11-11 Citrix Systems, Inc. Protecting enterprise data through policy-based encryption of message attachments
US9137262B2 (en) * 2011-10-11 2015-09-15 Citrix Systems, Inc. Providing secure mobile device access to enterprise resources using application tunnels
US9183380B2 (en) * 2011-10-11 2015-11-10 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US9143530B2 (en) * 2011-10-11 2015-09-22 Citrix Systems, Inc. Secure container for protecting enterprise data on a mobile device
US9143529B2 (en) * 2011-10-11 2015-09-22 Citrix Systems, Inc. Modifying pre-existing mobile applications to implement enterprise security policies
US9378359B2 (en) * 2011-10-11 2016-06-28 Citrix Systems, Inc. Gateway for controlling mobile device access to enterprise resources
US20140007222A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Secure execution of enterprise applications on mobile devices
US9286471B2 (en) * 2011-10-11 2016-03-15 Citrix Systems, Inc. Rules based detection and correction of problems on mobile devices of enterprise users
US20130103816A1 (en) * 2011-10-24 2013-04-25 Research In Motion Limited Multiplatform management system and method for mobile devices
US20130130653A1 (en) * 2011-11-22 2013-05-23 Vmware, Inc. User interface for controlling use of a business environment on a mobile device
US20130227636A1 (en) * 2012-02-24 2013-08-29 Appthority, Inc. Off-device anti-malware protection for mobile devices
US20130254831A1 (en) * 2012-03-23 2013-09-26 Lockheed Martin Corporation Method and apparatus for context aware mobile security
US20130298201A1 (en) * 2012-05-05 2013-11-07 Citrix Systems, Inc. Systems and methods for network filtering in vpn
US20130297700A1 (en) * 2012-05-07 2013-11-07 Citrix Systems, Inc. Enterprise managed systems with collaborative application support
US9424554B2 (en) * 2012-05-07 2016-08-23 Citrix Systems, Inc. Enterprise managed systems with collaborative application support
US20130305392A1 (en) * 2012-05-08 2013-11-14 Hagai Bar-El System, device, and method of secure entry and handling of passwords
US20130339517A1 (en) * 2012-06-15 2013-12-19 Symantec Corporation Techniques for providing dynamic account and device management
US20130347094A1 (en) * 2012-06-25 2013-12-26 Appthority, Inc. In-line filtering of insecure or unwanted mobile device software components or communications
US20140043136A1 (en) * 2012-08-09 2014-02-13 Herbert Ristock System and method for communication spread across multiple physical layer channels
US9258295B1 (en) * 2012-08-31 2016-02-09 Cisco Technology, Inc. Secure over-the-air provisioning for handheld and desktop devices and services
US20140075518A1 (en) * 2012-09-13 2014-03-13 Alephcloud Systems, Inc. Operator provisioning of a trustworthy workspace to a subscriber
US20140096215A1 (en) * 2012-09-28 2014-04-03 Christian J. Hessler Method for mobile security context authentication
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
US20140108792A1 (en) * 2012-10-12 2014-04-17 Citrix Systems, Inc. Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices
US20140122720A1 (en) * 2012-10-31 2014-05-01 Elwha Llc Methods and systems for managing device data
US20140129714A1 (en) * 2012-11-07 2014-05-08 Dell Products L.P. Application aware network virtualization
US20140173700A1 (en) * 2012-12-16 2014-06-19 Aruba Networks, Inc. System and method for application usage controls through policy enforcement
US20140181801A1 (en) * 2012-12-25 2014-06-26 Kaspersky Lab Zao System and method for deploying preconfigured software
US20140259007A1 (en) * 2013-03-06 2014-09-11 Microsoft Corporation Enterprise management for devices
US20140259178A1 (en) * 2013-03-06 2014-09-11 Microsoft Corporation Limiting enterprise applications and settings on devices
US20140280817A1 (en) * 2013-03-13 2014-09-18 Dell Products L.P. Systems and methods for managing connections in an orchestrated network
US20140278640A1 (en) * 2013-03-15 2014-09-18 Companyons, Inc. Business workflow management systems and methods
US20140279454A1 (en) * 2013-03-15 2014-09-18 Verizon Patent And Licensing Inc. Persona based billing
US20140297825A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Data management for an application with multiple operation modes
US20140330990A1 (en) * 2013-03-29 2014-11-06 Citrix Systems, Inc. Application with Multiple Operation Modes
US20140298402A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Data Management for an Application with Multiple Operation Modes
US20140298403A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Providing mobile device management functionalities
US20140330944A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Time-based Configuration Policy Toggling
US20140330945A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Location-based Configuration Policy Toggling
US20140331297A1 (en) * 2013-05-03 2014-11-06 Citrix Systems, Inc. Secured access to resources using a proxy
US20140344922A1 (en) * 2013-05-17 2014-11-20 Fixmo, Inc. Multi-profile mobile device interface for same user
US20140344420A1 (en) * 2013-05-20 2014-11-20 Citrix Systems, Inc. Proximity and context aware mobile workspaces in enterprise systems
US9225799B1 (en) * 2013-05-21 2015-12-29 Trend Micro Incorporated Client-side rendering for virtual mobile infrastructure
US9300720B1 (en) * 2013-05-21 2016-03-29 Trend Micro Incorporated Systems and methods for providing user inputs to remote mobile operating systems
US20130290426A1 (en) * 2013-06-06 2013-10-31 Sky Socket, Llc Social Media and Data Sharing Controls
US20150032867A1 (en) * 2013-07-25 2015-01-29 T-Mobil Usa, Inc. Device Management Service

