US20140195927A1 - Multi-Persona Devices and Management - Google Patents
Multi-Persona Devices and Management Download PDFInfo
- Publication number
- US20140195927A1 US20140195927A1 US14/203,836 US201414203836A US2014195927A1 US 20140195927 A1 US20140195927 A1 US 20140195927A1 US 201414203836 A US201414203836 A US 201414203836A US 2014195927 A1 US2014195927 A1 US 2014195927A1
- Authority
- US
- United States
- Prior art keywords
- persona
- user
- personas
- user device
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000005055 memory storage Effects 0.000 claims abstract description 22
- 238000004891 communication Methods 0.000 claims description 29
- 230000006870 function Effects 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 5
- 238000005192 partition Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 2
- 230000000717 retained effect Effects 0.000 claims 1
- 238000007726 management method Methods 0.000 description 125
- 238000000034 method Methods 0.000 description 55
- 230000015654 memory Effects 0.000 description 44
- 230000009977 dual effect Effects 0.000 description 23
- 238000003860 storage Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 16
- 238000000926 separation method Methods 0.000 description 12
- 230000009471 action Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 230000008859 change Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 8
- 238000009826 distribution Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 239000003795 chemical substances by application Substances 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 230000001413 cellular effect Effects 0.000 description 5
- 238000012512 characterization method Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 230000004069 differentiation Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000001747 exhibiting effect Effects 0.000 description 2
- 230000033001 locomotion Effects 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 238000005204 segregation Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 230000000881 depressing effect Effects 0.000 description 1
- 230000000994 depressogenic effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000010454 slate Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0481—Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
- G06F3/0482—Interaction with lists of selectable items, e.g. menus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/16—Constructional details or arrangements
- G06F1/1613—Constructional details or arrangements for portable computers
- G06F1/1633—Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/16—Constructional details or arrangements
- G06F1/1613—Constructional details or arrangements for portable computers
- G06F1/1633—Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
- G06F1/1637—Details related to the display arrangement, including those related to the mounting of the display in the housing
- G06F1/1647—Details related to the display arrangement, including those related to the mounting of the display in the housing including at least an additional display
Definitions
- BYOD programs allow employees to utilize personal mobile user devices to access enterprise resources.
- BYOD programs gain momentum and popularity amongst employers and employees, the concern and desire to ensure enterprise resources and personal content are kept separate grows as well.
- an organization's primary concerns relate to worker productivity, specific duties, and availability, while maintaining a secure and manageable user device environment.
- Employees appreciate the availability and convenience associated with wirelessly accessing enterprise resources and content, but desire assurance that the privacy of their personal content is upheld, even with corporate applications installed on their personal user devices.
- a device may comprise a housing embedding a display, one or more processors, and one or more memory storages.
- a first processor and/or memory storage may be dedicated to a first unique user persona and a second processor and/or memory storage may be dedicated to a second unique user persona.
- the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active.
- a “persona” generally relates to various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to end user devices to deploy changes to current attributes and/or configurations either by group definition or on an individual basis.
- multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
- the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
- the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
- one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
- Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- FIG. 1 is a block diagram illustrating an embodiment of an example environment consisting of multiple personas individually represented, yet simultaneously engaged via a network to a common and unique system.
- FIG. 2A is an example block diagram of a user device according to one embodiment.
- FIG. 2B illustrates an embodiment of a single device comprising multiple personas, managed by a persona management module.
- FIG. 3 is an example block diagram illustrating one embodiment entailing a unitary system comprising multiple personas supervised by a persona management module contemporaneously interacting with a mobile device management system and third party content via a communicatively coupled network.
- FIG. 4A illustrates an example embodiment of a single user device with a screen attached to either side comprising a dual screen user device.
- FIG. 4B illustrates an embodiment representing one screen of a dual screen device.
- FIG. 4C is an illustration of another embodiment of another screen encompassed in a dual screen device.
- FIG. 4D shows an example embodiment exhibiting multiple personas on a single screen of a user device.
- FIG. 5 is a flow chart illustrating an example method of multiple personas interfacing with a singular operating system, a persona management module, hardware and the relationship therein.
- FIG. 6 is a flow chart illustrating an example method for employing persona characteristics and settings on a user device via a management console.
- FIG. 7 is a flow chart illustrating a method of a user device comprising multiple personas receiving and implementing rules from a management console.
- FIG. 8 is a flow chart illustrating a method for managing data in connection with toggling personas on a user device in a multiple person environment according to one embodiment of the present disclosure.
- the technical effects of some example embodiments of this disclosure may include establishing control of access to networks and resources when access lists may not be predefined, and reducing and/or eliminating the burden of predefining access lists to control access to networks and resources. Moreover, the technical effects of some example embodiments may include enhancing network access control by assigning specific access rights based on access lists to client devices authorized to access associated network beacons and resources.
- Other technical effects of some example embodiments of this disclosure may include offering group management solutions to managing content access and distribution.
- users of a sales group may have read access to marketing documents and presentations, while users in a marketing group may be able to edit and/or annotate the market documents.
- users in an accounting or business services group may be the only ones with access to enterprise financial documents.
- These access controls may be provided by distributing authorization credentials to devices associated with users of the respective group.
- Each user may then authenticate to their device, such as by inputting a username, password, authentication key, and/or biometric data, before the device may access and/or retrieve the content authorized for distribution to that device.
- These authentication types are provided as examples only and are not intended to be limiting as many other types of user authentication are in use and/or may be contemplated in the future.
- aspects of the present disclosure relate to mobile device hardware and/or software or functionality for managing multiple personas on a given mobile device.
- Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device.
- a “persona” generally comprises various settings, policies, rules, configurations and/or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously.
- some embodiments enable remote access to the personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
- multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
- the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
- the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
- one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
- Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- Content access may be further limited by policies that enforce other compliance restrictions based on properties of the device such as time, location, device security and/or integrity, presence of another device, software versions, required software, etc.
- policies may designate student and instructor groups. These groups may be further assigned to specific classes such that only student group members associated with a given class may access content associated with that class. Further, edit access to the content for the class may be restricted to the user(s) in the instructor group and/or student group members may be permitted to add content that only the instructor may view (e.g., homework assignments).
- the instructor group user(s) may be able to push content to student group user(s) and/or activate temporary control of the students' devices to prevent the devices from accessing non-class related content during class time.
- an enterprise such as an educational institution and/or a business may implement a “bring your own device” (BYOD) policy to allow an employee to use his/her personal device to access enterprise resources rather than provide the user with an enterprise owned user device for such purpose.
- BYOD “bring your own device”
- a user device administrator i.e. IT administrator
- the user device administrator may enroll user devices into the management system to monitor the user devices for security vulnerabilities and to configure the user devices for secure access to enterprise resources.
- the user device administrator may create and/or configure at least one configuration profile via a user interface provided by the management system.
- a configuration profile may comprise a set of instructions and/or settings that configure the operations and/or functions of a user device, which may ensure the security of the accessed resources.
- the user device administrator may, for instance, configure an enterprise email configuration profile by specifying the network address and access credentials of an enterprise email account that the users of the user devices are authorized to access.
- configuration policies may include, but are not limited to, hardware, software, application, function, cellular, text message, and data use restrictions, which may be based at least in part on the current time and/or location of the restricted user device.
- the user device administrator may thereafter deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles.
- the user devices may also have access to personal configuration profiles that may be created by the users of the user devices.
- the user devices may, for instance, have access to a personal email configuration profile that was created by a user of the user device to provide access to her personal email account.
- a user device enrolled in a BYOD management system may have more than one configuration profile for a given use of the user device, such as a personal email configuration profile and an enterprise email configuration profile that are both used for accessing email accounts on the user device.
- the user devices may be instructed to enable and/or disable certain configuration profiles according to authorization rights specified by the user device administrator, such as location and/or time-based authorization rights.
- a BYOD policy may specify that user devices enrolled in the BYOD management system are authorized for personal use outside of the workday and are authorized for business use during the workday.
- a BYOD device may be restricted to enterprise uses while in work locations and/or prohibited from accessing enterprise resources while outside of secure work locations.
- a user device administrator may instruct the user devices to toggle between personal configuration policies and enterprise configuration policies based on factors such as the current time and/or location associated with the user device.
- the current time may be based on the current time at the current location of the user device, which may be determined by GPS, Wi-Fi, Cellular Triangulation, etc., or may be based on the current time at a configured primary location associated with the user device, which may be the primary office location of an employee user of the user device.
- time-based configuration profile toggling may be provided by instructing a user device to enable business configuration profiles and disable personal configuration profiles while the current time is between 9 AM and 5 PM at the current location of the user device, and to disable business configuration profiles and enable personal configuration profiles while the current time is between 5 PM and 9 AM at the current location of the user device.
- aspects of the present disclosure relate to mobile device hardware and/or associated software or functionality for managing multiple personas on a given mobile device.
- Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device, thus enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device.
- a “persona” generally comprises various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously.
- some embodiments enable remote access to a personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
- multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
- the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
- the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
- one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
- Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- Multiple persona device management generally relates to the implementation and management of a plurality of personas on a singular user device to segregate and quarantine a set of attributes relating to a singular persona from other personas accessible on the same user device.
- a persona may comprise a collection or group of data sets, configurations (assignment of resources, policies, rules, etc.), appearances, particular functionality, branding, billing parameters, physical components, and/or preferences with which a user device or a portion of a user device is associated.
- An example embodiment of multiple persona device management involves the ability, at an end user's discretion, to toggle between the various personas. Furthermore, the device may autonomously toggle between personas or present the option to toggle between personas based on predetermined triggering events embedded within the multiple persona device management technology.
- One example of implemented multiple persona device management comprises a family owning a single tablet device consisting of exclusive personas representing each family member. Thereby, each family member retains a unique set of applications, settings, and customizations associated with his or her respective persona.
- Another example entails a user device enrolled in a BYOD program in a work setting in which a mobile device management system merges multiple personas.
- the user device can separate an enterprise persona for receiving, accessing, and distributing corporate content and a personal persona for maintaining interaction with personal matters as shown in FIG. 1 .
- multiple persona management on a mobile device can be divided into at least two broad categories: (1) physical persona separation via either multiple physical components within a single mobile device, and/or (2) virtual persona separation via virtual division of components, data segregation, or the like.
- physical separation may include a device with multiple screens, multiple processors, multiple memories, etc.
- the virtual separation embodiments provide a virtual separation of components (e.g., virtual processors), or a data separation coupled with some visual or audible separation designation, or the like.
- FIG. 1 illustrates an example environment 100 comprising a single user device employing multiple personas (this example exhibits dual personas, but as will be understood and appreciated by one skilled in the art, one may elect to employ any number of personas on a single user device), an end user, and two separate hypothetical end user environments.
- an example of “two persona” or “dual persona” device management will be used for example purposes in connection with the presented Figures, but as will be understood by one of ordinary skill in the art, the example of dual persona device management is presented for example purposes only and any number of personas may be implemented on a user device 103 .
- enterprise end user 109 A is capable of accessing and conducting enterprise matters, such as reading and creating corporate email, viewing and editing documents, accessing content via Share Point, and matters of the like, on a persona 2 118 segment of the individual user device 103 .
- Persona 2 118 exemplifies the corporate partition of a dual persona device 103 with multiple persona device management applied to the user device 103 . This may be the primary active persona during working hours or while a GPS recognizes the end user's location to be in a corporate building or office.
- a personal persona 1 115 is still active on the back-end of the multiple persona device management system (or on the device 103 itself) and is simultaneously receiving and transmitting data intended for persona 1 115 .
- the illustrated embodiment represents the same user 109 B utilizing the same user device 103 in a personal environment (e.g., at home, in a restaurant, or other location away from the office).
- a persona 1 115 relates to the personal end user environment of the user 109 B in which all personal data (e.g., phone calls, text messages, non-enterprise email, personal applications, personal web browsing data, etc.) is distinctly routed and stored.
- the independent persona 1 115 allows an end user 109 B to maintain user device functionality in accordance with personal settings, characteristics and attributes separately from enterprise-related data and functionality.
- a data network 154 enables operative connections between persona 2 118 , persona 1 115 , third-party systems and products 124 , and a mobile device management system (MDMS) 121 for routing data amongst the involved entities.
- a data network 154 may comprise a wireless IEEE 802.b,g,n network, a cellular wireless network, Bluetooth technology, etc.
- the described mobile device management system (MDMS) 121 empowers enterprises to securely monitor, manage, and support a plurality of devices via wireless deployment of data configurations, applications, settings, permissions, and policies.
- Enterprises may deploy an MDMS 121 on a plurality of devices, such as mobile phones, smart tablets, laptops, etc., to ensure secure wireless access and distribution of corporate content.
- enterprises utilize the MDMS 121 for managing third-party content accessibility on enterprise user devices. While these restrictions on enterprise content would not be objectionable to most users, some may object to applying the same restrictions to personal user devices. Therefore, multiple persona device management as described herein supports the notion of segregating managed, secure mobile access to enterprise content to an enterprise persona while personal matter immunity is maintained on personal personas.
- the shown MDMS 121 comprises a mobile device management (MDM) database 139 and a MDM central module 122 .
- the MDM database 139 generally contains attributes typically monitored, modified, and manipulated by an administrator, as well as information necessary for the use of the multiple persona functionality.
- the MDM central module 122 comprises a management module 127 , content server 130 , secure email gateway 133 , and application catalog serving as separate entity portals for pushing and deploying configured attributes to end user devices.
- the individual modules within the MDM central module 122 are communicatively coupled with the MDM database 139 and the user device 103 , thereby ensuring proper attributes defined by an administrator are effectively enforced on applicable personas.
- the MDM database 139 and the MDM central module 122 generally represent the enterprise controlled server-side of the of the multiple persona device management application.
- the management module 127 (also called the admin console) recognizes a plurality of individually assigned personas associated with a plurality of user devices. An administrator can aptly engage the management module 127 , select a persona on a user device or group of personas on different user devices, and define rules and characterizations for the selected user devices. Accordingly, the management module 127 determines which policy is applicable to particular personas and subsequently distributes said policy to the appropriate personas on a given user device. In some embodiments, the management module 127 recognizes and addresses different operating systems embodied on user devices, thereby defining proper enforcement of rules and access to non-native data. (Details regarding the various processes carried out by the management console will be described in greater detail in connection with FIG. 3 .)
- a content server 130 of the MDM central module 122 serves as an access portal for various enterprise related subject matter parsed in separate partitions for access and distribution by identified personas.
- the content server 130 integrates and interacts with the management module 127 , which supports persona access, policies, and rules regarding authorization to corporate (or other managed) content.
- the content server 130 generally, but may not necessarily, comprises one or more local servers, cloud servers, and/or offsite servers.
- persona 2 118 engages with enterprise subject matter on the user device 103 in the enterprise environment when operated by the end user 109 A.
- persona 1 115 exhibiting an unmanaged personal persona, may be precluded from accessing to corporate content and subsequently denied rights to the content server 130 .
- the MDMS 121 has no access to or control over persona 1 115 .
- the presently-described embodiment includes a secure email gateway 133 that enables secure email access and distribution through the data network 150 within a corporate email exchange.
- the secure email gateway 133 behaves as a proxy server linking the enterprise email server and the data network.
- the coupled management module 127 has the ability to push enterprise policies set by an administrator to the secure email gateway 133 to enforce said enterprise policies.
- the MDM central module 122 comprise an application catalog 136 that is also integrated with the management module 127 .
- the application catalog 136 supports access to applications both enterprise specific applications and public applications.
- the enterprise persona 2 118 through the encapsulated rules and policies as set forth by an administrator sends requests to access and download applications to the application catalog 136 .
- the application catalog 136 serves as a portal governed by enforced policies to allow approved access to applications for a user's benefit.
- users 109 utilize a variety of third-party systems, applications, and email platforms via their personal user devices 103 . Often access to third party content is not as secure as most enterprise platforms and presents vulnerabilities concerning a device that can also access enterprise content. As illustrated in FIG. 1 , third-party systems and products 124 grant end-user access to third-party content through the data network 154 . In some embodiments, the public application store 145 permits users to access a plurality of third party applications. In some examples, an enterprise may preclude the enterprise persona, persona 2 118 , from accessing all outside applications. In such a scenario, an end user 109 still retains the ability to install and utilize outside applications on the personal persona (persona 1 115 ).
- Third-party email servers 148 may provide persona 1 115 access to personal emails. Other third-party content is pulled through the third-party content server 142 . In another embodiment, this content may be accessed by the enterprise persona 2 118 and the personal persona 1 115 depending on the current configuration the administrator has implemented on the user's device.
- FIG. 1 The discussions above in association with FIG. 1 are merely intended to provide an overview of an embodiment of the present system for multiple persona management on a mobile device utilizing a separation of hardware and/or software. Accordingly, it will be understood that the descriptions in this disclosure are not intended to limit in any way the scope of the present disclosure. Various embodiments regarding hardware and software implementations of the present device will be described next in greater detail.
- FIG. 2A is a block diagram of a user device 103 comprising a processor 209 and a memory 218 .
- the user device 103 shown in FIG. 2A is a representative “single component” device, i.e., the device does not include multiple hardware components for each respective persona.
- An example multiple-persona hardware device is shown in FIG. 2B .
- memory 218 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination.
- RAM random access memory
- ROM read-only memory
- Memory 218 may store executable programs and related data components of various applications and modules for execution by user device 103 .
- Memory 218 may be coupled to processor 209 for storing configuration data and operational parameters, such as commands that are recognized by processor 209 .
- Basic functionality of user device 103 may be provided by an operating system 221 contained in memory 218 .
- One or more programmed software applications may be executed by utilizing the computing resources in user device 103 .
- Applications stored in memory 218 may be executed by processor 209 (e.g., a central processing unit or digital signal processor) under the auspices of operating system 221 .
- processor 209 may be configured to execute applications such as web browsing applications, email applications, instant messaging applications, and/or other applications capable of receiving and/or providing data.
- Data provided as input to and generated as output from the application(s) may be stored in memory 218 and read by processor 209 from memory 218 as needed during the course of application program execution.
- Input data may be data stored in memory 218 by a secondary application or other source, either internal or external to user device 103 , or possibly anticipated by the application and thus created with the application program at the time it was generated as a software application program.
- Data may be received via any of a plurality of communication ports 215 of user device 103 .
- Communication ports 215 may allow user device 103 to communicate with other devices, and may comprise components such as an Ethernet network adapter, a modem, and/or a wireless network connectivity interface.
- the wireless network connectivity interface may comprise one and/or more of a PCI (Peripheral Component Interconnect) card, USB (Universal Serial Bus) interface, PCMCIA (Personal Computer Memory Card International Association) card, SDIO (Secure Digital Input-Output) card, NewCard, Cardbus, a modem, a wireless radio transceiver, and/or the like.
- PCI Peripheral Component Interconnect
- USB Universal Serial Bus
- PCMCIA Personal Computer Memory Card International Association
- SDIO Secure Digital Input-Output
- NewCard NewCard
- modem a wireless radio transceiver
- User device 103 may also receive data as user input via an input component 242 , such as a keyboard, a mouse, a pen, a stylus, a sound input device, a touch input device, a capture device, etc.
- a capture device may be operative to record user(s) and capture spoken words, motions and/or gestures, such as with a camera and/or microphone.
- the capture device may comprise any speech and/or motion detection device capable of detecting the speech and/or actions of the user(s).
- Data generated by applications may be stored in memory 218 by the processor 209 during the course of application program execution. Data may be provided to the user during application program execution by means of a display 206 . Consistent with embodiments of this disclosure, display 206 may comprise an integrated display screen and/or an output port coupled to an external display screen.
- Memory 218 may also comprise a platform library 224 .
- Platform library 224 may comprise a collection of functionality useful to multiple applications, such as may be provided by an application programming interface (API) to a software development kit (SDK). These utilities may be accessed by applications as necessary so that each application does not have to contain these utilities thus allowing for memory consumption savings and a consistent user interface.
- API application programming interface
- SDK software development kit
- user device 103 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape (not shown).
- additional data storage devices removable and/or non-removable
- User device 103 may comprise a desktop computer, a laptop computer, a personal digital assistant, a cellular telephone, a smartphone, a set-top box, a music player, a web pad, a tablet computer system, a game console, a mobile device, and/or any other device with like capability.
- User device 103 may store in a data store 227 a device profile 230 and a plurality of user preferences 233 .
- Device profile 230 may comprise an indication of the current position of user device 103 and/or indications of the hardware, software, and security attributes which describe user device 103 .
- device profile 230 may represent hardware specifications of user device 103 , version and configuration information of various software program and hardware components installed on user device 103 , data transmission protocols enabled on user device 103 , version and usage information of various resources stored on user device 103 , and/or any other attributes associated with the state of user device 103 .
- the device profile 230 may further comprise data indicating a date of last virus scan of user device 103 , a date of last access by an IT representative, a date of last service by the IT representative, and/or any other data indicating maintenance and usage of user device 103 . Furthermore, the device profile 230 may comprise indications of the past behavior of associated users, such as resources accessed, charges for resource accesses, and the inventory accessed from such resources.
- User preferences 233 may comprise a listing of factors that may affect the experience of the user. In particular, user preferences 154 may include indications of the user's age, gender, bodily traits, preferred resource types, preferred venue resources, and combinations thereof.
- FIG. 2B is a block diagram of a user device 103 with multiple personas. As shown, these personas may either be physical (multiple hardware components) or virtual. In some embodiments, the user device 103 is embedded with dual persona device management. According to some embodiments illustrated in FIG. 2 , there are two processors 210 A and 210 B, two wireless modules 213 A and 213 B, two communication ports 220 A and 220 B, two displays 207 A and 207 B, and two memory components 222 A and 222 B. Again, these dual processors can either be physical (e.g., two physical processors) or virtual (e.g., a single processor that is virtually divided via management software).
- a persona may comprise a “SIM persona” that is managed on a back-end and is portable to other devices.
- SIM persona may comprise a physical SIM card, it may comprise a virtual SIM card entity, or a virtual entity embedded on a user device 103 .
- several SIM personas may be implemented on a single device.
- a SIM card may possess one persona or multiple personas wherein the card is virtually split into separate representative entities containing the attributes and characterizations of the given personas. For the example wherein a SIM card contains one sole persona, an end user may carry multiple SIM cards and exchange them within the user device 103 based on location or time.
- a user device 103 may have the capability to support more than one SIM card simultaneously, maintaining persona 1 115 on one SIM card and persona 2 118 on another SIM card. In such an embodiment, as information travels through the data network 154 , the information subsequently propagates to the appropriate SIM card inside the user device 103 .
- an overarching process determines the routing of incoming data to the user device 103 .
- a persona management module 245 is employed to decide to which persona content should be delivered on the device.
- the persona management module 245 exercises back-end differentiations between shared and distinct features and/or functionality among personas.
- an agent resides on the dual persona implemented user device 103 for management of resources in connection with different personas.
- a hypervisor may serve as a persona management module 245 and embody a centralized means to deliver data to the appropriate persona.
- the user device 103 hence becomes a host machine on which the hypervisor resides and controls the related functionality in part or completely.
- the hypervisor creates “guest machines” or virtual machines on the user device 103 enabling the virtual machines to behave as their own separate operating system comprising their own persona.
- the hypervisor can represent a firmware, software, or hardware implementation wherein the input data and output data is recognized, identified and pushed by the hypervisor to its appropriate destination.
- persona 1 115 is as shown as personal persona and persona 2 118 is shown as an enterprise persona.
- the hypervisor recognizes the data as enterprise communication (based on tags or identifiers in the data), and subsequently routes the data to persona 2 118 .
- policies implemented with multiple persona device management are identified by an administrator and pushed to the hypervisor, allowing the hypervisor to act as the decision-making agent performing actions as the persona management module 245 .
- a device 103 may contain multiple hardware sets, each set corresponding to one unique persona.
- the device 103 comprises two components of each hardware portion (e.g., two physical processors 210 A and 210 B, two physical memory sets 222 A and 222 B, two wireless modules 220 A and 220 B, etc.).
- persona 1 115 transmits its corresponding data through a persona 1 wireless module 213 A, thereby leaving the interpretation and data storage respectively to the persona 1 processor 210 A and the persona 1 memory 222 A.
- a similar process transpires for persona 2 115 comprising its separate processor 210 B, memory 222 B and wireless module 213 B.
- a central process encapsulated in the persona management module 245 governs and routes the data and information transmitted to the user device 103 to the appropriate hardware set.
- Some embodiments comprise a combination of dual components and single components.
- a user device comprises two processors 210 A and 210 B, two sets of memory 222 A and 222 B, one wireless module 220 , and one communication port.
- the persona management module 245 integrates the policies and rules set by the administrator through MDMS and precludes access and distribution of data for particular personas. For example, if a policy is set which does not allow third-party email exchange access by persona 2 118 , when a request for access has propagated to the persona management module 245 , the request may be denied and the proper executable steps are initiated.
- one example embodiment of the device 103 may be constructed such that all hardware sets are entirely independent of each other with no overarching agent software or firmware.
- the address of the SIM card is coupled with the transmitted data; hence, the persona identified by the address receives the appropriate information.
- different hardware sets may utilize different operating systems.
- the personal persona, persona 1 222 A may utilize iOS for its operating system 225 A and the enterprise persona, persona 2 222 B, due to a corporate or enterprise preference, may utilize a version of Android as its operating system 225 B.
- the persona management module 245 may contain an agent application for communicating and pushing data to the Android operating system 222 B and a separate application programming interface (API) corresponding with the iOS operating system.
- an independent device profile 231 A and 231 B may be associated with each respective device, and may contain information such as operating system versions, last update of said operating system, serial numbers associated with an operating system, etc.
- the independent hardware sets may also comprise divergent network carriers integrated on the same user device 203 .
- FIG. 2B Also illustrated in FIG. 2B is an embodiment comprising dedicated communication ports 220 A and 220 B for each persona.
- the communication ports could consist of keyboard, mouse, power adapter, Ethernet port, or the like.
- all components of hardware may be separate, but share a power source or common battery.
- respective compliance rules 240 A and 240 B serve as the local user device 103 containers for compliance rules which have been pushed and implemented in connection with individual personas.
- policies and rules incorporated in the enterprise compliance rules 240 B engage with the persona 2 210 B processor, governing incoming data via the persona 2 wireless module 213 B, ensuring the policies and rules set forth by the enterprise maintain consistency and integrity.
- an embodiment of separated data stores 228 A and 228 B store respective persona characterizations.
- persona 2 118 may store in its data store 228 B preferences, persona usage details, enterprise branding information, configurations, and assignments of resources accessible to an administrator using MDMS 121 .
- the stored data within the data store 228 B enables an enterprise to access information to effectively monitor user device operation within the enterprise space.
- a user device 103 may comprise various combinations of a plurality of components.
- the user device comprises dual screens that are independently assigned to a persona.
- the user device 103 may comprise separate controls for each screen or each persona. Each independent set of controls may be embedded and assigned to manipulate actions within their designated persona.
- Another embodiment comprises a user device housing or form that will fit additional add-on components to expand or further facilitate the persona within the user device.
- One example comprises a keyboard comprising a toggle button that can engage the desired persona when the button is depressed or moved to a designated position.
- a user device may comprise a combination of embodiments (e.g., common controls that manipulate dual screens, dual controls dedicated to one screen, etc.).
- FIG. 3 an example block diagram is shown of a MDMS 121 architecture environment interacting with a data network 154 , third party systems and products 124 , and a user device 103 configured with dual persona device management.
- a user device 103 involved in a Bring Your Own Device (BYOD) program and coupled with a mobile device management system (MDMS) 121 .
- BYOD Bring Your Own Device
- MDMS mobile device management system
- an enterprise BYOD program is not necessarily the only application with the ability to benefit from multiple persona device management, and the intention of the following example is not intended to necessarily limit or restrict the scope and spirit of the present disclosure in any way.
- the MDMS 121 enables an administrator to create compliance rules and subsequently distribute those rules to a plurality of user devices to which the rules pertain.
- the user devices may contain a personal persona, persona 1 115 , and an enterprise persona, persona 2 118 , with (or without) a centralized governing agent, the persona management module 245 .
- the system illustrated in FIG. 3 promotes a back-end differentiation between shared and distinct functionality amongst a plurality of personas.
- some embodiments include a resident agent such as the persona management module 245 residing on the multi-persona device 103 .
- the persona management module 245 manages distinct and shared resources associated with data entering or exiting the user device. For example, as persona 1 115 requests access to the email store 348 within the third-party email gateway 348 , the persona management module 245 acknowledges persona 1 118 as the personal persona and allows access to third-party content such as the third-party email gateway 148 .
- the management module 127 in the MDMS 121 may push policies to some or all personas, specifying shared resources among personas and setting boundaries regarding the permitted level of communication among the personas. Yet according to another embodiment, the management module 127 may also push personal policies, enterprise policies, and meta-policies between the personas. Generally, meta-policies govern the shared resources, communication, and device-level functionality among the personas.
- the recently discussed embodiments exemplify different means of creating a native experience for the end user, where data intended for a specific persona is identified either before reaching the user device or upon reaching the user device and transferred to the appropriate persona within the user device.
- the MDM central module 122 includes the various modules an administrator utilizes to set functionality, configurations, appearances, preferences and various other attributes that are controlled and implemented with a MDMS 121 .
- the MDM database 139 houses the attributes utilized by the administrator via the MDMS user interface.
- various modules within the MDM central module 122 engage with the MDM database 139 to retrieve an appropriate attribute(s) selected by the administrator and push said attribute(s) via a data network 154 to the persona management module 245 .
- the persona management module 245 recognizes the attribute(s) and the persona for which it is intended, thereby pushing that attribute(s) to the appropriate persona.
- the MDM central module 122 through the management module 127 , pushes appropriate attributes to dedicated SIM cards within a user device embodying multi-persona device management.
- the server side of the management module 127 enables an administrator to log into the console, select a device or group of devices, compile rules for said device and push the policies and the rules to the user device 103 to control subsequent functionality of those devices.
- the management module 127 may authenticate data by verifying the credentials of the user device 103 , interpret said data and push commands back to the user device 103 in response to the commands received from the user device.
- the device side of the management module 127 enables a user device to request enrollment into a mobile device management system, receive compiled rules and policies, take actions in conjunction with receiving data from the management module 127 , and toggle among active personas within the user device 103 .
- the management module 127 also contains a self-service application that is available for utilization by device users.
- the self-service application comprises a user interface that is a pared-down version of the administrator management console interface. Users may log into the self-service application and view specific information about the enterprise persona, persona 2 118 , of the device and/or the personal persona, persona 1 115 . In another embodiment, users may only access the enterprise persona, while being unable to view the content of the personal persona.
- the self-service application comprises a limited set of mobile device management options available to the user.
- users may acquire the GPS location of the user device 103 , lock the user device 103 , perform an enterprise wipe or wipe the entire user device 103 , send messages to said device, etc.
- the enterprise wipe may de-partition the user device 103 and leave the personal persona as the only remaining persona.
- An enterprise wipe is a function wherein all enterprise data, characterizations, enterprise attributes, preferences, and settings are remotely erased from the enterprise persona.
- an entire device wipe remotely erases all data on both persona 1 115 and persona 2 118 , reverting the device to its original OEM state.
- the self-service feature offers users the ability to track user content or their user device and minimally manage the user device.
- another embodiment of the self-service application enables the management module 127 to configure a pre-defined limited set of options relating to multiple virtual hardware sets.
- the management module 127 transmits commands to the user device 103 to create multiple virtual hardware sets
- an end-user may log into the self-service section of the management console and access the pre-defined functionalities related to the multiple virtual hardware sets.
- the self-service component of the management module 127 enables users to access an interface and view specific data concerning their user device 103 and respective personas 115 and 118 .
- the management module 127 compiles rules and policies via the compliance rule store 330 and pushes those rules and policies to a user device 103 to create a determined number of virtual hardware sets.
- each hardware set comprises separate displays 207 A and 207 B, separate processors 201 A and 201 B, and separate memories 222 A and 222 B.
- each memory 222 A and 222 B comprises storage functionality that contains data respective to the persona with which it belongs.
- each display 207 A and 207 B is the respective user interface that a user 109 would use to access and perform operations pertaining to the respective persona.
- displays may be interchangeable and a user has the ability to toggle between displays according to the persona the user wishes to engage. For example, a user wishing to perform a function regarding persona 1 115 would toggle to display 1 207 A, access contents in memory 1 222 A through processor 1 210 A and execute some desired actions. After the desired actions are complete, the end-user may keep persona 1 115 active or toggle to another persona.
- the management module 127 directs configuration policies and compliance rules via the compliance rules store 330 to each of the represented personas.
- the management module 127 queries virtual machine characteristics and operating systems of each persona, compiles the rules and policies, and pushes the compiled rules and policies to the user devices based on the results of query.
- the policies and rules are stored in their respective persona rules stores 305 A and 305 B.
- the persona rules stores 305 A and 305 B manage their respective personas regarding implemented mobile device management policies set to monitor and regulate the user device 103 .
- a personal persona may not receive any compliance rules, data, or the like if that given persona is not managed or controlled by the MDMS 121 or MDM central module 122 . Additionally, with a lack of compliance rules and policies, persona 1 115 maintains the ability to access third-party data, uninhibited usage, and freedom of functionality as desired by end users enrolled in BYOD programs. In this way, true segregations between personas can occur in a way not previously contemplated. Further, persona 2 118 may store enterprise compliance policies in the persona 2 rule store 305 B, enforcing consistent enterprise persona functionality and maintaining secure access and distribution of enterprise content.
- some embodiments of the management module 127 send configuration policies and compliance rules to an overarching agent, the persona management module 245 , which configures the virtual machines based on those rules and policies.
- the persona management module 245 one function of the persona management module 245 is to delegate policies, rules, data access, and persona functionality to the subordinate personas.
- content assigned to personas is stored either in the personal content repository 333 or in the enterprise content repository 336 and both may be accessed through the content server 130 .
- personal content on the user device 103 is not accessible by the MDMS 121 .
- an administrator can distribute documents through the content server 130 coupled to the management module 127 to the content repositories.
- Rules and policies assigned to personas dictate persona interaction with content repositories, including third-party content repositories.
- communication is generally sent through the content server 130 ; hence, the content server 130 verifies whether the communication transmitted to a given persona is permissible.
- the content store 345 included an enterprise Share Point site
- the enterprise persona may possess policies granting access to the third-party content server 142 and the enterprise content 336 repository.
- Persona 2 (the enterprise persona), may initially “shake hands” with the content server 142 and the content server may authenticate the credentials of persona 2 118 . Consequently, persona 2 118 may fetch a document from the content store 345 , save said document in memory 2 222 B, and/or in the persona 2 content store 311 B, modify said document, and transfer it to the enterprise content 336 repository.
- a secure email gateway 133 may be incorporated in the MDM central module 122 and may comprise a proxy server between the enterprise email server (e.g. Microsoft Exchange) and the data network.
- an enterprise persona may retrieve email from the enterprise email through the secure email gateway 133 .
- the secure email gateway 133 may be configured to perform compliance checks against entities wishing to access enterprise email.
- the management module 127 is also integrated with the secure email gateway 133 .
- An administrator through the management console can push compliance rules to the secure email gateway 133 to change authentication requirements; thereby, storing said compliance rules in the compliance rule check 339 .
- the secure email gateway can determine whether a user device 103 is “jail broken”.
- An enterprise persona may retain appropriate compliance rules permitting access to the enterprise email, but the secure email gateway 133 will still restrict access to that persona if the user device 103 is jail broken. Further, an enterprise may allow access to predetermined third-party email gateways 148 , whereby the secure email gateway 133 will assess a persona's compliance rules, allow secure access to a third-party email gateway 148 , and subsequently permit admittance to a third-party email store 348 .
- the MDM central module 122 include an application catalog 136 for managing the applications of end users 109 .
- a graphical user interface 342 enables interaction with the application catalog 136 and provides an interface, such as a website or the like, presenting users with a list of authorized applications for chosen personas.
- an application portal resident on a user device 103 comprises a host of authorized downloadable apps.
- the application catalog 136 receives compliance rules and policies set by an administrator via the management module 127 .
- the application catalog 136 may provide access to public application stores 145 such as Google Play or the Apple Store.
- the application catalog 136 may contain links to public apps recommended for employee productivity.
- the enterprise persona may have policies permitting retention of all public apps or retention of specifically designated public applications.
- the application catalog 136 may comprise enterprise applications developed specifically for a company and may preclude access to such enterprise applications by a personal persona 115.
- the application catalog authenticates a persona's credentials before permitting a download of enterprise apps.
- a user can pull enterprise content 336 through the content server 130 and modify it using annotation features within a secure content application.
- the persona app stores 309 A and 309 B comprise applications downloaded from the application store 351 for their respective personas.
- one example embodiment of the present device may provide a lost device persona.
- a user device 103 may switch to a lost persona if the device moves outside of a recognized pattern as determined by GPS, or the user device 103 recognizes a period of inactivity, or exhibits some other atypical behavior.
- the GPS system will actively track and keep a dynamic record of each user's travel routine and, in the event of an identified deviation, automatically toggle to the lost persona.
- the lost persona may, for example, comprise settings and/or configuration information that may facilitate locating the device. For example, toggling the lost persona may cause one or more location services on the user device 103 to be engaged, such as a GPS coordinate transmission mode or the like.
- authentication may be required to toggle back to a managed user persona. For example, authentication may occur by inputting biometric metadata, a PIN or password, a programmable swipe gesture, or any similar authentication means.
- the device may also toggle to the lost device persona if initiated by the user or an administrator via the self-service application of the management module 127 (i.e., the user identifies the device as lost and sends instructions to the device indicating the same).
- the self-service application of the management module 127 may contain a map add-on or a map software application in which the user and/or the administrator may utilize to find lost user devices.
- the lost device persona offers additional security for enterprises and users who wish to keep access, devices, and content secure.
- the user device 103 may contain multiple physical hardware sets within the user device. Each hardware set generally represents a separate and independent persona.
- the embodiment comprising multiple physical hardware sets within a single user device 103 generally functions in a similar manner as embodiments of the device embedded with virtual machines. Further descriptions regarding functionality of both embodiments will be described in connection with FIGS. 6 , 7 , and 8 .
- a dual persona device 103 having two screens 118 and 115 is shown.
- a different display/screen is assigned to each persona and generally comprises the active display while a user interacts with the corresponding persona.
- the enterprise screen 118 will be illuminated and active while the personal persona 115 will be dim and visibly inactive.
- a user device 103 may comprise two separate screens 118 , 115 on one user device 103 ; hence, the given screen a user is utilizing dictates the presently active persona.
- an enterprise persona 118 is active on one screen 409 A, and is presented on one side of user device 103 .
- a personal persona 115 is presented on the opposing side of the user device 103 .
- a user depending on which persona he or she wishes to engage, utilizes the side and screen 409 B of the user device 103 embodying the desired persona.
- the dual displays may optionally comprise dual cameras on the user device 103 and may be used to present an augmented reality experience.
- one screen may display what the camera on the opposing side views.
- the screen may show the inside of the user's hand or images of the environment he/she is in, lending the impression there is no user device or the user device 103 is see-through.
- the camera may incorporate technology that will automatically dim or turn off the backlight of the persona not in use based on identifiable features, such as the palm of a user's hand or recognizing a face in front of the camera. The cameras may recognize the lack of light and dim the screens such as when the user device 103 is in a pocket or handbag.
- FIG. 4D illustrates another embodiment of the present dual persona device 103 .
- the embodiment shown includes one display possessing the ability to express one persona at a time or multiple personas simultaneously. As shown, a single display may be divided into halves representing a different persona on either side. In another embodiment, a border of the screen may be an alternative color representing a second screen, which may change and become active when the personas toggle.
- the device may indicate the active persona by displaying a persona identifier in small font at the top of the screen. In another embodiment, if the inactive persona receives a call, the screen may divide in half as shown in FIG. 4D , indicating a trigger event. The personas may be exchanged by touching or acknowledging the portion of the screen that represents the incoming persona.
- personas may be identified and/or delineated in a variety of ways.
- each persona may have a distinct and distinguishable ringtone.
- Persona display backgrounds may also change when toggling personas.
- an enterprise persona may display a company logo as a background, while a personal persona may display a personal picture of the user.
- all of the disclosed embodiments may be incorporated on the user device 103 or some combination of embodiments thereof. Further, the described examples are not intended to limit the spirit or scope of the present disclosure. As will be understood and appreciated by one of ordinary skill in the art, other embodiments may be implemented to distinguish between multiple personas on a single user device 103 .
- a persona generally relates to a collection of settings implemented in software and/or hardware that can be switched in and/or on a user device 103 based on a trigger event. As shown in FIG. 5 , a plurality of personas interact with a persona management module 245 and various incorporated hardware components, either via the operating system (or excluding the operating system) to communicate and execute commands.
- the central module (management module) 122 enables personas to be selected, communication rules and policies to be assigned to the personas within the user device 103 , and personas to interact within the limits of the selected rules and policies.
- the personas are able to interact with each other (e.g. share data, share contacts, etc.). Conversely, in another embodiment, the personas remain segregated with no communication between the two (or multiple). While personas may incorporate individual contact lists, in some embodiments, it may possible for a communal contact list accessible to any persona embedded on the user device 103 .
- toggling between personas may be executed via physical gestures that are recognized by the assimilated hardware and software in the user device 103 .
- flipping the user device 103 over creates an identical replica of the user device 103 with a second display on the other side.
- consecutive flipping of the user device 103 may cycle through embedded personas.
- An accelerometer or some other user device position detecting mechanism integrated in the hardware may be used to sense the rotation of the user device 103 .
- the hardware communicating via the operating system to a persona management module 245 expresses that the user has initiated a change in persona and the persona management module will activate another persona.
- initiating a change in persona may be executed by flipping or rotating the user device 103 a set number of multiple rotations for each toggle.
- a user with persona 1 501 active may shake the user device 103 a preset number of times. The shakes are recognized by the hardware and the hardware communicates with the persona management module 245 thereby switching the active persona to persona 2 503 (or some other persona).
- a plurality of gestures or actions may toggle between multiple personas. Toggling of personas may occur by holding down a button one the user device 103 for a set period of time, or depressing said button a number of times.
- the device may have a specifically designated button that may be used exclusively for the purpose of toggling personas.
- Another example embodiment utilizes swiping gestures at the top or bottom of the screen on the user device 103 to toggle through personas.
- persona 1 501 may be geolocation-based, such that persona 1 501 is active when a user device 103 is within a given distance of a designated location.
- a user device 103 switches virtual or physical SIMs assigned to different personas. Further, when the user is traveling abroad, a user device 103 may switch to a SIM appropriate for the visiting region, thereby receiving cheaper rates based on local service.
- persona 2 may be active during an established window of time on given days.
- persona 2 502 an enterprise persona
- persona 1 501 a personal persona
- User selection is also an option for selecting a persona, wherein the user device 103 prompts a user 109 to specify which persona is requested, followed by a PIN or password input into the device and processed by the persona management module 245 to access the requested persona.
- the persona management module 245 may require biometric data such as a fingerprint or a user's voice to toggle personas, or may use an electronic fob or watch (e.g., electronic timepiece) having near field communication (NFC) capability or other similar communication capability to toggle personas.
- biometric data such as a fingerprint or a user's voice
- electronic fob or watch e.g., electronic timepiece
- NFC near field communication
- the persona management module 245 may utilize signals from a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device, to toggle personas.
- a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device
- different fingers may be used to toggle to, or switch between, different personas.
- a right thumbprint may correspond to a trigger actuation of a work persona
- a left thumbprint may correspond to and trigger actuation of a personal persona.
- a work-related electronic fob may correspond to and trigger actuation of a work persona
- a digital watch may correspond to and trigger actuation of a personal persona, for example upon removal of the work-related fob from proximity of the device, such that the personal persona triggering device remains within the operative proximity.
- a trigger or triggering event may cause a switch or toggle through represented personas.
- a trigger forces or prompts a user to choose an active persona (e.g., an incoming phone call designated for an inactive persona wherein a user can choose to ignore or accept the call).
- a default persona may be set to receive all phone calls. However, a user may also be prompted to select which persona will be used to accept an incoming call.
- personas may be associated with different phone numbers recognized by the persona management module 245 , which directs incoming calls to the appropriate persona either persona based on the recognized number.
- an administrator may decide and implement via the MDMS 121 the most secure persona to accept an incoming call.
- FIG. 6 is a flow chart setting forth the general steps involved in a policy creation and deployment method 600 consistent with embodiments of this disclosure for providing assignment of compliance rules and policies to a user device and/or persona(s) by an administrator.
- method 600 may be implemented using a MDMS 121 , the management module 127 within a MDM central module 122 , a data network 154 , persona rules stores 305 A and 305 B, and a user device 103 , and various other components and modules as described above. Ways to implement the steps of method 600 will be described in greater detail below.
- method 600 may begin at block 605 , where an administrator logs into the MDMS 121 console and accesses the compliance rules store 330 through the management module 127 , and queries or selects group of personas to which the given rules or policies will apply.
- the persona or groups of personas queried may be selected according to different roles and responsibilities or due to enrolling a new employee into the BYOD program etc.
- an administrator may query personas implemented on virtual machines, hardware sets, or operating systems. After the desired persona(s) are found, method 600 moves to step 607 , at which point the desired persona(s) are selected.
- the administrator defines the rules to be implemented for the selected personas.
- rules might include access to secure email gateways 133 , content servers 130 , application catalogs 136 , etc. In other embodiments, default rules will apply.
- the administrator initiates the process of deploying the rules to the respective personas.
- rules defined by the administrator are compiled within the management module 127 based on operating systems of given personas.
- the management module 127 interacts with the MDM database 139 to assemble definitions representing the administrator defined rules and policies. After compiling the rules, the compiled rules and policies are deployed to the selected personas (step 613 ).
- data is received from the user device at step 615 . This data may include authentication checks, acknowledgement of enrollment, a server ping, etc.
- the management module 127 may receive data from the user device comprising acknowledgment of deployed rules and policies, a request for further instructions, etc.
- method 600 moves to the next step 617 and pushes commands back to the user devices and personas based on the received data and/or rules.
- FIG. 7 is a flow chart setting forth the general steps involved in a persona initiation process 700 from a user device 103 perspective.
- method 700 follows the steps of process 600 , but from a persona perspective on a user device 103 .
- method 700 may be implemented using a persona management module 245 , a data network 154 , a mobile device management system 121 , a MDM database 139 , a MDM central module, a compliance rules store 330 embedded in a management module 127 , and other systems described herein. Ways to implement method 700 will be described in greater detail below.
- method 700 may begin at step 705 , wherein a user requests enrollment into a mobile device management system. The enrollment request generally leaves the user device 103 and the request is sent over the data network 154 and is received and accepted by the management module 127 .
- the management module 127 deploys the already compiled rules via the data network 154 to the user device 103 . Successively, the compiled rules and policies are received at the user device 103 . Method 700 progresses to the next step 709 , where the compiled rules and policies are implemented on the user device 103 in association with the appropriate persona. In some embodiments, various rules are associated with respective personas.
- the user device 103 containing multiple embedded personas is able to toggle between personas.
- the device identifies and acknowledges data based on the compiled rules and policies designated for the individual persona (step 715 ).
- the persona/device can utilize one or both of two different paths; it can relay necessary data back to the console (step 713 ) or take some action based on the rules and/or data (step 717 ). This data could be an acknowledgement of receipt sent over the data network 154 back to the management module 127 and thereby ending the process.
- the persona can take a specific action based on the rules or data applied to the persona (step 717 ).
- FIG. 8 is a flow chart setting forth the general steps involved in a method 800 consistent with embodiments of this disclosure of toggling personas by either user initiation or an event trigger.
- method 800 may be implemented utilizing a user device 103 , a persona management module 245 , a data network 154 , one or more processors one a device, one or more displays on a device, and other components as described above. Ways to implement the steps of method 800 will be described in greater detail below.
- method 800 begins at a state in which the user device is in a steady state within a given persona.
- a user desires to access a persona or an event trigger occurs to access a given persona.
- an overarching entity such as embedded software, firmware, or a persona management module 245 performs an initial compliance check regarding the forthcoming persona, ensuring the persona is a managed persona.
- the persona is not a managed persona, and the user device 103 stays in its initial state.
- the device is in a managed persona and method 800 progresses to step 809 .
- Step 809 optionally requires user device 103 authentication to proceed to the next stage.
- authentication can be performed utilizing a plurality of processes such as a fingerprint scan, entering a PIN or password, swiping a specific pattern on the screen, a biometric access functionality, or the device may be configured for an automatic authorization without user input. If the authentication fails, method 800 propagates to step 810 , wherein a deny access or error message is displayed and the user device returns to the start state. If user authentication is successful, method 800 proceeds to step 811 and allows access to the managed and requested persona.
- the newly activated persona may require actions to be taken based on predetermined rules or receiving a set of data. For example, email communications may need to be sent to the persona at issue from the MDMS 121 . If so, then an indicator or identifier may be associated at the MDM database 139 with the data to be sent to the mobile device persona, and subsequently the data will be sent to the device.
- the persona waits for a trigger event to change personas. If a trigger event does not occur, the device will return to step 813 and repeat steps 813 - 817 as necessary. If a trigger is received, the device will propagate to step 819 , which is analogous to step 807 .
- the device checks if the trigger is from a managed persona. If the trigger is from a managed persona, method 800 advances to step 809 . In another embodiment, if the trigger is not from another managed persona, the device will move to step 821 , may cease monitoring the managed persona, and may disable communication, ending method 800 .
- the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active.
- a persona encompasses various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to deploy changes to current attributes and configurations either by group definition or on an individual basis.
- multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas.
- the central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona.
- the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona.
- one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona.
- Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- the embodiments and functionalities described herein may operate via a multitude of computing systems, including wired and wireless computing systems, mobile computing systems (e.g., mobile telephones, tablet or slate type computers, laptop computers, etc.).
- the embodiments and functionalities described herein may operate over distributed systems, where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet.
- User interfaces and information of various types may be displayed via on-board computing device displays or via remote display units associated with one or more computing devices. For example, user interfaces and information of various types may be displayed and interacted with on a wall surface onto which user interfaces and information of various types are projected.
- Computer readable media may include computer storage media.
- Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
- System memory, removable storage, and non-removable storage are all computer storage media examples (i.e., memory storage.)
- Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium, which can be used to store.
- Computer readable media may also include communication media.
- Communication media may be embodied by computer readable instructions, data structures, program modules, non-transitory media, and/or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media.
- modulated data signal may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal.
- communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
- RF radio frequency
- a number of applications and data files may be used to perform processes and/or methods as described above.
- the aforementioned processes are examples, and a processing unit may perform other processes.
- Other programming modules that may be used in accordance with embodiments of this disclosure may include electronic mail, calendar, and contacts applications, data processing applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
- program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types.
- embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like.
- Embodiments of this disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
- program modules may be located in both local and remote memory storage devices.
- embodiments of this disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors.
- Embodiments of this disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies.
- embodiments of the disclosure may be practiced within a general-purpose computer or in any other circuits or systems.
- Embodiments of this disclosure may, for example, be implemented as a computer process and/or method, a computing system, an apparatus, device, or appliance, and/or as an article of manufacture, such as a computer program product or computer readable media.
- the computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process.
- the computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process. Accordingly, the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.).
- embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system.
- a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- the computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM).
- RAM random access memory
- ROM read-only memory
- EPROM or Flash memory erasable programmable read-only memory
- CD-ROM portable compact disc read-only memory
- the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
- Embodiments of this disclosure may be practiced via a system-on-a-chip (SOC) where each and/or many of the elements described above may be integrated onto a single integrated circuit.
- SOC system-on-a-chip
- Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionalities, all of which may be integrated (or “burned”) onto the chip substrate as a single integrated circuit.
- the functionality, described herein, with respect to training and/or interacting with any element may operate via application-specific logic integrated with other components of the computing device/system on the single integrated circuit (chip).
- Embodiments of this disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure.
- the functions/acts noted in the blocks may occur out of the order as shown in any flowchart.
- two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
- Embodiments of the present disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure.
- the functions/acts noted in the blocks may occur out of the order as shown in any flowchart.
- two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
- Human Computer Interaction (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- This application claims benefit under 35 U.S.C. §119(e) of U.S. Provisional Patent Application No. 61/878,521, filed Sep. 16, 2013, and entitled “Multiple Persona Mobile Devices and Methods for Managing Same”, which is incorporated herein by reference as if set forth herein in its entirety.
- This application is related to co-pending U.S. patent application Ser. No. 14/074,110, filed Nov. 7, 2013, and entitled “Multi-Persona Management,” which is incorporated herein by reference as if set forth herein in its entirety.
- Many individuals and employers utilize mobile devices, such as personal digital assistants, smart phones, tablets, laptops, etc., to conduct business and personal related endeavors. Today's business obligations routinely require individuals to travel, attend various meetings, and perform tasks that frequently require individuals to be out of offices and away from their computers and other devices. It is becoming increasingly important for working individuals to have a means of connecting to various enterprise resources (e.g., corporate email, Share Point sites, work documents, etc.), regardless of the person's location. Corporations want to maximize productivity while enabling workers to leave the office during business hours and maintain their necessary responsibilities. Accordingly, many companies implement solutions (e.g., providing corporate user devices to their employees, utilizing mobile device management (MDM) applications, and incorporating Bring Your Own Device (BYOD) programs, etc.) that enable employee access to corporate content on mobile user devices. Further, the proliferation of mobile devices in every aspect of life, including home and personal use, is ever present.
- Companies that allow workers to access corporate networks and resources need to ensure such access is secure and sensitive material is protected from external intrusion. Providing corporate mobile devices with secure access to enterprise servers creates an efficient means of monitoring and regulating security, but this option is typically more costly for the employer with regards to wireless plans and employing sufficient IT personnel to monitor devices and server access attained by user devices. Thus, device management becomes a priority, responsibility, and obligation for the corporation. For example, if a problem occurs with a device, either hardware or software related, it is the duty of the employer to rectify the employee's need, thereby creating additional responsibilities for IT administrators and possibly a need for more IT personnel.
- BYOD programs allow employees to utilize personal mobile user devices to access enterprise resources. As BYOD programs gain momentum and popularity amongst employers and employees, the concern and desire to ensure enterprise resources and personal content are kept separate grows as well. Generally, an organization's primary concerns relate to worker productivity, specific duties, and availability, while maintaining a secure and manageable user device environment. Employees appreciate the availability and convenience associated with wirelessly accessing enterprise resources and content, but desire assurance that the privacy of their personal content is upheld, even with corporate applications installed on their personal user devices.
- Further, many households share personal user devices between some or all of the members of a household. Different users within the household may want personalized settings and attributes applied to the device while that particular individual utilizes the personal user device. Generally, with regards to most personal user devices, the active settings, characterizations, and attributes remain active on the personal user device until a user modifies them. Furthermore, there does not exist a mechanism to separate and containerize multiple individual internal compartments to serve as a unique repository, each exclusively assigned to one user. Therefore, in the scenario concerning multiple members of a family utilizing the same device, each time a new user engages the device, said user will be required to change the settings to their preferred configuration. Often, such actions are highly undesirable and time consuming, and leave individual users dissatisfied with the operation or configuration of the shared personal user device.
- Due to the aforementioned concerns, many users retain multiple devices to maintain a separation of entities. This approach provides a complete separation of personal and enterprise matters, ensuring a company cannot access personal content. The multiple device methodology also presents a clear visual and physical indication of separation. Additionally, many families own multiple identical user devices offering the various members of the household a unique user experience. While this presents a clear separation of entities and promotes individualism, this also proves to be more costly for the family. Other conventional approaches address this problem by utilizing a containerized application on personal user devices, wherein the enterprise or alternate environment is only accessible via user initiation of the application. This approach does not offer the user an autonomous notification of incoming data in the alternate environment, nor does it present an obvious physical and visual distinction of separation.
- Therefore, there is a long-felt but unresolved need to create and implement a plurality of separate entities or personas on an individual user device to preserve individualized attributes and present a clear distinction between the multiple entities. Likewise, multiple separate entities may be implemented on one individual user device ensuring enterprise data is separately, yet securely managed and preserving user's personal privacy.
- This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter. Neither is this Summary intended to be used to limit the claimed subject matter's scope.
- Apparatuses and devices configured with multiple user personas may be provided. For example, a device may comprise a housing embedding a display, one or more processors, and one or more memory storages. A first processor and/or memory storage may be dedicated to a first unique user persona and a second processor and/or memory storage may be dedicated to a second unique user persona.
- Briefly described, and according to some embodiments, the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active. As referred to herein, a “persona” generally relates to various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to end user devices to deploy changes to current attributes and/or configurations either by group definition or on an individual basis.
- According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- It is to be understood that both the foregoing general description and the following detailed description are examples and explanatory only, and should not be considered to restrict the disclosure's scope, as described and claimed. Further, features and/or variations may be provided in addition to those set forth herein. For example, embodiments of the disclosure may be directed to various feature combinations and sub-combinations described in the detailed description.
- Many aspects of the present disclosure can be better understood with reference to the following diagrams. The drawings are not necessarily to scale. Instead, emphasis is placed upon clearly illustrating certain features of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views. In the drawings:
-
FIG. 1 is a block diagram illustrating an embodiment of an example environment consisting of multiple personas individually represented, yet simultaneously engaged via a network to a common and unique system. -
FIG. 2A is an example block diagram of a user device according to one embodiment. -
FIG. 2B illustrates an embodiment of a single device comprising multiple personas, managed by a persona management module. -
FIG. 3 is an example block diagram illustrating one embodiment entailing a unitary system comprising multiple personas supervised by a persona management module contemporaneously interacting with a mobile device management system and third party content via a communicatively coupled network. -
FIG. 4A illustrates an example embodiment of a single user device with a screen attached to either side comprising a dual screen user device. -
FIG. 4B illustrates an embodiment representing one screen of a dual screen device. -
FIG. 4C is an illustration of another embodiment of another screen encompassed in a dual screen device. -
FIG. 4D shows an example embodiment exhibiting multiple personas on a single screen of a user device. -
FIG. 5 is a flow chart illustrating an example method of multiple personas interfacing with a singular operating system, a persona management module, hardware and the relationship therein. -
FIG. 6 is a flow chart illustrating an example method for employing persona characteristics and settings on a user device via a management console. -
FIG. 7 is a flow chart illustrating a method of a user device comprising multiple personas receiving and implementing rules from a management console. -
FIG. 8 is a flow chart illustrating a method for managing data in connection with toggling personas on a user device in a multiple person environment according to one embodiment of the present disclosure. - The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar elements. While example embodiments of the disclosure may be described, modifications, adaptations, and other implementations are possible. For example, substitutions, additions, or modifications may be made to the elements illustrated in the drawings, and the methods described herein may be modified by substituting, reordering, or adding stages to the disclosed methods. Accordingly, the following detailed description does not limit the disclosure. Instead, the proper scope of the disclosure is defined by the appended claims.
- The technical effects of some example embodiments of this disclosure may include establishing control of access to networks and resources when access lists may not be predefined, and reducing and/or eliminating the burden of predefining access lists to control access to networks and resources. Moreover, the technical effects of some example embodiments may include enhancing network access control by assigning specific access rights based on access lists to client devices authorized to access associated network beacons and resources.
- Other technical effects of some example embodiments of this disclosure may include offering group management solutions to managing content access and distribution. For example, users of a sales group may have read access to marketing documents and presentations, while users in a marketing group may be able to edit and/or annotate the market documents. Similarly, users in an accounting or business services group may be the only ones with access to enterprise financial documents. These access controls may be provided by distributing authorization credentials to devices associated with users of the respective group. Each user may then authenticate to their device, such as by inputting a username, password, authentication key, and/or biometric data, before the device may access and/or retrieve the content authorized for distribution to that device. These authentication types are provided as examples only and are not intended to be limiting as many other types of user authentication are in use and/or may be contemplated in the future.
- According to one example embodiment, aspects of the present disclosure relate to mobile device hardware and/or software or functionality for managing multiple personas on a given mobile device. Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device. Thus, enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device. As referred to herein, a “persona” generally comprises various settings, policies, rules, configurations and/or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously. Furthermore, some embodiments enable remote access to the personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
- According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- Content access may be further limited by policies that enforce other compliance restrictions based on properties of the device such as time, location, device security and/or integrity, presence of another device, software versions, required software, etc. For example, educational settings may designate student and instructor groups. These groups may be further assigned to specific classes such that only student group members associated with a given class may access content associated with that class. Further, edit access to the content for the class may be restricted to the user(s) in the instructor group and/or student group members may be permitted to add content that only the instructor may view (e.g., homework assignments). In some embodiments, the instructor group user(s) may be able to push content to student group user(s) and/or activate temporary control of the students' devices to prevent the devices from accessing non-class related content during class time.
- To reduce the cost of ownership of user devices and cellular and/or data service charges associated with use of such user devices, an enterprise such as an educational institution and/or a business may implement a “bring your own device” (BYOD) policy to allow an employee to use his/her personal device to access enterprise resources rather than provide the user with an enterprise owned user device for such purpose. To support such a BYOD policy, a user device administrator (i.e. IT administrator) may manage a group of personally owned user devices, via a management application executed by a management server in communication with the user devices over a network, to provide the user devices with secure access to enterprise resources.
- The user device administrator may enroll user devices into the management system to monitor the user devices for security vulnerabilities and to configure the user devices for secure access to enterprise resources. The user device administrator may create and/or configure at least one configuration profile via a user interface provided by the management system. A configuration profile may comprise a set of instructions and/or settings that configure the operations and/or functions of a user device, which may ensure the security of the accessed resources. The user device administrator may, for instance, configure an enterprise email configuration profile by specifying the network address and access credentials of an enterprise email account that the users of the user devices are authorized to access. Other configuration policies may include, but are not limited to, hardware, software, application, function, cellular, text message, and data use restrictions, which may be based at least in part on the current time and/or location of the restricted user device. The user device administrator may thereafter deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles.
- The user devices may also have access to personal configuration profiles that may be created by the users of the user devices. The user devices may, for instance, have access to a personal email configuration profile that was created by a user of the user device to provide access to her personal email account. Thus, a user device enrolled in a BYOD management system may have more than one configuration profile for a given use of the user device, such as a personal email configuration profile and an enterprise email configuration profile that are both used for accessing email accounts on the user device.
- The user devices may be instructed to enable and/or disable certain configuration profiles according to authorization rights specified by the user device administrator, such as location and/or time-based authorization rights. For example, a BYOD policy may specify that user devices enrolled in the BYOD management system are authorized for personal use outside of the workday and are authorized for business use during the workday. Similarly, a BYOD device may be restricted to enterprise uses while in work locations and/or prohibited from accessing enterprise resources while outside of secure work locations. To implement such a policy, a user device administrator may instruct the user devices to toggle between personal configuration policies and enterprise configuration policies based on factors such as the current time and/or location associated with the user device.
- The current time may be based on the current time at the current location of the user device, which may be determined by GPS, Wi-Fi, Cellular Triangulation, etc., or may be based on the current time at a configured primary location associated with the user device, which may be the primary office location of an employee user of the user device. As an example, time-based configuration profile toggling may be provided by instructing a user device to enable business configuration profiles and disable personal configuration profiles while the current time is between 9 AM and 5 PM at the current location of the user device, and to disable business configuration profiles and enable personal configuration profiles while the current time is between 5 PM and 9 AM at the current location of the user device.
- According to one example embodiment, aspects of the present disclosure relate to mobile device hardware and/or associated software or functionality for managing multiple personas on a given mobile device. Multiple persona device management generally comprises methods and systems for isolating, implementing, and provisioning multiple entities or personas on a single user device, thus enabling a persona to remain quarantined while simultaneously remaining active on the back-end of the device. As referred to herein, a “persona” generally comprises various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas can be categorized based on defined rules and policies applicable to those groups and managed simultaneously. Furthermore, some embodiments enable remote access to a personal user device to deploy changes of current attributes and configurations either by group definition or on an individual basis.
- According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- Multiple persona device management generally relates to the implementation and management of a plurality of personas on a singular user device to segregate and quarantine a set of attributes relating to a singular persona from other personas accessible on the same user device. A persona may comprise a collection or group of data sets, configurations (assignment of resources, policies, rules, etc.), appearances, particular functionality, branding, billing parameters, physical components, and/or preferences with which a user device or a portion of a user device is associated. There exists a plurality of embodiments regarding multiple persona device management implementations, which may be executed on an individual user device, offering different mechanisms for a user possessing the desire to access divergent sets of attributes while maintaining a separation of said attributes. An example embodiment of multiple persona device management involves the ability, at an end user's discretion, to toggle between the various personas. Furthermore, the device may autonomously toggle between personas or present the option to toggle between personas based on predetermined triggering events embedded within the multiple persona device management technology.
- One example of implemented multiple persona device management comprises a family owning a single tablet device consisting of exclusive personas representing each family member. Thereby, each family member retains a unique set of applications, settings, and customizations associated with his or her respective persona. Another example entails a user device enrolled in a BYOD program in a work setting in which a mobile device management system merges multiple personas. The user device can separate an enterprise persona for receiving, accessing, and distributing corporate content and a personal persona for maintaining interaction with personal matters as shown in
FIG. 1 . - Generally, multiple persona management on a mobile device, according to aspects of the present disclosure, can be divided into at least two broad categories: (1) physical persona separation via either multiple physical components within a single mobile device, and/or (2) virtual persona separation via virtual division of components, data segregation, or the like. As described in greater detail below, physical separation may include a device with multiple screens, multiple processors, multiple memories, etc. Generally, the virtual separation embodiments provide a virtual separation of components (e.g., virtual processors), or a data separation coupled with some visual or audible separation designation, or the like. These aspects and others will be described in greater detail below.
-
FIG. 1 illustrates anexample environment 100 comprising a single user device employing multiple personas (this example exhibits dual personas, but as will be understood and appreciated by one skilled in the art, one may elect to employ any number of personas on a single user device), an end user, and two separate hypothetical end user environments. Throughout this disclosure, an example of “two persona” or “dual persona” device management will be used for example purposes in connection with the presented Figures, but as will be understood by one of ordinary skill in the art, the example of dual persona device management is presented for example purposes only and any number of personas may be implemented on auser device 103. As shown,enterprise end user 109A is capable of accessing and conducting enterprise matters, such as reading and creating corporate email, viewing and editing documents, accessing content via Share Point, and matters of the like, on apersona 2 118 segment of theindividual user device 103.Persona 2 118 exemplifies the corporate partition of adual persona device 103 with multiple persona device management applied to theuser device 103. This may be the primary active persona during working hours or while a GPS recognizes the end user's location to be in a corporate building or office. In some embodiments, although the enterprise workspace is the primary active persona, apersonal persona 1 115 is still active on the back-end of the multiple persona device management system (or on thedevice 103 itself) and is simultaneously receiving and transmitting data intended forpersona 1 115. - Alternatively, as seen in
FIG. 1 , the illustrated embodiment represents thesame user 109B utilizing thesame user device 103 in a personal environment (e.g., at home, in a restaurant, or other location away from the office). Generally, apersona 1 115 relates to the personal end user environment of theuser 109B in which all personal data (e.g., phone calls, text messages, non-enterprise email, personal applications, personal web browsing data, etc.) is distinctly routed and stored. Theindependent persona 1 115 allows anend user 109B to maintain user device functionality in accordance with personal settings, characteristics and attributes separately from enterprise-related data and functionality. - In one embodiment shown in
FIG. 1 , adata network 154 enables operative connections betweenpersona 2 118,persona 1 115, third-party systems andproducts 124, and a mobile device management system (MDMS) 121 for routing data amongst the involved entities. Adata network 154 may comprise a wireless IEEE 802.b,g,n network, a cellular wireless network, Bluetooth technology, etc. Although the aforementioned represent typical communication systems, it will be understood by one of ordinary skill in the art that other signal carrying data propagation mechanisms could be utilized for communication between the different entities. - The described mobile device management system (MDMS) 121 empowers enterprises to securely monitor, manage, and support a plurality of devices via wireless deployment of data configurations, applications, settings, permissions, and policies. Enterprises may deploy an
MDMS 121 on a plurality of devices, such as mobile phones, smart tablets, laptops, etc., to ensure secure wireless access and distribution of corporate content. Further, enterprises utilize theMDMS 121 for managing third-party content accessibility on enterprise user devices. While these restrictions on enterprise content would not be objectionable to most users, some may object to applying the same restrictions to personal user devices. Therefore, multiple persona device management as described herein supports the notion of segregating managed, secure mobile access to enterprise content to an enterprise persona while personal matter immunity is maintained on personal personas. - Still referring to
FIG. 1 , the shownMDMS 121 comprises a mobile device management (MDM)database 139 and a MDMcentral module 122. TheMDM database 139 generally contains attributes typically monitored, modified, and manipulated by an administrator, as well as information necessary for the use of the multiple persona functionality. The MDMcentral module 122 comprises amanagement module 127,content server 130,secure email gateway 133, and application catalog serving as separate entity portals for pushing and deploying configured attributes to end user devices. The individual modules within the MDMcentral module 122 are communicatively coupled with theMDM database 139 and theuser device 103, thereby ensuring proper attributes defined by an administrator are effectively enforced on applicable personas. Further, theMDM database 139 and the MDMcentral module 122 generally represent the enterprise controlled server-side of the of the multiple persona device management application. - In one example embodiment of the present system, the management module 127 (also called the admin console) recognizes a plurality of individually assigned personas associated with a plurality of user devices. An administrator can aptly engage the
management module 127, select a persona on a user device or group of personas on different user devices, and define rules and characterizations for the selected user devices. Accordingly, themanagement module 127 determines which policy is applicable to particular personas and subsequently distributes said policy to the appropriate personas on a given user device. In some embodiments, themanagement module 127 recognizes and addresses different operating systems embodied on user devices, thereby defining proper enforcement of rules and access to non-native data. (Details regarding the various processes carried out by the management console will be described in greater detail in connection withFIG. 3 .) - According to one embodiment illustrated in
FIG. 1 , acontent server 130 of the MDMcentral module 122 serves as an access portal for various enterprise related subject matter parsed in separate partitions for access and distribution by identified personas. Thecontent server 130 integrates and interacts with themanagement module 127, which supports persona access, policies, and rules regarding authorization to corporate (or other managed) content. Thecontent server 130 generally, but may not necessarily, comprises one or more local servers, cloud servers, and/or offsite servers. In the embodiment shown,persona 2 118 engages with enterprise subject matter on theuser device 103 in the enterprise environment when operated by theend user 109A. Alternatively,persona 1 115, exhibiting an unmanaged personal persona, may be precluded from accessing to corporate content and subsequently denied rights to thecontent server 130. Further, in some embodiments, theMDMS 121 has no access to or control overpersona 1 115. - It is well known and understood by those of ordinary skill in the art that many corporate entities utilize enterprise dedicated electronic mail systems whereby traffic is regulated through a managed email portal (e.g., Microsoft Exchange). Accordingly, the presently-described embodiment includes a
secure email gateway 133 that enables secure email access and distribution through the data network 150 within a corporate email exchange. In one example embodiment, thesecure email gateway 133 behaves as a proxy server linking the enterprise email server and the data network. The coupledmanagement module 127 has the ability to push enterprise policies set by an administrator to thesecure email gateway 133 to enforce said enterprise policies. - Further, some embodiments of the MDM
central module 122 comprise anapplication catalog 136 that is also integrated with themanagement module 127. Theapplication catalog 136 supports access to applications both enterprise specific applications and public applications. Theenterprise persona 2 118 through the encapsulated rules and policies as set forth by an administrator sends requests to access and download applications to theapplication catalog 136. To increase mobile productivity, theapplication catalog 136 serves as a portal governed by enforced policies to allow approved access to applications for a user's benefit. - Generally, users 109 utilize a variety of third-party systems, applications, and email platforms via their
personal user devices 103. Often access to third party content is not as secure as most enterprise platforms and presents vulnerabilities concerning a device that can also access enterprise content. As illustrated inFIG. 1 , third-party systems andproducts 124 grant end-user access to third-party content through thedata network 154. In some embodiments, thepublic application store 145 permits users to access a plurality of third party applications. In some examples, an enterprise may preclude the enterprise persona,persona 2 118, from accessing all outside applications. In such a scenario, an end user 109 still retains the ability to install and utilize outside applications on the personal persona (persona 1 115). Third-party email servers 148 may providepersona 1 115 access to personal emails. Other third-party content is pulled through the third-party content server 142. In another embodiment, this content may be accessed by theenterprise persona 2 118 and thepersonal persona 1 115 depending on the current configuration the administrator has implemented on the user's device. - The discussions above in association with
FIG. 1 are merely intended to provide an overview of an embodiment of the present system for multiple persona management on a mobile device utilizing a separation of hardware and/or software. Accordingly, it will be understood that the descriptions in this disclosure are not intended to limit in any way the scope of the present disclosure. Various embodiments regarding hardware and software implementations of the present device will be described next in greater detail. -
FIG. 2A is a block diagram of auser device 103 comprising aprocessor 209 and amemory 218. Theuser device 103 shown inFIG. 2A is a representative “single component” device, i.e., the device does not include multiple hardware components for each respective persona. An example multiple-persona hardware device is shown inFIG. 2B . Depending on the configuration and type of device,memory 218 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination.Memory 218 may store executable programs and related data components of various applications and modules for execution byuser device 103.Memory 218 may be coupled toprocessor 209 for storing configuration data and operational parameters, such as commands that are recognized byprocessor 209. - Basic functionality of
user device 103 may be provided by anoperating system 221 contained inmemory 218. One or more programmed software applications may be executed by utilizing the computing resources inuser device 103. Applications stored inmemory 218 may be executed by processor 209 (e.g., a central processing unit or digital signal processor) under the auspices ofoperating system 221. For example,processor 209 may be configured to execute applications such as web browsing applications, email applications, instant messaging applications, and/or other applications capable of receiving and/or providing data. - Data provided as input to and generated as output from the application(s) may be stored in
memory 218 and read byprocessor 209 frommemory 218 as needed during the course of application program execution. Input data may be data stored inmemory 218 by a secondary application or other source, either internal or external touser device 103, or possibly anticipated by the application and thus created with the application program at the time it was generated as a software application program. Data may be received via any of a plurality ofcommunication ports 215 ofuser device 103.Communication ports 215 may allowuser device 103 to communicate with other devices, and may comprise components such as an Ethernet network adapter, a modem, and/or a wireless network connectivity interface. For example, the wireless network connectivity interface may comprise one and/or more of a PCI (Peripheral Component Interconnect) card, USB (Universal Serial Bus) interface, PCMCIA (Personal Computer Memory Card International Association) card, SDIO (Secure Digital Input-Output) card, NewCard, Cardbus, a modem, a wireless radio transceiver, and/or the like. -
User device 103 may also receive data as user input via aninput component 242, such as a keyboard, a mouse, a pen, a stylus, a sound input device, a touch input device, a capture device, etc. A capture device may be operative to record user(s) and capture spoken words, motions and/or gestures, such as with a camera and/or microphone. The capture device may comprise any speech and/or motion detection device capable of detecting the speech and/or actions of the user(s). - Data generated by applications may be stored in
memory 218 by theprocessor 209 during the course of application program execution. Data may be provided to the user during application program execution by means of adisplay 206. Consistent with embodiments of this disclosure,display 206 may comprise an integrated display screen and/or an output port coupled to an external display screen. -
Memory 218 may also comprise aplatform library 224.Platform library 224 may comprise a collection of functionality useful to multiple applications, such as may be provided by an application programming interface (API) to a software development kit (SDK). These utilities may be accessed by applications as necessary so that each application does not have to contain these utilities thus allowing for memory consumption savings and a consistent user interface. - Furthermore, embodiments of this disclosure may be practiced in conjunction with a graphics library, other operating systems, or any other application program and is not limited to any particular application or system. The devices described with respect to the Figures may have additional features or functionality. For example,
user device 103 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape (not shown). -
User device 103 may comprise a desktop computer, a laptop computer, a personal digital assistant, a cellular telephone, a smartphone, a set-top box, a music player, a web pad, a tablet computer system, a game console, a mobile device, and/or any other device with like capability. -
User device 103 may store in a data store 227 adevice profile 230 and a plurality ofuser preferences 233.Device profile 230 may comprise an indication of the current position ofuser device 103 and/or indications of the hardware, software, and security attributes which describeuser device 103. For instance,device profile 230 may represent hardware specifications ofuser device 103, version and configuration information of various software program and hardware components installed onuser device 103, data transmission protocols enabled onuser device 103, version and usage information of various resources stored onuser device 103, and/or any other attributes associated with the state ofuser device 103. Thedevice profile 230 may further comprise data indicating a date of last virus scan ofuser device 103, a date of last access by an IT representative, a date of last service by the IT representative, and/or any other data indicating maintenance and usage ofuser device 103. Furthermore, thedevice profile 230 may comprise indications of the past behavior of associated users, such as resources accessed, charges for resource accesses, and the inventory accessed from such resources.User preferences 233 may comprise a listing of factors that may affect the experience of the user. In particular,user preferences 154 may include indications of the user's age, gender, bodily traits, preferred resource types, preferred venue resources, and combinations thereof. -
FIG. 2B is a block diagram of auser device 103 with multiple personas. As shown, these personas may either be physical (multiple hardware components) or virtual. In some embodiments, theuser device 103 is embedded with dual persona device management. According to some embodiments illustrated inFIG. 2 , there are twoprocessors wireless modules communication ports displays memory components - In some embodiments, a persona may comprise a “SIM persona” that is managed on a back-end and is portable to other devices. A “SIM persona” may comprise a physical SIM card, it may comprise a virtual SIM card entity, or a virtual entity embedded on a
user device 103. In another embodiment, several SIM personas may be implemented on a single device. A SIM card may possess one persona or multiple personas wherein the card is virtually split into separate representative entities containing the attributes and characterizations of the given personas. For the example wherein a SIM card contains one sole persona, an end user may carry multiple SIM cards and exchange them within theuser device 103 based on location or time. In another embodiment, auser device 103 may have the capability to support more than one SIM card simultaneously, maintainingpersona 1 115 on one SIM card andpersona 2 118 on another SIM card. In such an embodiment, as information travels through thedata network 154, the information subsequently propagates to the appropriate SIM card inside theuser device 103. - In some embodiments, an overarching process determines the routing of incoming data to the
user device 103. According to some embodiments of dual persona device management, apersona management module 245 is employed to decide to which persona content should be delivered on the device. Thepersona management module 245 exercises back-end differentiations between shared and distinct features and/or functionality among personas. In some embodiments, an agent resides on the dual persona implementeduser device 103 for management of resources in connection with different personas. For example, a hypervisor may serve as apersona management module 245 and embody a centralized means to deliver data to the appropriate persona. Theuser device 103 hence becomes a host machine on which the hypervisor resides and controls the related functionality in part or completely. The hypervisor creates “guest machines” or virtual machines on theuser device 103 enabling the virtual machines to behave as their own separate operating system comprising their own persona. The hypervisor can represent a firmware, software, or hardware implementation wherein the input data and output data is recognized, identified and pushed by the hypervisor to its appropriate destination. - For example purposes and as illustrated in this disclosure,
persona 1 115 is as shown as personal persona andpersona 2 118 is shown as an enterprise persona. Thus, as a corporate email transmits to theuser device 103, the hypervisor recognizes the data as enterprise communication (based on tags or identifiers in the data), and subsequently routes the data topersona 2 118. In some embodiments, policies implemented with multiple persona device management are identified by an administrator and pushed to the hypervisor, allowing the hypervisor to act as the decision-making agent performing actions as thepersona management module 245. - According to the embodiment illustrated in
FIG. 2B , adevice 103 may contain multiple hardware sets, each set corresponding to one unique persona. In the example comprising dual persona device management, thedevice 103 comprises two components of each hardware portion (e.g., twophysical processors wireless modules persona 1 115 transmits its corresponding data through apersona 1wireless module 213A, thereby leaving the interpretation and data storage respectively to thepersona 1processor 210A and thepersona 1memory 222A. Likewise, a similar process transpires forpersona 2 115 comprising itsseparate processor 210B,memory 222B andwireless module 213B. In some embodiments, a central process encapsulated in thepersona management module 245 governs and routes the data and information transmitted to theuser device 103 to the appropriate hardware set. Some embodiments comprise a combination of dual components and single components. For example, in some embodiments, a user device comprises twoprocessors memory - In some embodiments, the
persona management module 245 integrates the policies and rules set by the administrator through MDMS and precludes access and distribution of data for particular personas. For example, if a policy is set which does not allow third-party email exchange access bypersona 2 118, when a request for access has propagated to thepersona management module 245, the request may be denied and the proper executable steps are initiated. - Further, as shown in
FIG. 2B , one example embodiment of thedevice 103 may be constructed such that all hardware sets are entirely independent of each other with no overarching agent software or firmware. In this embodiment, there may exist two independent SIM cards, each associated individually with each hardware set therefore containing the appropriate SIM card address for each persona. The address of the SIM card is coupled with the transmitted data; hence, the persona identified by the address receives the appropriate information. According to one example embodiment, different hardware sets may utilize different operating systems. For example, the personal persona,persona 1 222A, may utilize iOS for itsoperating system 225A and the enterprise persona,persona 2 222B, due to a corporate or enterprise preference, may utilize a version of Android as itsoperating system 225B. In an application with dual, independent operating systems, thepersona management module 245 may contain an agent application for communicating and pushing data to theAndroid operating system 222B and a separate application programming interface (API) corresponding with the iOS operating system. Associated with the independent operating systems, anindependent device profile same user device 203. - Also illustrated in
FIG. 2B is an embodiment comprisingdedicated communication ports - In some embodiments of the present disclosure wherein multiple hardware sets are implemented on the
user device 103 and as illustrated inFIG. 2B ,respective compliance rules 240A and 240B serve as thelocal user device 103 containers for compliance rules which have been pushed and implemented in connection with individual personas. In some embodiments, policies and rules incorporated in theenterprise compliance rules 240B engage with thepersona 2 210B processor, governing incoming data via thepersona 2wireless module 213B, ensuring the policies and rules set forth by the enterprise maintain consistency and integrity. Also, within the quarantined memories ofpersona 1 222A andpersona 2 222B, an embodiment of separateddata stores persona 2 118 may store in itsdata store 228B preferences, persona usage details, enterprise branding information, configurations, and assignments of resources accessible to anadministrator using MDMS 121. The stored data within thedata store 228B enables an enterprise to access information to effectively monitor user device operation within the enterprise space. - According to some embodiments, a
user device 103 may comprise various combinations of a plurality of components. For example, in some embodiments the user device comprises dual screens that are independently assigned to a persona. In some embodiments of the present disclosure, theuser device 103 may comprise separate controls for each screen or each persona. Each independent set of controls may be embedded and assigned to manipulate actions within their designated persona. Another embodiment comprises a user device housing or form that will fit additional add-on components to expand or further facilitate the persona within the user device. One example comprises a keyboard comprising a toggle button that can engage the desired persona when the button is depressed or moved to a designated position. Further, a user device may comprise a combination of embodiments (e.g., common controls that manipulate dual screens, dual controls dedicated to one screen, etc.). - Referring now to
FIG. 3 , an example block diagram is shown of aMDMS 121 architecture environment interacting with adata network 154, third party systems andproducts 124, and auser device 103 configured with dual persona device management. For discussion purposes, it can be assumed that the illustrations inFIG. 3 relate to auser device 103 involved in a Bring Your Own Device (BYOD) program and coupled with a mobile device management system (MDMS) 121. As will be generally understood and appreciated by one of ordinary skill in the art, an enterprise BYOD program is not necessarily the only application with the ability to benefit from multiple persona device management, and the intention of the following example is not intended to necessarily limit or restrict the scope and spirit of the present disclosure in any way. As previously described, theMDMS 121 enables an administrator to create compliance rules and subsequently distribute those rules to a plurality of user devices to which the rules pertain. Further, the user devices may contain a personal persona,persona 1 115, and an enterprise persona,persona 2 118, with (or without) a centralized governing agent, thepersona management module 245. - In some embodiments, the system illustrated in
FIG. 3 promotes a back-end differentiation between shared and distinct functionality amongst a plurality of personas. In connection with the back-end differentiation, some embodiments include a resident agent such as thepersona management module 245 residing on themulti-persona device 103. As previously described, thepersona management module 245 manages distinct and shared resources associated with data entering or exiting the user device. For example, aspersona 1 115 requests access to theemail store 348 within the third-party email gateway 348, thepersona management module 245 acknowledgespersona 1 118 as the personal persona and allows access to third-party content such as the third-party email gateway 148. - In some embodiments, the
management module 127 in theMDMS 121 may push policies to some or all personas, specifying shared resources among personas and setting boundaries regarding the permitted level of communication among the personas. Yet according to another embodiment, themanagement module 127 may also push personal policies, enterprise policies, and meta-policies between the personas. Generally, meta-policies govern the shared resources, communication, and device-level functionality among the personas. The recently discussed embodiments exemplify different means of creating a native experience for the end user, where data intended for a specific persona is identified either before reaching the user device or upon reaching the user device and transferred to the appropriate persona within the user device. - In some embodiments illustrated in
FIG. 3 , the MDMcentral module 122 includes the various modules an administrator utilizes to set functionality, configurations, appearances, preferences and various other attributes that are controlled and implemented with aMDMS 121. According to an embodiment of the present disclosure, theMDM database 139 houses the attributes utilized by the administrator via the MDMS user interface. In other embodiments, various modules within the MDMcentral module 122 engage with theMDM database 139 to retrieve an appropriate attribute(s) selected by the administrator and push said attribute(s) via adata network 154 to thepersona management module 245. Thepersona management module 245 recognizes the attribute(s) and the persona for which it is intended, thereby pushing that attribute(s) to the appropriate persona. In another embodiment, the MDMcentral module 122, through themanagement module 127, pushes appropriate attributes to dedicated SIM cards within a user device embodying multi-persona device management. - Generally, in connection with the functionality of the
management module 127, operations may be broken into two different spaces—a server side and a device side. As will be discussed later in the present disclosure in connection withFIG. 6 , the server side of themanagement module 127 enables an administrator to log into the console, select a device or group of devices, compile rules for said device and push the policies and the rules to theuser device 103 to control subsequent functionality of those devices. In another embodiment, themanagement module 127 may authenticate data by verifying the credentials of theuser device 103, interpret said data and push commands back to theuser device 103 in response to the commands received from the user device. The device side of themanagement module 127 enables a user device to request enrollment into a mobile device management system, receive compiled rules and policies, take actions in conjunction with receiving data from themanagement module 127, and toggle among active personas within theuser device 103. - In some embodiments (not shown), the
management module 127 also contains a self-service application that is available for utilization by device users. In some embodiments, the self-service application comprises a user interface that is a pared-down version of the administrator management console interface. Users may log into the self-service application and view specific information about the enterprise persona,persona 2 118, of the device and/or the personal persona,persona 1 115. In another embodiment, users may only access the enterprise persona, while being unable to view the content of the personal persona. In some embodiments, the self-service application comprises a limited set of mobile device management options available to the user. For example, users may acquire the GPS location of theuser device 103, lock theuser device 103, perform an enterprise wipe or wipe theentire user device 103, send messages to said device, etc. In another embodiment, the enterprise wipe may de-partition theuser device 103 and leave the personal persona as the only remaining persona. An enterprise wipe is a function wherein all enterprise data, characterizations, enterprise attributes, preferences, and settings are remotely erased from the enterprise persona. Likewise, an entire device wipe remotely erases all data on bothpersona 1 115 andpersona 2 118, reverting the device to its original OEM state. In the self-service application of themanagement module 127, a user does not have the ability to assign or change rules and policies with respect to any managed persona. In some embodiments, the self-service feature offers users the ability to track user content or their user device and minimally manage the user device. - Further, another embodiment of the self-service application enables the
management module 127 to configure a pre-defined limited set of options relating to multiple virtual hardware sets. In the instance where themanagement module 127 transmits commands to theuser device 103 to create multiple virtual hardware sets, an end-user may log into the self-service section of the management console and access the pre-defined functionalities related to the multiple virtual hardware sets. As previously described, the self-service component of themanagement module 127 enables users to access an interface and view specific data concerning theiruser device 103 andrespective personas - According to one embodiment shown in
FIG. 3 , themanagement module 127 compiles rules and policies via thecompliance rule store 330 and pushes those rules and policies to auser device 103 to create a determined number of virtual hardware sets. In some embodiments, there are two hardware sets corresponding to two personas. In the example shown inFIG. 3 , each hardware set comprisesseparate displays separate memories memory display function regarding persona 1 115 would toggle to display 1 207A, access contents inmemory 1 222A throughprocessor 1 210A and execute some desired actions. After the desired actions are complete, the end-user may keeppersona 1 115 active or toggle to another persona. - Still referring to
FIG. 3 , in some embodiments, themanagement module 127 directs configuration policies and compliance rules via the compliance rules store 330 to each of the represented personas. Themanagement module 127 queries virtual machine characteristics and operating systems of each persona, compiles the rules and policies, and pushes the compiled rules and policies to the user devices based on the results of query. The policies and rules are stored in their respective persona rulesstores stores user device 103. In some embodiments, a personal persona may not receive any compliance rules, data, or the like if that given persona is not managed or controlled by theMDMS 121 or MDMcentral module 122. Additionally, with a lack of compliance rules and policies,persona 1 115 maintains the ability to access third-party data, uninhibited usage, and freedom of functionality as desired by end users enrolled in BYOD programs. In this way, true segregations between personas can occur in a way not previously contemplated. Further,persona 2 118 may store enterprise compliance policies in thepersona 2rule store 305B, enforcing consistent enterprise persona functionality and maintaining secure access and distribution of enterprise content. - Also illustrated in
FIG. 3 , some embodiments of themanagement module 127 send configuration policies and compliance rules to an overarching agent, thepersona management module 245, which configures the virtual machines based on those rules and policies. As previously discussed, one function of thepersona management module 245 is to delegate policies, rules, data access, and persona functionality to the subordinate personas. - Still referring to
FIG. 3 , in some embodiments shown, content assigned to personas is stored either in thepersonal content repository 333 or in theenterprise content repository 336 and both may be accessed through thecontent server 130. In an alternate embodiment, personal content on theuser device 103 is not accessible by theMDMS 121. According to another embodiment, an administrator can distribute documents through thecontent server 130 coupled to themanagement module 127 to the content repositories. - Rules and policies assigned to personas dictate persona interaction with content repositories, including third-party content repositories. In some embodiments, communication is generally sent through the
content server 130; hence, thecontent server 130 verifies whether the communication transmitted to a given persona is permissible. For example, if thecontent store 345 included an enterprise Share Point site, the enterprise persona may possess policies granting access to the third-party content server 142 and theenterprise content 336 repository. Persona 2 (the enterprise persona), may initially “shake hands” with thecontent server 142 and the content server may authenticate the credentials ofpersona 2 118. Consequently,persona 2 118 may fetch a document from thecontent store 345, save said document inmemory 2 222B, and/or in thepersona 2content store 311B, modify said document, and transfer it to theenterprise content 336 repository. - Still referring to
FIG. 3 , in some embodiments asecure email gateway 133 may be incorporated in the MDMcentral module 122 and may comprise a proxy server between the enterprise email server (e.g. Microsoft Exchange) and the data network. According to compliance rules and policies, an enterprise persona may retrieve email from the enterprise email through thesecure email gateway 133. Thesecure email gateway 133 may be configured to perform compliance checks against entities wishing to access enterprise email. Themanagement module 127 is also integrated with thesecure email gateway 133. An administrator through the management console can push compliance rules to thesecure email gateway 133 to change authentication requirements; thereby, storing said compliance rules in thecompliance rule check 339. In another example embodiment, the secure email gateway can determine whether auser device 103 is “jail broken”. An enterprise persona may retain appropriate compliance rules permitting access to the enterprise email, but thesecure email gateway 133 will still restrict access to that persona if theuser device 103 is jail broken. Further, an enterprise may allow access to predetermined third-party email gateways 148, whereby thesecure email gateway 133 will assess a persona's compliance rules, allow secure access to a third-party email gateway 148, and subsequently permit admittance to a third-party email store 348. - Many companies enable employees to utilize productivity applications (apps) to facilitate work demands. Some embodiments of the MDM
central module 122 include anapplication catalog 136 for managing the applications of end users 109. In some embodiments, agraphical user interface 342 enables interaction with theapplication catalog 136 and provides an interface, such as a website or the like, presenting users with a list of authorized applications for chosen personas. In another embodiment, an application portal resident on auser device 103 comprises a host of authorized downloadable apps. In some embodiments, theapplication catalog 136 receives compliance rules and policies set by an administrator via themanagement module 127. Theapplication catalog 136 may provide access topublic application stores 145 such as Google Play or the Apple Store. In some embodiments, theapplication catalog 136 may contain links to public apps recommended for employee productivity. Alternatively, the enterprise persona may have policies permitting retention of all public apps or retention of specifically designated public applications. - In some embodiments, the
application catalog 136 may comprise enterprise applications developed specifically for a company and may preclude access to such enterprise applications by apersonal persona 115. In some embodiments, the application catalog authenticates a persona's credentials before permitting a download of enterprise apps. In another embodiment, a user can pullenterprise content 336 through thecontent server 130 and modify it using annotation features within a secure content application. In some embodiments, thepersona app stores application store 351 for their respective personas. - Furthermore, one example embodiment of the present device may provide a lost device persona. A
user device 103 may switch to a lost persona if the device moves outside of a recognized pattern as determined by GPS, or theuser device 103 recognizes a period of inactivity, or exhibits some other atypical behavior. In some embodiments, the GPS system will actively track and keep a dynamic record of each user's travel routine and, in the event of an identified deviation, automatically toggle to the lost persona. The lost persona may, for example, comprise settings and/or configuration information that may facilitate locating the device. For example, toggling the lost persona may cause one or more location services on theuser device 103 to be engaged, such as a GPS coordinate transmission mode or the like. In some embodiments, if theuser device 103 is in the lost device persona, authentication may be required to toggle back to a managed user persona. For example, authentication may occur by inputting biometric metadata, a PIN or password, a programmable swipe gesture, or any similar authentication means. In another embodiment, the device may also toggle to the lost device persona if initiated by the user or an administrator via the self-service application of the management module 127 (i.e., the user identifies the device as lost and sends instructions to the device indicating the same). The self-service application of themanagement module 127 may contain a map add-on or a map software application in which the user and/or the administrator may utilize to find lost user devices. The lost device persona offers additional security for enterprises and users who wish to keep access, devices, and content secure. - As described previously, in one example embodiment, the
user device 103 may contain multiple physical hardware sets within the user device. Each hardware set generally represents a separate and independent persona. The embodiment comprising multiple physical hardware sets within asingle user device 103 generally functions in a similar manner as embodiments of the device embedded with virtual machines. Further descriptions regarding functionality of both embodiments will be described in connection withFIGS. 6 , 7, and 8. - Referring to
FIGS. 4A , 4B, and 4C an embodiment of adual persona device 103 having twoscreens enterprise persona 118, theenterprise screen 118 will be illuminated and active while thepersonal persona 115 will be dim and visibly inactive. In some embodiments, auser device 103 may comprise twoseparate screens user device 103; hence, the given screen a user is utilizing dictates the presently active persona. In an example illustrated inFIGS. 4A and 4B , anenterprise persona 118 is active on onescreen 409A, and is presented on one side ofuser device 103. Likewise illustrated inFIGS. 4A and 4C , apersonal persona 115 is presented on the opposing side of theuser device 103. A user, depending on which persona he or she wishes to engage, utilizes the side andscreen 409B of theuser device 103 embodying the desired persona. - In some embodiments, the dual displays may optionally comprise dual cameras on the
user device 103 and may be used to present an augmented reality experience. Using the dual cameras on either side of the device, one screen may display what the camera on the opposing side views. For example, the screen may show the inside of the user's hand or images of the environment he/she is in, lending the impression there is no user device or theuser device 103 is see-through. Further, the camera may incorporate technology that will automatically dim or turn off the backlight of the persona not in use based on identifiable features, such as the palm of a user's hand or recognizing a face in front of the camera. The cameras may recognize the lack of light and dim the screens such as when theuser device 103 is in a pocket or handbag. -
FIG. 4D illustrates another embodiment of the presentdual persona device 103. The embodiment shown includes one display possessing the ability to express one persona at a time or multiple personas simultaneously. As shown, a single display may be divided into halves representing a different persona on either side. In another embodiment, a border of the screen may be an alternative color representing a second screen, which may change and become active when the personas toggle. The device may indicate the active persona by displaying a persona identifier in small font at the top of the screen. In another embodiment, if the inactive persona receives a call, the screen may divide in half as shown inFIG. 4D , indicating a trigger event. The personas may be exchanged by touching or acknowledging the portion of the screen that represents the incoming persona. - In various embodiments, personas may be identified and/or delineated in a variety of ways. For example, according to some embodiments of the present disclosure, each persona may have a distinct and distinguishable ringtone. Persona display backgrounds may also change when toggling personas. For example, an enterprise persona may display a company logo as a background, while a personal persona may display a personal picture of the user. Within multiple persona device management, all of the disclosed embodiments may be incorporated on the
user device 103 or some combination of embodiments thereof. Further, the described examples are not intended to limit the spirit or scope of the present disclosure. As will be understood and appreciated by one of ordinary skill in the art, other embodiments may be implemented to distinguish between multiple personas on asingle user device 103. - As previously described, a persona generally relates to a collection of settings implemented in software and/or hardware that can be switched in and/or on a
user device 103 based on a trigger event. As shown inFIG. 5 , a plurality of personas interact with apersona management module 245 and various incorporated hardware components, either via the operating system (or excluding the operating system) to communicate and execute commands. - The central module (management module) 122 enables personas to be selected, communication rules and policies to be assigned to the personas within the
user device 103, and personas to interact within the limits of the selected rules and policies. In some embodiments, the personas are able to interact with each other (e.g. share data, share contacts, etc.). Conversely, in another embodiment, the personas remain segregated with no communication between the two (or multiple). While personas may incorporate individual contact lists, in some embodiments, it may possible for a communal contact list accessible to any persona embedded on theuser device 103. - In some embodiments, toggling between personas may be executed via physical gestures that are recognized by the assimilated hardware and software in the
user device 103. In some embodiments, flipping theuser device 103 over creates an identical replica of theuser device 103 with a second display on the other side. In another embodiment, consecutive flipping of theuser device 103 may cycle through embedded personas. An accelerometer or some other user device position detecting mechanism integrated in the hardware may be used to sense the rotation of theuser device 103. The hardware communicating via the operating system to apersona management module 245 expresses that the user has initiated a change in persona and the persona management module will activate another persona. Likewise, initiating a change in persona may be executed by flipping or rotating the user device 103 a set number of multiple rotations for each toggle. In another embodiment, a user withpersona 1 501 active may shake the user device 103 a preset number of times. The shakes are recognized by the hardware and the hardware communicates with thepersona management module 245 thereby switching the active persona topersona 2 503 (or some other persona). - According to various other embodiments, a plurality of gestures or actions may toggle between multiple personas. Toggling of personas may occur by holding down a button one the
user device 103 for a set period of time, or depressing said button a number of times. The device may have a specifically designated button that may be used exclusively for the purpose of toggling personas. Another example embodiment utilizes swiping gestures at the top or bottom of the screen on theuser device 103 to toggle through personas. - As generally understood by one of ordinary skill in the art,
many user devices 103 feature embedded GPS components in the device hardware that are used to identify the position of auser device 103 whenever the device is powered on. According to some embodiments,persona 1 501 may be geolocation-based, such thatpersona 1 501 is active when auser device 103 is within a given distance of a designated location. In one aspect, auser device 103 switches virtual or physical SIMs assigned to different personas. Further, when the user is traveling abroad, auser device 103 may switch to a SIM appropriate for the visiting region, thereby receiving cheaper rates based on local service. - In another embodiment,
persona 2 may be active during an established window of time on given days. For example,persona 2 502 (an enterprise persona) may be active Monday through Friday during normal business hours andpersona 1 501 (a personal persona) maybe the active persona otherwise. User selection is also an option for selecting a persona, wherein theuser device 103 prompts a user 109 to specify which persona is requested, followed by a PIN or password input into the device and processed by thepersona management module 245 to access the requested persona. In another embodiment, thepersona management module 245 may require biometric data such as a fingerprint or a user's voice to toggle personas, or may use an electronic fob or watch (e.g., electronic timepiece) having near field communication (NFC) capability or other similar communication capability to toggle personas. - According to another aspect in this regard, the
persona management module 245 may utilize signals from a fingerprint reader such as that provided in the Apple® iPhone 5S, or other similar biometric device, to toggle personas. For example, different fingers may be used to toggle to, or switch between, different personas. A right thumbprint may correspond to a trigger actuation of a work persona, while a left thumbprint may correspond to and trigger actuation of a personal persona. Likewise, a work-related electronic fob may correspond to and trigger actuation of a work persona, and a digital watch may correspond to and trigger actuation of a personal persona, for example upon removal of the work-related fob from proximity of the device, such that the personal persona triggering device remains within the operative proximity. - Still referring to
FIG. 5 and according to some embodiments, a trigger or triggering event may cause a switch or toggle through represented personas. In some embodiments, a trigger forces or prompts a user to choose an active persona (e.g., an incoming phone call designated for an inactive persona wherein a user can choose to ignore or accept the call). In some embodiments, a default persona may be set to receive all phone calls. However, a user may also be prompted to select which persona will be used to accept an incoming call. In another embodiment, personas may be associated with different phone numbers recognized by thepersona management module 245, which directs incoming calls to the appropriate persona either persona based on the recognized number. In yet another embodiment, an administrator may decide and implement via theMDMS 121 the most secure persona to accept an incoming call. -
FIG. 6 is a flow chart setting forth the general steps involved in a policy creation anddeployment method 600 consistent with embodiments of this disclosure for providing assignment of compliance rules and policies to a user device and/or persona(s) by an administrator. As will be understood and appreciated,method 600 may be implemented using aMDMS 121, themanagement module 127 within a MDMcentral module 122, adata network 154, persona rulesstores user device 103, and various other components and modules as described above. Ways to implement the steps ofmethod 600 will be described in greater detail below. According to some embodiments,method 600 may begin atblock 605, where an administrator logs into theMDMS 121 console and accesses the compliance rules store 330 through themanagement module 127, and queries or selects group of personas to which the given rules or policies will apply. The persona or groups of personas queried may be selected according to different roles and responsibilities or due to enrolling a new employee into the BYOD program etc. In some embodiments, an administrator may query personas implemented on virtual machines, hardware sets, or operating systems. After the desired persona(s) are found,method 600 moves to step 607, at which point the desired persona(s) are selected. - According to some embodiments, at
step 609, the administrator defines the rules to be implemented for the selected personas. For example, rules might include access to secureemail gateways 133,content servers 130, application catalogs 136, etc. In other embodiments, default rules will apply. Once rules and policies have been designated, the administrator initiates the process of deploying the rules to the respective personas. - At
step 611 ofprocess 600, rules defined by the administrator are compiled within themanagement module 127 based on operating systems of given personas. In some embodiments, themanagement module 127 interacts with theMDM database 139 to assemble definitions representing the administrator defined rules and policies. After compiling the rules, the compiled rules and policies are deployed to the selected personas (step 613). In some embodiments, data is received from the user device atstep 615. This data may include authentication checks, acknowledgement of enrollment, a server ping, etc. In certain embodiments, themanagement module 127 may receive data from the user device comprising acknowledgment of deployed rules and policies, a request for further instructions, etc. In some embodiments,method 600 moves to thenext step 617 and pushes commands back to the user devices and personas based on the received data and/or rules. -
FIG. 7 is a flow chart setting forth the general steps involved in apersona initiation process 700 from auser device 103 perspective. Generally,method 700 follows the steps ofprocess 600, but from a persona perspective on auser device 103. In some embodiments,method 700 may be implemented using apersona management module 245, adata network 154, a mobiledevice management system 121, aMDM database 139, a MDM central module, a compliance rules store 330 embedded in amanagement module 127, and other systems described herein. Ways to implementmethod 700 will be described in greater detail below. In some embodiments,method 700 may begin atstep 705, wherein a user requests enrollment into a mobile device management system. The enrollment request generally leaves theuser device 103 and the request is sent over thedata network 154 and is received and accepted by themanagement module 127. - According to some embodiments, the
management module 127 deploys the already compiled rules via thedata network 154 to theuser device 103. Successively, the compiled rules and policies are received at theuser device 103.Method 700 progresses to thenext step 709, where the compiled rules and policies are implemented on theuser device 103 in association with the appropriate persona. In some embodiments, various rules are associated with respective personas. - At
step 711, after the given rules and policies have been implemented on each respective persona, theuser device 103 containing multiple embedded personas is able to toggle between personas. As data is received at the givendevice 103 during operation, the device identifies and acknowledges data based on the compiled rules and policies designated for the individual persona (step 715). In some embodiments atstep 715, the persona/device can utilize one or both of two different paths; it can relay necessary data back to the console (step 713) or take some action based on the rules and/or data (step 717). This data could be an acknowledgement of receipt sent over thedata network 154 back to themanagement module 127 and thereby ending the process. As described, the persona can take a specific action based on the rules or data applied to the persona (step 717). -
FIG. 8 is a flow chart setting forth the general steps involved in amethod 800 consistent with embodiments of this disclosure of toggling personas by either user initiation or an event trigger. In some embodiments,method 800 may be implemented utilizing auser device 103, apersona management module 245, adata network 154, one or more processors one a device, one or more displays on a device, and other components as described above. Ways to implement the steps ofmethod 800 will be described in greater detail below. According to some embodiments,method 800 begins at a state in which the user device is in a steady state within a given persona. Atstep 805, a user desires to access a persona or an event trigger occurs to access a given persona. Moving to step 807, an overarching entity such as embedded software, firmware, or apersona management module 245 performs an initial compliance check regarding the forthcoming persona, ensuring the persona is a managed persona. In some embodiments, the persona is not a managed persona, and theuser device 103 stays in its initial state. In another embodiment, the device is in a managed persona andmethod 800 progresses to step 809. - Step 809 optionally requires
user device 103 authentication to proceed to the next stage. According to various embodiments, authentication can be performed utilizing a plurality of processes such as a fingerprint scan, entering a PIN or password, swiping a specific pattern on the screen, a biometric access functionality, or the device may be configured for an automatic authorization without user input. If the authentication fails,method 800 propagates to step 810, wherein a deny access or error message is displayed and the user device returns to the start state. If user authentication is successful,method 800 proceeds to step 811 and allows access to the managed and requested persona. - According to some embodiments at
stage 813, the newly activated persona may require actions to be taken based on predetermined rules or receiving a set of data. For example, email communications may need to be sent to the persona at issue from theMDMS 121. If so, then an indicator or identifier may be associated at theMDM database 139 with the data to be sent to the mobile device persona, and subsequently the data will be sent to the device. Atstep 817, the persona waits for a trigger event to change personas. If a trigger event does not occur, the device will return to step 813 and repeat steps 813-817 as necessary. If a trigger is received, the device will propagate to step 819, which is analogous to step 807. - In some embodiments at
step 819, the device checks if the trigger is from a managed persona. If the trigger is from a managed persona,method 800 advances to step 809. In another embodiment, if the trigger is not from another managed persona, the device will move to step 821, may cease monitoring the managed persona, and may disable communication, endingmethod 800. - As has been described, and according to some embodiments, the present disclosure generally describes methods and systems for isolating, implementing, and provisioning multiple entities or personas on an individual user device, thus enabling multiple individual end-user environments to remain quarantined while simultaneously remaining active. As will be generally understood, a persona encompasses various settings, policies, rules, configurations or attributes associated with a particular end user environment. Accordingly, groups of individual personas may be categorized based on defined rules and policies applicable to said group and managed simultaneously. Other embodiments enable remote access to deploy changes to current attributes and configurations either by group definition or on an individual basis.
- According to one example embodiment, multiple personas may be managed via a central server (e.g., a content server or management module), which may serve as an intermediary between the multiple personas. The central server receives data from the device, identifies which persona initiated the data transfer, and sends the data on behalf of the identified persona. Similarly, the central server receives data from outside sources, identifies for which persona the data is intended and pushes said data to the appropriate persona. Further, one example embodiment virtually separates one set of hardware components (e.g., a single processor, memory, battery, etc.) into individual segments. Consequently, each segment houses and embodies a separate and quarantined persona. Yet other embodiments encompass multiple hardware sets (e.g., multiple processers, multiple memories, multiple batteries, etc.) independently coupled and dedicated for one or more respective persona.
- It is to be understood that both the foregoing general description and the following detailed description are examples and explanatory only, and should not be considered to restrict the disclosure's scope, as described and claimed. Further, features and/or variations may be provided in addition to those set forth herein. For example, embodiments of the disclosure may be directed to various feature combinations and sub-combinations described in the detailed description.
- The embodiments and functionalities described herein may operate via a multitude of computing systems, including wired and wireless computing systems, mobile computing systems (e.g., mobile telephones, tablet or slate type computers, laptop computers, etc.). In addition, the embodiments and functionalities described herein may operate over distributed systems, where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet. User interfaces and information of various types may be displayed via on-board computing device displays or via remote display units associated with one or more computing devices. For example, user interfaces and information of various types may be displayed and interacted with on a wall surface onto which user interfaces and information of various types are projected. Interaction with the multitude of computing systems with which embodiments of this disclosure may be practiced include, keystroke entry, touch screen entry, voice or other audio entry, gesture entry where an associated computing device is equipped with detection (e.g., camera) functionality for capturing and interpreting user gestures for controlling the functionality of the computing device, and the like. The Figures above and their associated descriptions provide a discussion of a variety of operating environments in which embodiments of this disclosure may be practiced. However, the devices and systems illustrated and discussed with respect to the Figures are for purposes of example and illustration and are not limiting of a vast number of computing device configurations that may be utilized for practicing embodiments of this disclosure as described herein.
- The term computer readable media as used herein may include computer storage media. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. System memory, removable storage, and non-removable storage are all computer storage media examples (i.e., memory storage.) Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium, which can be used to store.
- The term computer readable media as used herein may also include communication media. Communication media may be embodied by computer readable instructions, data structures, program modules, non-transitory media, and/or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term “modulated data signal” may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
- A number of applications and data files may be used to perform processes and/or methods as described above. The aforementioned processes are examples, and a processing unit may perform other processes. Other programming modules that may be used in accordance with embodiments of this disclosure may include electronic mail, calendar, and contacts applications, data processing applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
- Generally, consistent with embodiments of this disclosure, program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types. Moreover, embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like. Embodiments of this disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
- Furthermore, embodiments of this disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. Embodiments of this disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, embodiments of the disclosure may be practiced within a general-purpose computer or in any other circuits or systems.
- Embodiments of this disclosure may, for example, be implemented as a computer process and/or method, a computing system, an apparatus, device, or appliance, and/or as an article of manufacture, such as a computer program product or computer readable media. The computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process. The computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process. Accordingly, the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). In other words, embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. A computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM). Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
- Embodiments of this disclosure may be practiced via a system-on-a-chip (SOC) where each and/or many of the elements described above may be integrated onto a single integrated circuit. Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionalities, all of which may be integrated (or “burned”) onto the chip substrate as a single integrated circuit. When operating via an SOC, the functionality, described herein, with respect to training and/or interacting with any element may operate via application-specific logic integrated with other components of the computing device/system on the single integrated circuit (chip).
- Embodiments of this disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
- While certain embodiments have been described, other embodiments may exist. Furthermore, although embodiments of the present disclosure have been described as being associated with data stored in memory and other storage mediums, data can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or a CD-ROM, a carrier wave from the Internet, or other forms of RAM or ROM. Further, the disclosed methods' stages may be modified in any manner, including by reordering stages and/or inserting or deleting stages, without departing from the disclosure.
- Embodiments of the present disclosure, for example, are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
- While certain embodiments of the disclosure have been described, other embodiments may exist. Furthermore, although embodiments of the present disclosure have been described as being associated with data stored in memory and other storage mediums, data can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or a CD-ROM, a carrier wave from the Internet, or other forms of RAM or ROM. Further, the disclosed methods' stages may be modified in any manner, including by reordering stages and/or inserting or deleting stages, without departing from the disclosure.
- All rights including copyrights in the code included herein are vested in and the property of the Assignee. The Assignee retains and reserves all rights in the code included herein, and grants permission to reproduce the material only in connection with reproduction of the granted patent and for no other purpose.
- While the specification includes examples, the disclosure's scope is indicated by the following claims. Furthermore, while the specification has been described in language specific to structural features and/or methodological acts, the claims are not limited to the features or acts described above. Rather, the specific features and acts described above are disclosed as example for embodiments of the disclosure.
Claims (20)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/203,836 US20140195927A1 (en) | 2013-09-16 | 2014-03-11 | Multi-Persona Devices and Management |
US15/171,411 US20160277387A1 (en) | 2013-09-16 | 2016-06-02 | Multi-persona management and devices |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361878521P | 2013-09-16 | 2013-09-16 | |
US14/203,836 US20140195927A1 (en) | 2013-09-16 | 2014-03-11 | Multi-Persona Devices and Management |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/171,411 Continuation US20160277387A1 (en) | 2013-09-16 | 2016-06-02 | Multi-persona management and devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140195927A1 true US20140195927A1 (en) | 2014-07-10 |
Family
ID=51061988
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/074,110 Active 2033-12-19 US10129242B2 (en) | 2013-09-16 | 2013-11-07 | Multi-persona devices and management |
US14/203,836 Abandoned US20140195927A1 (en) | 2013-09-16 | 2014-03-11 | Multi-Persona Devices and Management |
US15/171,411 Abandoned US20160277387A1 (en) | 2013-09-16 | 2016-06-02 | Multi-persona management and devices |
US16/158,880 Active US11070543B2 (en) | 2013-09-16 | 2018-10-12 | Multi-persona management and devices |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/074,110 Active 2033-12-19 US10129242B2 (en) | 2013-09-16 | 2013-11-07 | Multi-persona devices and management |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/171,411 Abandoned US20160277387A1 (en) | 2013-09-16 | 2016-06-02 | Multi-persona management and devices |
US16/158,880 Active US11070543B2 (en) | 2013-09-16 | 2018-10-12 | Multi-persona management and devices |
Country Status (1)
Country | Link |
---|---|
US (4) | US10129242B2 (en) |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150046839A1 (en) * | 2013-08-09 | 2015-02-12 | Canon Kabushiki Kaisha | Information processing apparatus, information processing method and computer-readable medium |
US20150074834A1 (en) * | 2013-09-06 | 2015-03-12 | Getac Technology Corporation | Electronic device and protection method thereof |
US20150179045A1 (en) * | 2013-12-20 | 2015-06-25 | International Business Machines Corporation | Mobile device loss prevention |
US9354841B2 (en) * | 2014-08-13 | 2016-05-31 | Smart Technologies Ulc | Wirelessly communicating configuration data for interactive display devices |
DE102014018891A1 (en) * | 2014-12-17 | 2016-06-23 | Giesecke & Devrient Gmbh | Methods and apparatus for managing subscriptions on a security element |
CN105847524A (en) * | 2015-01-15 | 2016-08-10 | 宇龙计算机通信科技(深圳)有限公司 | Dual-system-based communication method and terminal |
US20160330611A1 (en) * | 2014-01-09 | 2016-11-10 | Huawei Technologies Co., Ltd. | Methods for sending and receiving user data and terminal devices |
US9536072B2 (en) * | 2015-04-09 | 2017-01-03 | Qualcomm Incorporated | Machine-learning behavioral analysis to detect device theft and unauthorized device usage |
EP3073773A3 (en) * | 2015-03-23 | 2017-01-11 | STMicroelectronics Srl | Methods for performing a remote management of a multi-subscription sim module, and corresponding sim module and computer program product |
US9600465B2 (en) | 2014-01-10 | 2017-03-21 | Qualcomm Incorporated | Methods and apparatuses for quantifying the holistic value of an existing network of devices by measuring the complexity of a generated grammar |
US20170177844A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Hidden separation and access to data on a device |
WO2017042733A3 (en) * | 2015-09-09 | 2017-07-06 | Cell Buddy Network Ltd. | Alias communication |
US20170278206A1 (en) * | 2016-03-24 | 2017-09-28 | Adobe Systems Incorporated | Digital Rights Management and Updates |
US20170288959A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Configuring enterprise workspaces |
US20170329979A1 (en) * | 2016-05-10 | 2017-11-16 | International Business Machines Corporation | Protecting enterprise data at each system layer |
EP3182682A4 (en) * | 2014-11-21 | 2018-03-07 | Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. | Processing method and processing device for communication information about terminal and terminal |
US9980165B2 (en) * | 2016-02-10 | 2018-05-22 | Airwatch Llc | Visual privacy systems for enterprise mobility management |
US10025548B2 (en) | 2016-08-09 | 2018-07-17 | International Business Machines Corporation | Automated display configuration |
US10037374B2 (en) | 2015-01-30 | 2018-07-31 | Qualcomm Incorporated | Measuring semantic and syntactic similarity between grammars according to distance metrics for clustered data |
US10089476B1 (en) * | 2014-06-03 | 2018-10-02 | Amazon Technologies, Inc. | Compartments |
RU2671249C2 (en) * | 2015-11-10 | 2018-10-30 | ДжиТи ГЕТТАКСИ ЛИМИТЕД | Graphic user interface for implementation of control elements for geographical transportation |
US20190089595A1 (en) * | 2017-09-18 | 2019-03-21 | Cyber 2.0 (2015) LTD | Automatic security configuration |
WO2019089247A1 (en) * | 2017-10-31 | 2019-05-09 | Microsoft Technology Licensing, Llc | Remote locking a multi-user device to a set of users |
US20190158500A1 (en) * | 2017-11-21 | 2019-05-23 | Vmware, Inc. | Adaptive device enrollment |
US10366243B2 (en) * | 2016-02-04 | 2019-07-30 | Airwatch, Llc | Preventing restricted content from being presented to unauthorized individuals |
US10382612B2 (en) * | 2016-03-31 | 2019-08-13 | Nec Corporation | Business support system, business support method, information processing apparatus, communication device, and control methods and control programs of information processing apparatus and communication device |
US20190253455A1 (en) * | 2018-02-09 | 2019-08-15 | Vmware, Inc. | Policy strength of managed devices |
US10516667B1 (en) | 2014-06-03 | 2019-12-24 | Amazon Technologies, Inc. | Hidden compartments |
US10558472B1 (en) * | 2015-02-10 | 2020-02-11 | Open Invention Network Llc | Security-based message management |
US20200050469A1 (en) * | 2017-02-21 | 2020-02-13 | Privacy Software Solutions Ltd. | A method and system for creating multi mobilephone environments and numbers on a single handset with single sim-card |
US20200220945A1 (en) * | 2017-09-18 | 2020-07-09 | Privacy Software Solutions Ltd. | A method for creating a pre-defined virtual mobilephone profile environment |
US10749870B2 (en) | 2017-11-21 | 2020-08-18 | Vmware, Inc. | Adaptive device enrollment |
US10798103B2 (en) | 2017-11-21 | 2020-10-06 | VWware, Inc. | Adaptive device enrollment |
US10873511B2 (en) * | 2016-11-22 | 2020-12-22 | Airwatch Llc | Management service migration for managed devices |
US10924557B2 (en) | 2016-11-22 | 2021-02-16 | Airwatch Llc | Management service migration using managed devices |
US10986078B2 (en) | 2017-11-21 | 2021-04-20 | Vmware, Inc. | Adaptive device enrollment |
US11005852B2 (en) * | 2016-10-25 | 2021-05-11 | Michael Ratiner | System and method for securing electronic devices |
US11012535B2 (en) | 2016-11-22 | 2021-05-18 | Airwatch Llc | Management service migration using web applications |
US11075900B2 (en) | 2016-03-30 | 2021-07-27 | Airwatch Llc | Associating user accounts with enterprise workspaces |
US20210344664A1 (en) * | 2020-04-29 | 2021-11-04 | Motorola Mobility Llc | Methods, Systems, and Electronic Devices for Selective Locational Preclusion of Access to Content |
EP4013087A1 (en) * | 2020-12-14 | 2022-06-15 | Sandvine Corporation | System and method for 5g mobile network management |
US11468488B2 (en) * | 2016-07-08 | 2022-10-11 | Ubii Llc | Virtual, location-based connection tool for service providers and users |
US20240086135A1 (en) * | 2015-02-02 | 2024-03-14 | Samsung Electronics Co., Ltd. | Multi-display based device |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8713173B2 (en) | 2008-12-19 | 2014-04-29 | Openpeak Inc. | System and method for ensuring compliance with organizational policies |
US9560469B2 (en) * | 2013-04-04 | 2017-01-31 | Winston Henderson | System and method for adapting an electronic device for different desired persona |
CN104090886B (en) * | 2013-12-09 | 2015-09-09 | 深圳市腾讯计算机系统有限公司 | The method that structure user draws a portrait in real time and device |
WO2015128684A2 (en) * | 2014-02-25 | 2015-09-03 | Pasztor Lénard Zoltan | Process and schematic for operating electronic devices by remote control and for collecting, utilising, and transmitting the operating parameters of such devices for the purposes of analysis |
DE102015205664A1 (en) * | 2015-03-30 | 2016-10-06 | Tobias Rückert | System and method for processing electronic messages |
US10169553B2 (en) * | 2015-06-29 | 2019-01-01 | Airwatch, Llc | Managing grouped student devices with timed locks |
CN105574436B (en) * | 2015-12-23 | 2019-11-26 | Tcl移动通信科技(宁波)有限公司 | A kind of personal information protecting method based on mobile terminal, system and mobile terminal |
US10628580B2 (en) | 2016-01-10 | 2020-04-21 | Apple Inc. | Containers shared by multiple users of a device |
US9769131B1 (en) * | 2016-08-02 | 2017-09-19 | Architecture Technology Corporation | Fast reconfiguring environment for mobile computing devices |
US20180061222A1 (en) * | 2016-08-25 | 2018-03-01 | Lénard Zoltan PASZTOR | Process and Schematic for Operating Electronic Devices By Remote Control and for Collecting, Utilising and Transmitting the Operating Parameters of Such Devices for the Purposes of Analysis |
US10601877B2 (en) | 2017-12-21 | 2020-03-24 | At&T Intellectual Property I, L.P. | High-definition voice for fixed mobile convergence on mobile and wireline networks |
US20200028879A1 (en) * | 2018-07-17 | 2020-01-23 | Microsoft Technology Licensing, Llc | Queryless device configuration determination-based techniques for mobile device management |
US11184223B2 (en) | 2018-07-31 | 2021-11-23 | Microsoft Technology Licensing, Llc | Implementation of compliance settings by a mobile device for compliance with a configuration scenario |
US11336645B2 (en) * | 2018-10-10 | 2022-05-17 | Citrix Systems, Inc. | Computing system providing SaaS application access with different capabilities based upon user personas |
US11159531B2 (en) * | 2019-02-01 | 2021-10-26 | Citrix Systems, Inc. | Computer system providing anonymous remote access to shared computing sessions and related methods |
US11308201B2 (en) * | 2019-02-05 | 2022-04-19 | Sennco Solutions, Inc. | MDM-based persistent security monitoring |
US11182800B2 (en) | 2019-04-08 | 2021-11-23 | Bank Of America Corporation | Controlling enterprise software policy compliance assessment processes based on quantum combinations of assessment elements |
US11368373B2 (en) * | 2020-06-16 | 2022-06-21 | Citrix Systems, Inc. | Invoking microapp actions from user applications |
US11568408B1 (en) * | 2020-08-05 | 2023-01-31 | Anonyome Labs, Inc. | Apparatus and method for processing virtual credit cards for digital identities |
EP4196868A4 (en) * | 2021-01-21 | 2024-02-21 | Samsung Electronics Co., Ltd. | Methods and systems for customizing devices in an iot environment using self-adaptive mechanism |
US12058138B2 (en) * | 2021-08-31 | 2024-08-06 | At&T Intellectual Property I, L.P. | Securing corporate assets in the home |
US11861048B2 (en) | 2022-03-31 | 2024-01-02 | Motorola Solutions, Inc. | Operation mode selection and synchronization for converged devices |
Citations (69)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5778060A (en) * | 1996-04-19 | 1998-07-07 | At&T Corp | Work at home ACD agent network with cooperative control |
US5857021A (en) * | 1995-11-07 | 1999-01-05 | Fujitsu Ltd. | Security system for protecting information stored in portable storage media |
US5889845A (en) * | 1995-11-15 | 1999-03-30 | Data Race, Inc. | System and method for providing a remote user with a virtual presence to an office |
US5974424A (en) * | 1997-07-11 | 1999-10-26 | International Business Machines Corporation | Parallel file system and method with a metadata node |
US20020147801A1 (en) * | 2001-01-29 | 2002-10-10 | Gullotta Tony J. | System and method for provisioning resources to users based on policies, roles, organizational information, and attributes |
US20020156904A1 (en) * | 2001-01-29 | 2002-10-24 | Gullotta Tony J. | System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations |
US20030120717A1 (en) * | 2001-12-21 | 2003-06-26 | Callaway Jeri L. | Method for managing personal and work-related matters |
US20040123150A1 (en) * | 2002-12-18 | 2004-06-24 | Michael Wright | Protection of data accessible by a mobile device |
US20050033722A1 (en) * | 2003-08-08 | 2005-02-10 | International Business Machines Corporation | Personality switch hard drive shim |
US20050108297A1 (en) * | 2003-11-17 | 2005-05-19 | Microsoft Corporation | Transfer of user profiles using portable storage devices |
US20060112416A1 (en) * | 2004-11-08 | 2006-05-25 | Ntt Docomo, Inc. | Device management apparatus, device, and device management method |
US20060236363A1 (en) * | 2002-09-23 | 2006-10-19 | Credant Technologies, Inc. | Client architecture for portable device with security policies |
US20060288229A1 (en) * | 2000-07-25 | 2006-12-21 | Activcard Ireland Limited | Flexible method of user authentication |
US20070089111A1 (en) * | 2004-12-17 | 2007-04-19 | Robinson Scott H | Virtual environment manager |
US20070198834A1 (en) * | 2003-11-27 | 2007-08-23 | Rached Ksontini | Method For The Authentication Of Applications |
US20080032668A1 (en) * | 2003-12-23 | 2008-02-07 | Cuihtlauac Alvarado | Telecommunication Terminal Comprising Two Execution Spaces |
US20080194296A1 (en) * | 2007-02-14 | 2008-08-14 | Brian Roundtree | System and method for securely managing data stored on mobile devices, such as enterprise mobility data |
US20090125632A1 (en) * | 2007-11-12 | 2009-05-14 | Purpura Robert J | Method and system for controlling client access to a server application |
US20100192212A1 (en) * | 2009-01-28 | 2010-07-29 | Gregory G. Raleigh | Automated device provisioning and activation |
US20100235881A1 (en) * | 2009-03-11 | 2010-09-16 | Microsoft Corporation | Enabling Sharing of Mobile Communication Device |
US20100330961A1 (en) * | 2009-06-26 | 2010-12-30 | Vmware, Inc. | Providing security in virtualized mobile devices |
US20120054853A1 (en) * | 2010-08-24 | 2012-03-01 | International Business Machines Corporation | Systems and methods to control device endpoint behavior using personae and policies |
US20120108207A1 (en) * | 2010-10-28 | 2012-05-03 | Schell Stephan V | Methods and apparatus for delivering electronic identification components over a wireless network |
US20120159567A1 (en) * | 2010-12-21 | 2012-06-21 | Enterproid Hk Ltd | Contextual role awareness |
US20120157165A1 (en) * | 2010-12-21 | 2012-06-21 | Dongwoo Kim | Mobile terminal and method of controlling a mode switching therein |
US20120167162A1 (en) * | 2009-01-28 | 2012-06-28 | Raleigh Gregory G | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US20120260086A1 (en) * | 2011-04-05 | 2012-10-11 | Haggerty David T | Apparatus and methods for distributing and storing electronic access clients |
US20130007245A1 (en) * | 2011-07-01 | 2013-01-03 | Fiberlink Communications Corporation | Rules based actions for mobile device management |
US20130103816A1 (en) * | 2011-10-24 | 2013-04-25 | Research In Motion Limited | Multiplatform management system and method for mobile devices |
US20130117742A1 (en) * | 2011-08-05 | 2013-05-09 | Vmware, Inc. | Sharing work environment information sources with personal environment applications |
US20130122864A1 (en) * | 2011-05-06 | 2013-05-16 | David T. Haggerty | Methods and apparatus for providing management capabilities for access control clients |
US20130130653A1 (en) * | 2011-11-22 | 2013-05-23 | Vmware, Inc. | User interface for controlling use of a business environment on a mobile device |
US20130145448A1 (en) * | 2011-08-05 | 2013-06-06 | Vmware, Inc. | Lock screens to access work environments on a personal mobile device |
US20130227636A1 (en) * | 2012-02-24 | 2013-08-29 | Appthority, Inc. | Off-device anti-malware protection for mobile devices |
US20130254831A1 (en) * | 2012-03-23 | 2013-09-26 | Lockheed Martin Corporation | Method and apparatus for context aware mobile security |
US20130290426A1 (en) * | 2013-06-06 | 2013-10-31 | Sky Socket, Llc | Social Media and Data Sharing Controls |
US20130297700A1 (en) * | 2012-05-07 | 2013-11-07 | Citrix Systems, Inc. | Enterprise managed systems with collaborative application support |
US20130298201A1 (en) * | 2012-05-05 | 2013-11-07 | Citrix Systems, Inc. | Systems and methods for network filtering in vpn |
US20130305392A1 (en) * | 2012-05-08 | 2013-11-14 | Hagai Bar-El | System, device, and method of secure entry and handling of passwords |
US20130339517A1 (en) * | 2012-06-15 | 2013-12-19 | Symantec Corporation | Techniques for providing dynamic account and device management |
US20130347094A1 (en) * | 2012-06-25 | 2013-12-26 | Appthority, Inc. | In-line filtering of insecure or unwanted mobile device software components or communications |
US20140007222A1 (en) * | 2011-10-11 | 2014-01-02 | Zenprise, Inc. | Secure execution of enterprise applications on mobile devices |
US20140043136A1 (en) * | 2012-08-09 | 2014-02-13 | Herbert Ristock | System and method for communication spread across multiple physical layer channels |
US20140075518A1 (en) * | 2012-09-13 | 2014-03-13 | Alephcloud Systems, Inc. | Operator provisioning of a trustworthy workspace to a subscriber |
US20140096222A1 (en) * | 2012-10-01 | 2014-04-03 | Nxp B.V. | Secure user authentication using a master secure element |
US20140096215A1 (en) * | 2012-09-28 | 2014-04-03 | Christian J. Hessler | Method for mobile security context authentication |
US20140101734A1 (en) * | 2011-06-10 | 2014-04-10 | Securekey Technologies Inc. | Credential authentication methods and systems |
US20140108792A1 (en) * | 2012-10-12 | 2014-04-17 | Citrix Systems, Inc. | Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices |
US20140122720A1 (en) * | 2012-10-31 | 2014-05-01 | Elwha Llc | Methods and systems for managing device data |
US20140129714A1 (en) * | 2012-11-07 | 2014-05-08 | Dell Products L.P. | Application aware network virtualization |
US20140173700A1 (en) * | 2012-12-16 | 2014-06-19 | Aruba Networks, Inc. | System and method for application usage controls through policy enforcement |
US20140181801A1 (en) * | 2012-12-25 | 2014-06-26 | Kaspersky Lab Zao | System and method for deploying preconfigured software |
US20140237621A1 (en) * | 2011-10-07 | 2014-08-21 | Trustonic Limited | Microprocessor system with secured runtime environment |
US20140259178A1 (en) * | 2013-03-06 | 2014-09-11 | Microsoft Corporation | Limiting enterprise applications and settings on devices |
US20140259007A1 (en) * | 2013-03-06 | 2014-09-11 | Microsoft Corporation | Enterprise management for devices |
US20140278640A1 (en) * | 2013-03-15 | 2014-09-18 | Companyons, Inc. | Business workflow management systems and methods |
US20140280817A1 (en) * | 2013-03-13 | 2014-09-18 | Dell Products L.P. | Systems and methods for managing connections in an orchestrated network |
US20140279454A1 (en) * | 2013-03-15 | 2014-09-18 | Verizon Patent And Licensing Inc. | Persona based billing |
US20140297825A1 (en) * | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US20140298403A1 (en) * | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US20140330945A1 (en) * | 2013-05-02 | 2014-11-06 | Sky Socket, Llc | Location-based Configuration Policy Toggling |
US20140330990A1 (en) * | 2013-03-29 | 2014-11-06 | Citrix Systems, Inc. | Application with Multiple Operation Modes |
US20140331297A1 (en) * | 2013-05-03 | 2014-11-06 | Citrix Systems, Inc. | Secured access to resources using a proxy |
US20140344420A1 (en) * | 2013-05-20 | 2014-11-20 | Citrix Systems, Inc. | Proximity and context aware mobile workspaces in enterprise systems |
US20140344922A1 (en) * | 2013-05-17 | 2014-11-20 | Fixmo, Inc. | Multi-profile mobile device interface for same user |
US20150032867A1 (en) * | 2013-07-25 | 2015-01-29 | T-Mobil Usa, Inc. | Device Management Service |
US9225799B1 (en) * | 2013-05-21 | 2015-12-29 | Trend Micro Incorporated | Client-side rendering for virtual mobile infrastructure |
US9258295B1 (en) * | 2012-08-31 | 2016-02-09 | Cisco Technology, Inc. | Secure over-the-air provisioning for handheld and desktop devices and services |
US9300720B1 (en) * | 2013-05-21 | 2016-03-29 | Trend Micro Incorporated | Systems and methods for providing user inputs to remote mobile operating systems |
Family Cites Families (114)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6618668B1 (en) | 2000-04-26 | 2003-09-09 | Arrivalstar, Inc. | System and method for obtaining vehicle schedule information in an advance notification system |
US6278936B1 (en) | 1993-05-18 | 2001-08-21 | Global Research Systems, Inc. | System and method for an advance notification system for monitoring and reporting proximity of a vehicle |
US6748318B1 (en) | 1993-05-18 | 2004-06-08 | Arrivalstar, Inc. | Advanced notification systems and methods utilizing a computer network |
US6226622B1 (en) | 1995-11-27 | 2001-05-01 | Alan James Dabbiere | Methods and devices utilizing a GPS tracking system |
US6023708A (en) | 1997-05-29 | 2000-02-08 | Visto Corporation | System and method for using a global translator to synchronize workspace elements across a network |
US7287271B1 (en) | 1997-04-08 | 2007-10-23 | Visto Corporation | System and method for enabling secure access to services in a computer network |
US20060195595A1 (en) | 2003-12-19 | 2006-08-31 | Mendez Daniel J | System and method for globally and securely accessing unified information in a computer network |
US6131116A (en) | 1996-12-13 | 2000-10-10 | Visto Corporation | System and method for globally accessing computer services |
US6708221B1 (en) | 1996-12-13 | 2004-03-16 | Visto Corporation | System and method for globally and securely accessing unified information in a computer network |
US6085192A (en) | 1997-04-11 | 2000-07-04 | Roampage, Inc. | System and method for securely synchronizing multiple copies of a workspace element in a network |
US6766454B1 (en) | 1997-04-08 | 2004-07-20 | Visto Corporation | System and method for using an authentication applet to identify and authenticate a user in a computer network |
US6327623B2 (en) * | 1997-05-30 | 2001-12-04 | Texas Instruments Incorporated | Computer system with environmental detection |
US6151606A (en) | 1998-01-16 | 2000-11-21 | Visto Corporation | System and method for using a workspace data manager to access, manipulate and synchronize network data |
US20030110084A1 (en) | 1998-03-04 | 2003-06-12 | Martin Forest Eberhard | Secure content distribution system |
US7792297B1 (en) | 1998-03-31 | 2010-09-07 | Piccionelli Greg A | System and process for limiting distribution of information on a communication network based on geographic location |
US6779118B1 (en) | 1998-05-04 | 2004-08-17 | Auriq Systems, Inc. | User specific automatic data redirection system |
US6233341B1 (en) | 1998-05-19 | 2001-05-15 | Visto Corporation | System and method for installing and using a temporary certificate at a remote site |
US6131096A (en) | 1998-10-05 | 2000-10-10 | Visto Corporation | System and method for updating a remote database in a network |
US7373517B1 (en) | 1999-08-19 | 2008-05-13 | Visto Corporation | System and method for encrypting and decrypting files |
KR100348249B1 (en) | 1999-10-08 | 2002-08-09 | 엘지전자 주식회사 | Data architecture of VCT and method for transmit/receiving service information |
US6560772B1 (en) | 1999-10-15 | 2003-05-06 | International Business Machines Corporation | Method, system, and program for accessing data in different environments |
US7363361B2 (en) | 2000-08-18 | 2008-04-22 | Akamai Technologies, Inc. | Secure content delivery system |
WO2001046833A2 (en) | 1999-12-23 | 2001-06-28 | Logistics.Com, Inc. | Bid positioning system |
US7739334B1 (en) | 2000-03-17 | 2010-06-15 | Visto Corporation | System and method for automatically forwarding email and email events via a computer network to a server computer |
EP1287473A2 (en) | 2000-05-22 | 2003-03-05 | Manhattan Associates | System, method and apparatus for integrated supply chain management |
US7225231B2 (en) | 2000-09-20 | 2007-05-29 | Visto Corporation | System and method for transmitting workspace elements across a network |
US7660902B2 (en) | 2000-11-20 | 2010-02-09 | Rsa Security, Inc. | Dynamic file access control and management |
US7702785B2 (en) | 2001-01-31 | 2010-04-20 | International Business Machines Corporation | Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources |
US7603703B2 (en) | 2001-04-12 | 2009-10-13 | International Business Machines Corporation | Method and system for controlled distribution of application code and content data within a computer network |
US7228383B2 (en) | 2001-06-01 | 2007-06-05 | Visto Corporation | System and method for progressive and hierarchical caching |
US7284045B1 (en) | 2001-06-01 | 2007-10-16 | Visto Corporation | Method and system for determining information to access an electronic mail account |
US7444375B2 (en) | 2001-06-19 | 2008-10-28 | Visto Corporation | Interactive voice and text message system |
US7064688B2 (en) | 2001-07-09 | 2006-06-20 | Good Technology, Inc. | System and method for compressing data on a bandwidth-limited network |
US20030009595A1 (en) | 2001-07-09 | 2003-01-09 | Roger Collins | System and method for compressing data using field-based code word generation |
US7539665B2 (en) | 2001-10-23 | 2009-05-26 | Visto Corporation | System and method for merging remote and local data in a single user interface |
JP2005509979A (en) | 2001-11-15 | 2005-04-14 | ヴィスト・コーポレーション | Asynchronous synchronization system and method |
US6741232B1 (en) | 2002-01-23 | 2004-05-25 | Good Technology, Inc. | User interface for a data processing apparatus |
US7092943B2 (en) | 2002-03-01 | 2006-08-15 | Enterasys Networks, Inc. | Location based data |
US8094591B1 (en) | 2002-03-19 | 2012-01-10 | Good Technology, Inc. | Data carrier detector for a packet-switched communication network |
US7788382B1 (en) | 2002-03-26 | 2010-08-31 | Good Technology, Inc. | Server initiated synchronization |
US7447506B1 (en) | 2002-03-29 | 2008-11-04 | Good Technology, Inc. | Apparatus and method for reducing network congestion |
US7310535B1 (en) | 2002-03-29 | 2007-12-18 | Good Technology, Inc. | Apparatus and method for reducing power consumption in a wireless device |
US6726106B1 (en) | 2002-04-02 | 2004-04-27 | Good Technology, Inc. | Power management and device illumination mechanisms for a personal digital assistant |
US7447799B2 (en) | 2002-04-24 | 2008-11-04 | Good Technology, Inc. | System and method for automatically updating a wireless device |
US20030204716A1 (en) | 2002-04-24 | 2003-10-30 | Rockwood Troy Dean | System and methods for digital content distribution |
US6727856B1 (en) | 2002-06-06 | 2004-04-27 | Good Technology, Inc. | Antenna system for a wireless device |
US7032181B1 (en) | 2002-06-18 | 2006-04-18 | Good Technology, Inc. | Optimized user interface for small screen devices |
CA2391717A1 (en) | 2002-06-26 | 2003-12-26 | Ibm Canada Limited-Ibm Canada Limitee | Transferring data and storing metadata across a network |
EP1535159B1 (en) | 2002-08-09 | 2016-03-02 | Good Technology Corporation | System and method for preventing access to data on a compromised remote device |
US7665118B2 (en) | 2002-09-23 | 2010-02-16 | Credant Technologies, Inc. | Server, computer memory, and method to support security policy maintenance and distribution |
US7665125B2 (en) | 2002-09-23 | 2010-02-16 | Heard Robert W | System and method for distribution of security policies for mobile devices |
US20060190984A1 (en) | 2002-09-23 | 2006-08-24 | Credant Technologies, Inc. | Gatekeeper architecture/features to support security policy maintenance and distribution |
US7353533B2 (en) | 2002-12-18 | 2008-04-01 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
ES2409936T3 (en) | 2003-01-31 | 2013-06-28 | Good Technology Corporation | Asynchronous real-time data recovery |
US7203959B2 (en) | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
US6995749B2 (en) | 2003-03-28 | 2006-02-07 | Good Technology, Inc. | Auto font magnification mechanism |
GB0308991D0 (en) | 2003-04-17 | 2003-05-28 | Psion Digital Ltd | A data access replication or communication system comprising a distributed software application |
US7275073B2 (en) | 2003-05-07 | 2007-09-25 | Good Technology, Inc. | System and method for notifying mobile devices based on device type and network capabilities |
US7890091B2 (en) | 2003-05-08 | 2011-02-15 | Good Technology, Inc. | Collaborative data and intelligent synchronization for mobile devices |
US20040224703A1 (en) | 2003-05-09 | 2004-11-11 | Takaki Steven M. | Method and system for enhancing venue participation by venue participants |
US7840631B2 (en) | 2003-05-09 | 2010-11-23 | Good Technology, Inc. | Multimedia control with one-click device selection |
US7184801B2 (en) | 2003-05-12 | 2007-02-27 | Good Technology, Inc. | Mobile application builder |
US7515717B2 (en) | 2003-07-31 | 2009-04-07 | International Business Machines Corporation | Security containers for document components |
US7735122B1 (en) | 2003-08-29 | 2010-06-08 | Novell, Inc. | Credential mapping |
US20050060532A1 (en) * | 2003-09-15 | 2005-03-17 | Motorola, Inc. | Method and apparatus for automated persona switching for electronic mobile devices |
US7603547B2 (en) | 2003-10-10 | 2009-10-13 | Bea Systems, Inc. | Security control module |
WO2005043802A1 (en) | 2003-10-20 | 2005-05-12 | Drm Technologies, Llc | Securing digital content system and method |
US7039394B2 (en) | 2003-11-25 | 2006-05-02 | Good Technology, Inc. | Communication system and method for compressing information sent by a communication device to a target portable communication device |
CA2560271A1 (en) | 2004-03-18 | 2005-09-29 | Francisco Jauffred | Transportation management system and method for shipment planning optimization |
US7475152B2 (en) | 2004-09-20 | 2009-01-06 | International Business Machines Corporation | Approach to provide self-protection function to web content at client side |
US7620001B2 (en) | 2004-10-13 | 2009-11-17 | Good Technology, Inc. | Communication system and method with mobile devices |
US8001082B1 (en) | 2004-10-28 | 2011-08-16 | Good Technology, Inc. | System and method of data security in synchronizing data with a wireless device |
US7970386B2 (en) | 2005-06-03 | 2011-06-28 | Good Technology, Inc. | System and method for monitoring and maintaining a wireless device |
US7590403B1 (en) | 2005-06-07 | 2009-09-15 | Good Technology, Inc. | Wireless device dormancy override |
US20070136492A1 (en) | 2005-12-08 | 2007-06-14 | Good Technology, Inc. | Method and system for compressing/decompressing data for communication with wireless devices |
US8006289B2 (en) | 2005-12-16 | 2011-08-23 | International Business Machines Corporation | Method and system for extending authentication methods |
US8621549B2 (en) | 2005-12-29 | 2013-12-31 | Nextlabs, Inc. | Enforcing control policies in an information management system |
US7702322B1 (en) | 2006-02-27 | 2010-04-20 | Good Technology, Llc | Method and system for distributing and updating software in wireless devices |
US7620392B1 (en) | 2006-02-27 | 2009-11-17 | Good Technology, Inc. | Method and system for distributing and updating software in wireless devices |
US7917641B2 (en) | 2006-03-14 | 2011-03-29 | Tangoe, Inc. | Apparatus and method for provisioning wireless data communication devices |
US8555403B1 (en) * | 2006-03-30 | 2013-10-08 | Emc Corporation | Privileged access to managed content |
JP2009532785A (en) | 2006-03-31 | 2009-09-10 | ヴィスト コーポレーション | System and method for searching different data stores via a remote device |
US8745227B2 (en) | 2006-06-07 | 2014-06-03 | Apple Inc. | Distributed secure content delivery |
US8046823B1 (en) | 2006-10-03 | 2011-10-25 | Stamps.Com Inc. | Secure application bridge server |
US8538028B2 (en) | 2006-11-20 | 2013-09-17 | Toposis Corporation | System and method for secure electronic communication services |
WO2008103608A2 (en) | 2007-02-19 | 2008-08-28 | Ondeego, Inc. | Methods and system to create applications and distribute applications to a remote device |
US8060074B2 (en) | 2007-07-30 | 2011-11-15 | Mobile Iron, Inc. | Virtual instance architecture for mobile device management systems |
CN101965563A (en) | 2007-11-05 | 2011-02-02 | 维斯托公司 | Service management system & associated methodology of providing service related message prioritization in a mobile client |
US9185554B2 (en) | 2008-02-15 | 2015-11-10 | Appcentral, Inc. | System and methods to store, retrieve, manage, augment and monitor applications on appliances |
WO2009129337A1 (en) | 2008-04-15 | 2009-10-22 | Problem Resolution Enterprise, Llc | Method and process for registering a device to verify transactions |
US8910255B2 (en) | 2008-05-27 | 2014-12-09 | Microsoft Corporation | Authentication for distributed secure content management system |
US8763071B2 (en) | 2008-07-24 | 2014-06-24 | Zscaler, Inc. | Systems and methods for mobile application security classification and enforcement |
US8942675B2 (en) | 2008-09-05 | 2015-01-27 | Good Technology Corporation | System, apparatus and associated methodology for enriching contact of a remote client |
US8260320B2 (en) | 2008-11-13 | 2012-09-04 | Apple Inc. | Location specific content |
US8909925B2 (en) | 2008-11-17 | 2014-12-09 | Prakash Baskaran | System to secure electronic content, enforce usage policies and provide configurable functionalities |
US8275415B2 (en) * | 2009-02-13 | 2012-09-25 | At&T Intellectual Property I, Lp | Systems and methods for multi-device wireless SIM management |
US8695058B2 (en) | 2009-05-20 | 2014-04-08 | Mobile Iron, Inc. | Selective management of mobile device data in an enterprise environment |
US20100299152A1 (en) | 2009-05-20 | 2010-11-25 | Mobile Iron, Inc. | Selective Management of Mobile Devices in an Enterprise Environment |
US8898748B2 (en) | 2009-05-21 | 2014-11-25 | Mobile Iron, Inc. | Remote verification for configuration updates |
US20100299362A1 (en) | 2009-05-24 | 2010-11-25 | Roger Frederick Osmond | Method for controlling access to data containers in a computer system |
US8984657B2 (en) | 2009-09-08 | 2015-03-17 | Appcentral, Inc. | System and method for remote management of applications downloaded to a personal portable wireless appliance |
JP5370131B2 (en) | 2009-12-22 | 2013-12-18 | セイコーエプソン株式会社 | Image display apparatus and control method |
US20110202269A1 (en) * | 2010-02-15 | 2011-08-18 | Avaya Inc. | Mobile gaming, hospitality and communications appliance |
EP2537102A4 (en) | 2010-02-15 | 2017-08-23 | Unwired Planet International Limited | Scripting/proxy systems, methods and circuit arrangements |
US9135434B2 (en) | 2010-04-19 | 2015-09-15 | Appcentral, Inc. | System and method for third party creation of applications for mobile appliances |
US9350708B2 (en) | 2010-06-01 | 2016-05-24 | Good Technology Corporation | System and method for providing secured access to services |
US9558476B2 (en) | 2010-07-01 | 2017-01-31 | Good Technology Holdings Limited | Method and device for editing workspace data objects |
US9576068B2 (en) | 2010-10-26 | 2017-02-21 | Good Technology Holdings Limited | Displaying selected portions of data sets on display devices |
US8566923B2 (en) | 2011-02-01 | 2013-10-22 | Rockwell Automation Technologies, Inc. | Enhanced organization and automatic navigation of display screens facilitating automation control |
US20130013727A1 (en) * | 2011-07-05 | 2013-01-10 | Robin Edward Walker | System and method for providing a mobile persona environment |
US8806639B2 (en) * | 2011-09-30 | 2014-08-12 | Avaya Inc. | Contextual virtual machines for application quarantine and assessment method and system |
US8713646B2 (en) | 2011-12-09 | 2014-04-29 | Erich Stuntebeck | Controlling access to resources on a network |
US9361473B2 (en) * | 2012-09-14 | 2016-06-07 | Google Inc. | Correcting access rights of files in electronic communications |
US9166796B2 (en) * | 2013-06-24 | 2015-10-20 | Prince Sattam Bin Abdulaziz University | Secure biometric cloud storage system |
-
2013
- 2013-11-07 US US14/074,110 patent/US10129242B2/en active Active
-
2014
- 2014-03-11 US US14/203,836 patent/US20140195927A1/en not_active Abandoned
-
2016
- 2016-06-02 US US15/171,411 patent/US20160277387A1/en not_active Abandoned
-
2018
- 2018-10-12 US US16/158,880 patent/US11070543B2/en active Active
Patent Citations (80)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5857021A (en) * | 1995-11-07 | 1999-01-05 | Fujitsu Ltd. | Security system for protecting information stored in portable storage media |
US5889845A (en) * | 1995-11-15 | 1999-03-30 | Data Race, Inc. | System and method for providing a remote user with a virtual presence to an office |
US5778060A (en) * | 1996-04-19 | 1998-07-07 | At&T Corp | Work at home ACD agent network with cooperative control |
US5974424A (en) * | 1997-07-11 | 1999-10-26 | International Business Machines Corporation | Parallel file system and method with a metadata node |
US20060288229A1 (en) * | 2000-07-25 | 2006-12-21 | Activcard Ireland Limited | Flexible method of user authentication |
US20020147801A1 (en) * | 2001-01-29 | 2002-10-10 | Gullotta Tony J. | System and method for provisioning resources to users based on policies, roles, organizational information, and attributes |
US20020156904A1 (en) * | 2001-01-29 | 2002-10-24 | Gullotta Tony J. | System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations |
US20030120717A1 (en) * | 2001-12-21 | 2003-06-26 | Callaway Jeri L. | Method for managing personal and work-related matters |
US20060236363A1 (en) * | 2002-09-23 | 2006-10-19 | Credant Technologies, Inc. | Client architecture for portable device with security policies |
US20040123150A1 (en) * | 2002-12-18 | 2004-06-24 | Michael Wright | Protection of data accessible by a mobile device |
US20050033722A1 (en) * | 2003-08-08 | 2005-02-10 | International Business Machines Corporation | Personality switch hard drive shim |
US20050108297A1 (en) * | 2003-11-17 | 2005-05-19 | Microsoft Corporation | Transfer of user profiles using portable storage devices |
US20070198834A1 (en) * | 2003-11-27 | 2007-08-23 | Rached Ksontini | Method For The Authentication Of Applications |
US20080032668A1 (en) * | 2003-12-23 | 2008-02-07 | Cuihtlauac Alvarado | Telecommunication Terminal Comprising Two Execution Spaces |
US20060112416A1 (en) * | 2004-11-08 | 2006-05-25 | Ntt Docomo, Inc. | Device management apparatus, device, and device management method |
US20070089111A1 (en) * | 2004-12-17 | 2007-04-19 | Robinson Scott H | Virtual environment manager |
US20080194296A1 (en) * | 2007-02-14 | 2008-08-14 | Brian Roundtree | System and method for securely managing data stored on mobile devices, such as enterprise mobility data |
US20090125632A1 (en) * | 2007-11-12 | 2009-05-14 | Purpura Robert J | Method and system for controlling client access to a server application |
US20100192212A1 (en) * | 2009-01-28 | 2010-07-29 | Gregory G. Raleigh | Automated device provisioning and activation |
US20120167162A1 (en) * | 2009-01-28 | 2012-06-28 | Raleigh Gregory G | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US20100235881A1 (en) * | 2009-03-11 | 2010-09-16 | Microsoft Corporation | Enabling Sharing of Mobile Communication Device |
US20100330961A1 (en) * | 2009-06-26 | 2010-12-30 | Vmware, Inc. | Providing security in virtualized mobile devices |
US20120054853A1 (en) * | 2010-08-24 | 2012-03-01 | International Business Machines Corporation | Systems and methods to control device endpoint behavior using personae and policies |
US20120108207A1 (en) * | 2010-10-28 | 2012-05-03 | Schell Stephan V | Methods and apparatus for delivering electronic identification components over a wireless network |
US20120159567A1 (en) * | 2010-12-21 | 2012-06-21 | Enterproid Hk Ltd | Contextual role awareness |
US20120157165A1 (en) * | 2010-12-21 | 2012-06-21 | Dongwoo Kim | Mobile terminal and method of controlling a mode switching therein |
US20120260086A1 (en) * | 2011-04-05 | 2012-10-11 | Haggerty David T | Apparatus and methods for distributing and storing electronic access clients |
US20130122864A1 (en) * | 2011-05-06 | 2013-05-16 | David T. Haggerty | Methods and apparatus for providing management capabilities for access control clients |
US20140101734A1 (en) * | 2011-06-10 | 2014-04-10 | Securekey Technologies Inc. | Credential authentication methods and systems |
US20130007245A1 (en) * | 2011-07-01 | 2013-01-03 | Fiberlink Communications Corporation | Rules based actions for mobile device management |
US20130117742A1 (en) * | 2011-08-05 | 2013-05-09 | Vmware, Inc. | Sharing work environment information sources with personal environment applications |
US20130145448A1 (en) * | 2011-08-05 | 2013-06-06 | Vmware, Inc. | Lock screens to access work environments on a personal mobile device |
US20140237621A1 (en) * | 2011-10-07 | 2014-08-21 | Trustonic Limited | Microprocessor system with secured runtime environment |
US8869235B2 (en) * | 2011-10-11 | 2014-10-21 | Citrix Systems, Inc. | Secure mobile browser for protecting enterprise data |
US8886925B2 (en) * | 2011-10-11 | 2014-11-11 | Citrix Systems, Inc. | Protecting enterprise data through policy-based encryption of message attachments |
US9137262B2 (en) * | 2011-10-11 | 2015-09-15 | Citrix Systems, Inc. | Providing secure mobile device access to enterprise resources using application tunnels |
US9183380B2 (en) * | 2011-10-11 | 2015-11-10 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
US9143530B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
US9143529B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Modifying pre-existing mobile applications to implement enterprise security policies |
US9378359B2 (en) * | 2011-10-11 | 2016-06-28 | Citrix Systems, Inc. | Gateway for controlling mobile device access to enterprise resources |
US20140007222A1 (en) * | 2011-10-11 | 2014-01-02 | Zenprise, Inc. | Secure execution of enterprise applications on mobile devices |
US9286471B2 (en) * | 2011-10-11 | 2016-03-15 | Citrix Systems, Inc. | Rules based detection and correction of problems on mobile devices of enterprise users |
US20130103816A1 (en) * | 2011-10-24 | 2013-04-25 | Research In Motion Limited | Multiplatform management system and method for mobile devices |
US20130130653A1 (en) * | 2011-11-22 | 2013-05-23 | Vmware, Inc. | User interface for controlling use of a business environment on a mobile device |
US20130227636A1 (en) * | 2012-02-24 | 2013-08-29 | Appthority, Inc. | Off-device anti-malware protection for mobile devices |
US20130254831A1 (en) * | 2012-03-23 | 2013-09-26 | Lockheed Martin Corporation | Method and apparatus for context aware mobile security |
US20130298201A1 (en) * | 2012-05-05 | 2013-11-07 | Citrix Systems, Inc. | Systems and methods for network filtering in vpn |
US20130297700A1 (en) * | 2012-05-07 | 2013-11-07 | Citrix Systems, Inc. | Enterprise managed systems with collaborative application support |
US9424554B2 (en) * | 2012-05-07 | 2016-08-23 | Citrix Systems, Inc. | Enterprise managed systems with collaborative application support |
US20130305392A1 (en) * | 2012-05-08 | 2013-11-14 | Hagai Bar-El | System, device, and method of secure entry and handling of passwords |
US20130339517A1 (en) * | 2012-06-15 | 2013-12-19 | Symantec Corporation | Techniques for providing dynamic account and device management |
US20130347094A1 (en) * | 2012-06-25 | 2013-12-26 | Appthority, Inc. | In-line filtering of insecure or unwanted mobile device software components or communications |
US20140043136A1 (en) * | 2012-08-09 | 2014-02-13 | Herbert Ristock | System and method for communication spread across multiple physical layer channels |
US9258295B1 (en) * | 2012-08-31 | 2016-02-09 | Cisco Technology, Inc. | Secure over-the-air provisioning for handheld and desktop devices and services |
US20140075518A1 (en) * | 2012-09-13 | 2014-03-13 | Alephcloud Systems, Inc. | Operator provisioning of a trustworthy workspace to a subscriber |
US20140096215A1 (en) * | 2012-09-28 | 2014-04-03 | Christian J. Hessler | Method for mobile security context authentication |
US20140096222A1 (en) * | 2012-10-01 | 2014-04-03 | Nxp B.V. | Secure user authentication using a master secure element |
US20140108792A1 (en) * | 2012-10-12 | 2014-04-17 | Citrix Systems, Inc. | Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices |
US20140122720A1 (en) * | 2012-10-31 | 2014-05-01 | Elwha Llc | Methods and systems for managing device data |
US20140129714A1 (en) * | 2012-11-07 | 2014-05-08 | Dell Products L.P. | Application aware network virtualization |
US20140173700A1 (en) * | 2012-12-16 | 2014-06-19 | Aruba Networks, Inc. | System and method for application usage controls through policy enforcement |
US20140181801A1 (en) * | 2012-12-25 | 2014-06-26 | Kaspersky Lab Zao | System and method for deploying preconfigured software |
US20140259007A1 (en) * | 2013-03-06 | 2014-09-11 | Microsoft Corporation | Enterprise management for devices |
US20140259178A1 (en) * | 2013-03-06 | 2014-09-11 | Microsoft Corporation | Limiting enterprise applications and settings on devices |
US20140280817A1 (en) * | 2013-03-13 | 2014-09-18 | Dell Products L.P. | Systems and methods for managing connections in an orchestrated network |
US20140278640A1 (en) * | 2013-03-15 | 2014-09-18 | Companyons, Inc. | Business workflow management systems and methods |
US20140279454A1 (en) * | 2013-03-15 | 2014-09-18 | Verizon Patent And Licensing Inc. | Persona based billing |
US20140297825A1 (en) * | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US20140330990A1 (en) * | 2013-03-29 | 2014-11-06 | Citrix Systems, Inc. | Application with Multiple Operation Modes |
US20140298402A1 (en) * | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Data Management for an Application with Multiple Operation Modes |
US20140298403A1 (en) * | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US20140330944A1 (en) * | 2013-05-02 | 2014-11-06 | Sky Socket, Llc | Time-based Configuration Policy Toggling |
US20140330945A1 (en) * | 2013-05-02 | 2014-11-06 | Sky Socket, Llc | Location-based Configuration Policy Toggling |
US20140331297A1 (en) * | 2013-05-03 | 2014-11-06 | Citrix Systems, Inc. | Secured access to resources using a proxy |
US20140344922A1 (en) * | 2013-05-17 | 2014-11-20 | Fixmo, Inc. | Multi-profile mobile device interface for same user |
US20140344420A1 (en) * | 2013-05-20 | 2014-11-20 | Citrix Systems, Inc. | Proximity and context aware mobile workspaces in enterprise systems |
US9225799B1 (en) * | 2013-05-21 | 2015-12-29 | Trend Micro Incorporated | Client-side rendering for virtual mobile infrastructure |
US9300720B1 (en) * | 2013-05-21 | 2016-03-29 | Trend Micro Incorporated | Systems and methods for providing user inputs to remote mobile operating systems |
US20130290426A1 (en) * | 2013-06-06 | 2013-10-31 | Sky Socket, Llc | Social Media and Data Sharing Controls |
US20150032867A1 (en) * | 2013-07-25 | 2015-01-29 | T-Mobil Usa, Inc. | Device Management Service |
Non-Patent Citations (1)
Title |
---|
"AirWatch," 07/23/2012, https://web.archive.org/web/20120609111821/http://www.air-watch.com:80/solutions * |
Cited By (73)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150046839A1 (en) * | 2013-08-09 | 2015-02-12 | Canon Kabushiki Kaisha | Information processing apparatus, information processing method and computer-readable medium |
US9218508B2 (en) * | 2013-09-06 | 2015-12-22 | Getac Technology Corporation | Electronic device and protection method thereof |
US20150074834A1 (en) * | 2013-09-06 | 2015-03-12 | Getac Technology Corporation | Electronic device and protection method thereof |
US9881480B2 (en) * | 2013-12-20 | 2018-01-30 | International Business Machines Corporation | Mobile device loss prevention |
US20150179046A1 (en) * | 2013-12-20 | 2015-06-25 | International Business Machines Corporation | Mobile device loss prevention |
US9881481B2 (en) * | 2013-12-20 | 2018-01-30 | International Business Machines Corporation | Mobile device loss prevention |
US20150179045A1 (en) * | 2013-12-20 | 2015-06-25 | International Business Machines Corporation | Mobile device loss prevention |
US10282970B2 (en) * | 2013-12-20 | 2019-05-07 | International Business Machines Corporation | Mobile device loss prevention |
US10276027B2 (en) * | 2013-12-20 | 2019-04-30 | International Business Machines Corporation | Mobile device loss prevention |
US20160330611A1 (en) * | 2014-01-09 | 2016-11-10 | Huawei Technologies Co., Ltd. | Methods for sending and receiving user data and terminal devices |
US9600465B2 (en) | 2014-01-10 | 2017-03-21 | Qualcomm Incorporated | Methods and apparatuses for quantifying the holistic value of an existing network of devices by measuring the complexity of a generated grammar |
US11687661B2 (en) | 2014-06-03 | 2023-06-27 | Amazon Technologies, Inc. | Compartments |
US10089476B1 (en) * | 2014-06-03 | 2018-10-02 | Amazon Technologies, Inc. | Compartments |
US10516667B1 (en) | 2014-06-03 | 2019-12-24 | Amazon Technologies, Inc. | Hidden compartments |
US10977377B2 (en) | 2014-06-03 | 2021-04-13 | Amazon Technologies, Inc. | Parent and child account compartments |
US9354841B2 (en) * | 2014-08-13 | 2016-05-31 | Smart Technologies Ulc | Wirelessly communicating configuration data for interactive display devices |
US10235121B2 (en) * | 2014-08-13 | 2019-03-19 | Smart Technologies Ulc | Wirelessly communicating configuration data for interactive display devices |
US20160239251A1 (en) * | 2014-08-13 | 2016-08-18 | Smart Technologies Ulc | Wirelessly communicating configuration data for interactive display devices |
EP3182682A4 (en) * | 2014-11-21 | 2018-03-07 | Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. | Processing method and processing device for communication information about terminal and terminal |
DE102014018891A1 (en) * | 2014-12-17 | 2016-06-23 | Giesecke & Devrient Gmbh | Methods and apparatus for managing subscriptions on a security element |
US20170118797A1 (en) * | 2015-01-15 | 2017-04-27 | Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. | Dual System-Based Communication Method and Terminal |
CN105847524A (en) * | 2015-01-15 | 2016-08-10 | 宇龙计算机通信科技(深圳)有限公司 | Dual-system-based communication method and terminal |
US10037374B2 (en) | 2015-01-30 | 2018-07-31 | Qualcomm Incorporated | Measuring semantic and syntactic similarity between grammars according to distance metrics for clustered data |
US20240086135A1 (en) * | 2015-02-02 | 2024-03-14 | Samsung Electronics Co., Ltd. | Multi-display based device |
US10805409B1 (en) | 2015-02-10 | 2020-10-13 | Open Invention Network Llc | Location based notifications |
US11245771B1 (en) | 2015-02-10 | 2022-02-08 | Open Invention Network Llc | Location based notifications |
US10558472B1 (en) * | 2015-02-10 | 2020-02-11 | Open Invention Network Llc | Security-based message management |
EP3073773A3 (en) * | 2015-03-23 | 2017-01-11 | STMicroelectronics Srl | Methods for performing a remote management of a multi-subscription sim module, and corresponding sim module and computer program product |
US9536072B2 (en) * | 2015-04-09 | 2017-01-03 | Qualcomm Incorporated | Machine-learning behavioral analysis to detect device theft and unauthorized device usage |
WO2017042733A3 (en) * | 2015-09-09 | 2017-07-06 | Cell Buddy Network Ltd. | Alias communication |
US10586300B2 (en) | 2015-11-10 | 2020-03-10 | Gt Gettaxi Limited | Graphical user interface (GUI) for implementing controls for geographic conveyance |
RU2671249C2 (en) * | 2015-11-10 | 2018-10-30 | ДжиТи ГЕТТАКСИ ЛИМИТЕД | Graphic user interface for implementation of control elements for geographical transportation |
US11521289B2 (en) | 2015-11-10 | 2022-12-06 | Gt Gettaxi Systems Ltd | Graphical user interface (GUI) for implementing controls for geographic conveyance |
US10140438B2 (en) * | 2015-12-16 | 2018-11-27 | International Business Machines Corporation | Hidden separation and access to data on a device |
US20170177844A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Hidden separation and access to data on a device |
US10366243B2 (en) * | 2016-02-04 | 2019-07-30 | Airwatch, Llc | Preventing restricted content from being presented to unauthorized individuals |
US9980165B2 (en) * | 2016-02-10 | 2018-05-22 | Airwatch Llc | Visual privacy systems for enterprise mobility management |
US11019517B2 (en) | 2016-02-10 | 2021-05-25 | Airwatch, Llc | Visual privacy systems for enterprise mobility management |
US10455440B2 (en) | 2016-02-10 | 2019-10-22 | Airwatch, Llc | Visual privacy systems for enterprise mobility management |
US11153771B2 (en) | 2016-02-10 | 2021-10-19 | Airwatch, Llc | Visual privacy systems for enterprise mobility management |
US10638345B2 (en) | 2016-02-10 | 2020-04-28 | Vmware, Inc. | Visual privacy systems for enterprise mobility management |
US20170278206A1 (en) * | 2016-03-24 | 2017-09-28 | Adobe Systems Incorporated | Digital Rights Management and Updates |
US11075900B2 (en) | 2016-03-30 | 2021-07-27 | Airwatch Llc | Associating user accounts with enterprise workspaces |
US20170288959A1 (en) * | 2016-03-30 | 2017-10-05 | Airwatch Llc | Configuring enterprise workspaces |
US10637723B2 (en) * | 2016-03-30 | 2020-04-28 | Airwatch Llc | Configuring enterprise workspaces |
US10382612B2 (en) * | 2016-03-31 | 2019-08-13 | Nec Corporation | Business support system, business support method, information processing apparatus, communication device, and control methods and control programs of information processing apparatus and communication device |
US20170329979A1 (en) * | 2016-05-10 | 2017-11-16 | International Business Machines Corporation | Protecting enterprise data at each system layer |
US10885206B2 (en) * | 2016-05-10 | 2021-01-05 | International Business Machines Corporation | Protecting enterprise data at each system layer |
US11468488B2 (en) * | 2016-07-08 | 2022-10-11 | Ubii Llc | Virtual, location-based connection tool for service providers and users |
US10025548B2 (en) | 2016-08-09 | 2018-07-17 | International Business Machines Corporation | Automated display configuration |
US10255016B2 (en) | 2016-08-09 | 2019-04-09 | International Business Machines Corporation | Automated display configuration |
US11005852B2 (en) * | 2016-10-25 | 2021-05-11 | Michael Ratiner | System and method for securing electronic devices |
US11012535B2 (en) | 2016-11-22 | 2021-05-18 | Airwatch Llc | Management service migration using web applications |
US10873511B2 (en) * | 2016-11-22 | 2020-12-22 | Airwatch Llc | Management service migration for managed devices |
US11336537B2 (en) | 2016-11-22 | 2022-05-17 | Airwatch Llc | Management service migration for managed devices |
US11336736B2 (en) | 2016-11-22 | 2022-05-17 | Airwatch Llc | Management service migration using managed devices |
US10924557B2 (en) | 2016-11-22 | 2021-02-16 | Airwatch Llc | Management service migration using managed devices |
US20200050469A1 (en) * | 2017-02-21 | 2020-02-13 | Privacy Software Solutions Ltd. | A method and system for creating multi mobilephone environments and numbers on a single handset with single sim-card |
US20200220945A1 (en) * | 2017-09-18 | 2020-07-09 | Privacy Software Solutions Ltd. | A method for creating a pre-defined virtual mobilephone profile environment |
US20190089595A1 (en) * | 2017-09-18 | 2019-03-21 | Cyber 2.0 (2015) LTD | Automatic security configuration |
US10652249B2 (en) | 2017-10-31 | 2020-05-12 | Microsoft Technology Licensing, Llc | Remote locking a multi-user device to a set of users |
WO2019089247A1 (en) * | 2017-10-31 | 2019-05-09 | Microsoft Technology Licensing, Llc | Remote locking a multi-user device to a set of users |
US10972468B2 (en) * | 2017-11-21 | 2021-04-06 | Vmware, Inc. | Adaptive device enrollment |
US10986078B2 (en) | 2017-11-21 | 2021-04-20 | Vmware, Inc. | Adaptive device enrollment |
US20190158500A1 (en) * | 2017-11-21 | 2019-05-23 | Vmware, Inc. | Adaptive device enrollment |
US11595395B2 (en) | 2017-11-21 | 2023-02-28 | Vmware, Inc. | Adaptive device enrollment |
US10798103B2 (en) | 2017-11-21 | 2020-10-06 | VWware, Inc. | Adaptive device enrollment |
US10749870B2 (en) | 2017-11-21 | 2020-08-18 | Vmware, Inc. | Adaptive device enrollment |
US10931716B2 (en) * | 2018-02-09 | 2021-02-23 | Vmware, Inc. | Policy strength of managed devices |
US20190253455A1 (en) * | 2018-02-09 | 2019-08-15 | Vmware, Inc. | Policy strength of managed devices |
US20210344664A1 (en) * | 2020-04-29 | 2021-11-04 | Motorola Mobility Llc | Methods, Systems, and Electronic Devices for Selective Locational Preclusion of Access to Content |
EP4013087A1 (en) * | 2020-12-14 | 2022-06-15 | Sandvine Corporation | System and method for 5g mobile network management |
US11871263B2 (en) | 2020-12-14 | 2024-01-09 | Sandvine Corporation | System and method for 5G mobile network management |
Also Published As
Publication number | Publication date |
---|---|
US10129242B2 (en) | 2018-11-13 |
US20160277387A1 (en) | 2016-09-22 |
US20190044938A1 (en) | 2019-02-07 |
US20150082371A1 (en) | 2015-03-19 |
US11070543B2 (en) | 2021-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11070543B2 (en) | Multi-persona management and devices | |
US10326637B2 (en) | Functionality management via application modification | |
US11204993B2 (en) | Location-based configuration profile toggling | |
US9167104B2 (en) | Telecommunications data usage management | |
US20180357440A1 (en) | Personalized Meetings | |
US9585016B2 (en) | Data communications management | |
US8914013B2 (en) | Device management macros | |
EP3374858B1 (en) | Creating and modifying applications from a mobile device | |
US20190325193A1 (en) | Methods and systems for accessing computing systems with biometric identification | |
AU2014259659A1 (en) | Time-based configuration policy toggling | |
KR20200008498A (en) | Method and device for handling access of applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SKYSOCKET, LLC, GEORGIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BRANNON, JONATHAN BLAKE;DEWEESE, WILLIAM;STUNTEBECK, ERICH;REEL/FRAME:032402/0651 Effective date: 20131107 |
|
AS | Assignment |
Owner name: AIRWATCH LLC, GEORGIA Free format text: MERGER;ASSIGNOR:SKY SOCKET, LLC;REEL/FRAME:033369/0291 Effective date: 20140623 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCV | Information on status: appeal procedure |
Free format text: NOTICE OF APPEAL FILED |
|
STCV | Information on status: appeal procedure |
Free format text: APPEAL BRIEF (OR SUPPLEMENTAL BRIEF) ENTERED AND FORWARDED TO EXAMINER |
|
STCV | Information on status: appeal procedure |
Free format text: EXAMINER'S ANSWER TO APPEAL BRIEF MAILED |
|
STCV | Information on status: appeal procedure |
Free format text: APPEAL READY FOR REVIEW |
|
STCV | Information on status: appeal procedure |
Free format text: ON APPEAL -- AWAITING DECISION BY THE BOARD OF APPEALS |
|
STCV | Information on status: appeal procedure |
Free format text: BOARD OF APPEALS DECISION RENDERED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |