Abstract: A client-server system and method is provided for secure management of mobile user access to network resources from a wireless mobile device, such as a smart phone. A mobile access control layer resides between a wireless service provider network and host network, allowing for management of mobile access without overriding internal access policies. Access rules determining accessible resources and permitted operations are determined based on a user's group memberships, and optionally on other information received from the system, or from the mobile device, e.g. time or location. Each group is associated with a set of permitted accessible resources and operations, e.g. read or write access to a resource such as a file, list, shared calendar, et al. A list of accessible resources and permitted operations is generated, and the list is made available for subsequent processes, e.g. presented to the user for selection of an accessible resource and permitted operation.

Abstract: A client-server system and method is provided for secure management of mobile user access to network resources from a wireless mobile device, such as a smart phone. A mobile access control layer resides between a wireless service provider network and host network, allowing for management of mobile access without overriding internal access policies. Access rules determining accessible resources and permitted operations are determined based on a user's group memberships, and optionally on other information received from the system, or from the mobile device, e.g. time or location. Each group is associated with a set of permitted accessible resources and operations, e.g. read or write access to a resource such as a file, list, shared calendar, et al. A list of accessible resources and permitted operations is generated, and the list is made available for subsequent processes, e.g. presented to the user for selection of an accessible resource and permitted operation.

Abstract: A system and method are provided for managing mobile user access to enterprise network resources from a wireless mobile device, such as a smart phone or mobile computer, with improved security and access control. Access rules determining accessible resources and associated permitted operations are determined based on membership of an authenticated user to each of one or more groups, each group being associated with a set of permitted accessible resources and operations. For each user, based on membership of a group, or a Boolean evaluation of memberships of two or more groups, a list of accessible resources and permitted operations is generated, and the list is made available for subsequent processes, e.g. presentation to the user on an interface of the mobile device. Access rules may also be defined dependent on other information received from the system, or from the mobile device, such as time or location.