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"AirWatch," 07/23/2012, https://web.archive.org/web/20120609111821/http://www.air-watch.com:80/solutions *

Cited By (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150046839A1 (en) * 2013-08-09 2015-02-12 Canon Kabushiki Kaisha Information processing apparatus, information processing method and computer-readable medium
US9218508B2 (en) * 2013-09-06 2015-12-22 Getac Technology Corporation Electronic device and protection method thereof
US20150074834A1 (en) * 2013-09-06 2015-03-12 Getac Technology Corporation Electronic device and protection method thereof
US9881480B2 (en) * 2013-12-20 2018-01-30 International Business Machines Corporation Mobile device loss prevention
US20150179046A1 (en) * 2013-12-20 2015-06-25 International Business Machines Corporation Mobile device loss prevention
US9881481B2 (en) * 2013-12-20 2018-01-30 International Business Machines Corporation Mobile device loss prevention
US20150179045A1 (en) * 2013-12-20 2015-06-25 International Business Machines Corporation Mobile device loss prevention
US10282970B2 (en) * 2013-12-20 2019-05-07 International Business Machines Corporation Mobile device loss prevention
US10276027B2 (en) * 2013-12-20 2019-04-30 International Business Machines Corporation Mobile device loss prevention
US20160330611A1 (en) * 2014-01-09 2016-11-10 Huawei Technologies Co., Ltd. Methods for sending and receiving user data and terminal devices
US9600465B2 (en) 2014-01-10 2017-03-21 Qualcomm Incorporated Methods and apparatuses for quantifying the holistic value of an existing network of devices by measuring the complexity of a generated grammar
US11687661B2 (en) 2014-06-03 2023-06-27 Amazon Technologies, Inc. Compartments
US10089476B1 (en) * 2014-06-03 2018-10-02 Amazon Technologies, Inc. Compartments
US10516667B1 (en) 2014-06-03 2019-12-24 Amazon Technologies, Inc. Hidden compartments
US10977377B2 (en) 2014-06-03 2021-04-13 Amazon Technologies, Inc. Parent and child account compartments
US9354841B2 (en) * 2014-08-13 2016-05-31 Smart Technologies Ulc Wirelessly communicating configuration data for interactive display devices
US10235121B2 (en) * 2014-08-13 2019-03-19 Smart Technologies Ulc Wirelessly communicating configuration data for interactive display devices
US20160239251A1 (en) * 2014-08-13 2016-08-18 Smart Technologies Ulc Wirelessly communicating configuration data for interactive display devices
EP3182682A4 (en) * 2014-11-21 2018-03-07 Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. Processing method and processing device for communication information about terminal and terminal
DE102014018891A1 (en) * 2014-12-17 2016-06-23 Giesecke & Devrient Gmbh Methods and apparatus for managing subscriptions on a security element
US20170118797A1 (en) * 2015-01-15 2017-04-27 Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. Dual System-Based Communication Method and Terminal
CN105847524A (en) * 2015-01-15 2016-08-10 宇龙计算机通信科技(深圳)有限公司 Dual-system-based communication method and terminal
US10037374B2 (en) 2015-01-30 2018-07-31 Qualcomm Incorporated Measuring semantic and syntactic similarity between grammars according to distance metrics for clustered data
US20240086135A1 (en) * 2015-02-02 2024-03-14 Samsung Electronics Co., Ltd. Multi-display based device
US10805409B1 (en) 2015-02-10 2020-10-13 Open Invention Network Llc Location based notifications
US11245771B1 (en) 2015-02-10 2022-02-08 Open Invention Network Llc Location based notifications
US10558472B1 (en) * 2015-02-10 2020-02-11 Open Invention Network Llc Security-based message management
EP3073773A3 (en) * 2015-03-23 2017-01-11 STMicroelectronics Srl Methods for performing a remote management of a multi-subscription sim module, and corresponding sim module and computer program product
US9536072B2 (en) * 2015-04-09 2017-01-03 Qualcomm Incorporated Machine-learning behavioral analysis to detect device theft and unauthorized device usage
WO2017042733A3 (en) * 2015-09-09 2017-07-06 Cell Buddy Network Ltd. Alias communication
US10586300B2 (en) 2015-11-10 2020-03-10 Gt Gettaxi Limited Graphical user interface (GUI) for implementing controls for geographic conveyance
RU2671249C2 (en) * 2015-11-10 2018-10-30 ДжиТи ГЕТТАКСИ ЛИМИТЕД Graphic user interface for implementation of control elements for geographical transportation
US11521289B2 (en) 2015-11-10 2022-12-06 Gt Gettaxi Systems Ltd Graphical user interface (GUI) for implementing controls for geographic conveyance
US10140438B2 (en) * 2015-12-16 2018-11-27 International Business Machines Corporation Hidden separation and access to data on a device
US20170177844A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Hidden separation and access to data on a device
US10366243B2 (en) * 2016-02-04 2019-07-30 Airwatch, Llc Preventing restricted content from being presented to unauthorized individuals
US9980165B2 (en) * 2016-02-10 2018-05-22 Airwatch Llc Visual privacy systems for enterprise mobility management
US11019517B2 (en) 2016-02-10 2021-05-25 Airwatch, Llc Visual privacy systems for enterprise mobility management
US10455440B2 (en) 2016-02-10 2019-10-22 Airwatch, Llc Visual privacy systems for enterprise mobility management
US11153771B2 (en) 2016-02-10 2021-10-19 Airwatch, Llc Visual privacy systems for enterprise mobility management
US10638345B2 (en) 2016-02-10 2020-04-28 Vmware, Inc. Visual privacy systems for enterprise mobility management
US20170278206A1 (en) * 2016-03-24 2017-09-28 Adobe Systems Incorporated Digital Rights Management and Updates
US11075900B2 (en) 2016-03-30 2021-07-27 Airwatch Llc Associating user accounts with enterprise workspaces
US20170288959A1 (en) * 2016-03-30 2017-10-05 Airwatch Llc Configuring enterprise workspaces
US10637723B2 (en) * 2016-03-30 2020-04-28 Airwatch Llc Configuring enterprise workspaces
US10382612B2 (en) * 2016-03-31 2019-08-13 Nec Corporation Business support system, business support method, information processing apparatus, communication device, and control methods and control programs of information processing apparatus and communication device
US20170329979A1 (en) * 2016-05-10 2017-11-16 International Business Machines Corporation Protecting enterprise data at each system layer
US10885206B2 (en) * 2016-05-10 2021-01-05 International Business Machines Corporation Protecting enterprise data at each system layer
US11468488B2 (en) * 2016-07-08 2022-10-11 Ubii Llc Virtual, location-based connection tool for service providers and users
US10025548B2 (en) 2016-08-09 2018-07-17 International Business Machines Corporation Automated display configuration
US10255016B2 (en) 2016-08-09 2019-04-09 International Business Machines Corporation Automated display configuration
US11005852B2 (en) * 2016-10-25 2021-05-11 Michael Ratiner System and method for securing electronic devices
US11012535B2 (en) 2016-11-22 2021-05-18 Airwatch Llc Management service migration using web applications
US10873511B2 (en) * 2016-11-22 2020-12-22 Airwatch Llc Management service migration for managed devices
US11336537B2 (en) 2016-11-22 2022-05-17 Airwatch Llc Management service migration for managed devices
US11336736B2 (en) 2016-11-22 2022-05-17 Airwatch Llc Management service migration using managed devices
US10924557B2 (en) 2016-11-22 2021-02-16 Airwatch Llc Management service migration using managed devices
US20200050469A1 (en) * 2017-02-21 2020-02-13 Privacy Software Solutions Ltd. A method and system for creating multi mobilephone environments and numbers on a single handset with single sim-card
US20200220945A1 (en) * 2017-09-18 2020-07-09 Privacy Software Solutions Ltd. A method for creating a pre-defined virtual mobilephone profile environment
US20190089595A1 (en) * 2017-09-18 2019-03-21 Cyber 2.0 (2015) LTD Automatic security configuration
US10652249B2 (en) 2017-10-31 2020-05-12 Microsoft Technology Licensing, Llc Remote locking a multi-user device to a set of users
WO2019089247A1 (en) * 2017-10-31 2019-05-09 Microsoft Technology Licensing, Llc Remote locking a multi-user device to a set of users
US10972468B2 (en) * 2017-11-21 2021-04-06 Vmware, Inc. Adaptive device enrollment
US10986078B2 (en) 2017-11-21 2021-04-20 Vmware, Inc. Adaptive device enrollment
US20190158500A1 (en) * 2017-11-21 2019-05-23 Vmware, Inc. Adaptive device enrollment
US11595395B2 (en) 2017-11-21 2023-02-28 Vmware, Inc. Adaptive device enrollment
US10798103B2 (en) 2017-11-21 2020-10-06 VWware, Inc. Adaptive device enrollment
US10749870B2 (en) 2017-11-21 2020-08-18 Vmware, Inc. Adaptive device enrollment
US10931716B2 (en) * 2018-02-09 2021-02-23 Vmware, Inc. Policy strength of managed devices
US20190253455A1 (en) * 2018-02-09 2019-08-15 Vmware, Inc. Policy strength of managed devices
US20210344664A1 (en) * 2020-04-29 2021-11-04 Motorola Mobility Llc Methods, Systems, and Electronic Devices for Selective Locational Preclusion of Access to Content
EP4013087A1 (en) * 2020-12-14 2022-06-15 Sandvine Corporation System and method for 5g mobile network management
US11871263B2 (en) 2020-12-14 2024-01-09 Sandvine Corporation System and method for 5G mobile network management

Also Published As

Publication number Publication date
US10129242B2 (en) 2018-11-13
US20160277387A1 (en) 2016-09-22
US20190044938A1 (en) 2019-02-07
US20150082371A1 (en) 2015-03-19
US11070543B2 (en) 2021-07-20

Similar Documents

Publication Publication Date Title
US11070543B2 (en) Multi-persona management and devices
US10326637B2 (en) Functionality management via application modification
US11204993B2 (en) Location-based configuration profile toggling
US9167104B2 (en) Telecommunications data usage management
US20180357440A1 (en) Personalized Meetings
US9585016B2 (en) Data communications management
US8914013B2 (en) Device management macros
EP3374858B1 (en) Creating and modifying applications from a mobile device
US20190325193A1 (en) Methods and systems for accessing computing systems with biometric identification
AU2014259659A1 (en) Time-based configuration policy toggling
KR20200008498A (en) Method and device for handling access of applications

Legal Events

Date Code Title Description
AS Assignment

Owner name: SKYSOCKET, LLC, GEORGIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BRANNON, JONATHAN BLAKE;DEWEESE, WILLIAM;STUNTEBECK, ERICH;REEL/FRAME:032402/0651

Effective date: 20131107

AS Assignment

Owner name: AIRWATCH LLC, GEORGIA

Free format text: MERGER;ASSIGNOR:SKY SOCKET, LLC;REEL/FRAME:033369/0291

Effective date: 20140623

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCV Information on status: appeal procedure

Free format text: NOTICE OF APPEAL FILED

STCV Information on status: appeal procedure

Free format text: APPEAL BRIEF (OR SUPPLEMENTAL BRIEF) ENTERED AND FORWARDED TO EXAMINER

STCV Information on status: appeal procedure

Free format text: EXAMINER'S ANSWER TO APPEAL BRIEF MAILED

STCV Information on status: appeal procedure

Free format text: APPEAL READY FOR REVIEW

STCV Information on status: appeal procedure

Free format text: ON APPEAL -- AWAITING DECISION BY THE BOARD OF APPEALS

STCV Information on status: appeal procedure

Free format text: BOARD OF APPEALS DECISION RENDERED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION